I will look through the logs tonight, but please do not run any scans or any changes on your own. This only makes it more difficult for me to keep track of what is happening.
Also, I believe it is illegal to share product keys...but anyway, please be careful in the future about what you download.
I wasn't aware it was illegal to share keys if you bought the program; my Windows representative told me that if the program was bought, you could use it on more than one computer, you could even burn copies if you wish.
Good news. I have been able to remove Avira, which was hidden in my system.
The WinLogon errors have disappeared in the User Accounts, although a new one has appeared when I first log on, stating that the domain could not be found.
In Mozilla and Internet Explorer my log in seesions expire immediately, so my cookies have been changed but I have been unable to locate the cause. Winpatrol is accepting cookies, Mozilla accepts them, IE accepts them, Zone Patrol appears to be accepting them, any ideas?
I will let you know if any more errors are appeared/solved.
Good news. I have been able to remove Avira, which was hidden in my system.
I looked in Administrative tools to look at the currently running processes and I noticed that Avira had 4 entries which were disabled. Is it still on my computer?
The WinLogon domain error has disappeared.
Both IE and Mozilla log me out of my accounts on ANY website as soon as I load another page. The pages include Ebay, Windows Live, Icrontic, etc. I have java enabled in both browsers, and cookies are being accepted. I am confused and tired of having to log back into the same website a hundred times. If you have any ideas, I will really appreciate it.
I haven't done anything to the system since your last post.
My internet sessions requiring log ins are continuing to expire within a second. If I use an application like Driver Max it logs out as well.
Many of my programs are crashing randomly and I have debugged a few, which keeps them running. The system seems a lot slower at times, as if something is using a lot of memory. Yet when I check Task Manager theres nothing there.
WinPatrol doesn't have anything starting up that I don't recognise. Oh, and I can't run Panda or Kaspersky in my browsers. They just don't load the page. You told me not to run any scans, but I was just checking to see if they could run. Maybe linked to my internet session problem?
If anything more pops up, I will let you know.
ADDING at 9:27PM:
My Windows Live Messenger had settings changed. I noticed that when two windows poped up with a picture of a girl asking me to talk to her. When I clicked to close the box I was taken to mozilla and a webpage attempted to load. Fortunately, WOT warned me it was dangerous and told me I shouldn't enter. I went into Windows Live and found the setting that had been changed- the box that said "Only let people who are on my list see my status and send me messages" was unticked. I ticked it. I hope that solves that problem.
The website:
http://js.peepfinder.com/go (there was a huge string of random characters after this)
But now I am worried. I use Ebay atm for business. I fear I am no longer safe to go Ebay. Correct? It seems many of my settings have been changed and some of my programs hijacked. I will change my Ebay password and avoid it for the time being.
ADDING at 9:57PM:
In my local settings temp folder I was looking for the folders where the online virus scanners downloaded ther files. And I found a folder called MessengerCache. Now as I had just had my settings hijacked I decided to open toe folder. And inside were 9 files, all named with a string of random characters.
For example,
X9VF09yOMgWzhCoDfQnpN4GEQ48=
I have deleted the folder, but left it in the recycle bin until you reply. Which brings me to a question. If I remove viruses and the like and they are in the Recycle Bin, can they do any damage to my system? Can they escape?
Oh, and I found a file called:
etilqs_CvCtSpjoa7hdo4EzslMb (this was in C:\Documents and Settings\Liam\Local Settings\temp)
I attempted to delete it but it came up with an error and told me the file couldn't be found. It then disappeared and didn't appear in the Recycle Bin. Maybe AVG removed it?
The WinLogon errors have disappeared in the User Accounts, although a new one has appeared when I first log on, stating that the domain could not be found.
Could you post the whole error message if it returns. It will help identy the problem.
In Mozilla and Internet Explorer my log in seesions expire immediately, so my cookies have been changed but I have been unable to locate the cause. Winpatrol is accepting cookies, Mozilla accepts them, IE accepts them, Zone Patrol appears to be accepting them, any ideas?
Open Firefox. Click Tools > Options > Privacy tab. Make sure "Always clear my private data when I close Firefox" is unchecked. See if this helps.
I'm not sure about IE on this.
I looked in Administrative tools to look at the currently running processes and I noticed that Avira had 4 entries which were disabled. Is it still on my computer?
Avira is a free Anti-Virus program; this is what is or was on your computer, so it is nothing dangerous. How did you actually remove Avira? Avira was not on your computer when you started this thread.
Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore Temp Cleanup Process Modules
Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
The error message has disappeared, so as far as I can see the problem has been fixed. I didn't do anything so I am unsure why that is.
The Firefox box was already unchecked. The log in problem is gone, but now the internet seems slower (even though I hae a full connection) and many pages won't load. They just finsih with a blank page or come up with 2 things:
1. It sometimes says: blank page 1
blank page 2
blank page 3
2. It sometimes comes up with some text about javascript
This occurs in both IE and Mozilla.
Like I said earlier, Avira just appeared on my computer. I removed it by deleting the Program Folder, removing registry entries and removing it from System Administrative tools. Online scanners no longer detect it on my computer.
The link you gave for Deckard's System Scanner comes up as can't be found. AVG takes me to a page saying that the link can not be found. Is it possible the link is dead or that my browsers are screwing around?
info.txt logfile of random's system information tool 1.04 2008-10-05 08:13:52
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eAcoustics Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EC4EE3-ED7D-4DCD-86DC-29ACF0B122E9}\setup.exe" -l0x9 -removeonly
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer LANScope Agent-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4771B74C-003B-4E7B-A4A0-ABB7CA342C70}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Digital Locker Assistant-->MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
DriverMax 4-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Intel(R) Active Management Technology LMS Service and SOL Driver-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011F-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NETGEAR WG311v3 PCI Adapter-->C:\Program Files\InstallShield Installation Information\{70014586-7BBA-4A92-A610-CDC896C48F8F}\setup.exe -runfromtemp -l0x0409
Nitro PDF Professional-->MsiExec.exe /I{7AA9AC5F-E6E2-4310-9DE5-8282748C0A90}
NTI Backup NOW! 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B06B842F-2450-494F-BBDE-217CDC151A37}\setup.exe" -l0x9 -uninst -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Sandboxie 3.30-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Battle for Middle-earth (tm) II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
Trojan Remover 6.7.2-->"C:\Program Files\Trojan Remover\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WOT for Internet Explorer-->MsiExec.exe /X{5AC2D321-11E2-47E7-A1CA-61A34C2057AB}
Xiph QuickTime Components-->"C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
AV: AVG Internet Security
FW: ZoneAlarm Pro Firewall (disabled)
FW: COMODO Firewall Pro
FW: AVG Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Windows Resource Kits\Tools;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
EOF
2 things.
1. The Hosts file appears to be small in this log but when I checked it was very long. Why is it short in this log?
2. It says I have Comodo Firewall enabled. But I uninstalled that product months ago. And I can't find it when I search. I also uninstalled Zone Alarm Pro as I have bought the new AVG 8 Internet Security. Yet it shows Zone Alarm as disabled. Does that mean it is still somewhere on my machine as well?
Logfile of random's system information tool 1.04 (written by random/random)
Run by Liam at 2008-10-05 08:13:36
Microsoft Windows XP Professional Service Pack 3, v.3311
System drive C: has 130 GB (85%) free of 152 GB
Total RAM: 2022 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:50, on 5/10/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
This morning after I did some stuff I came back to my computer and checked my emails. All of a sudden AVG 8 came up with threat alerts, showing most of the files ComboFix had quarantined. AVG claimed they were detected on open.
Yet if they were in quarantine, I thought they couldn't open? I had AVG remove the threats and then I deleted the Qoobox file.
ADDING at 1:39PM:
My internet cookies seem to be fine now. Whatever was screwing up my browsers appears to have stopped for some reason. My computer is still running slowly and programs continue to stop responding at times.
I ran HiJackThis and noticed in the Backups that Search Settings had been backed up. Should they be removed or should I just leave them?
Also my computer at this time rebooted suddenly with no error report generated.
I was looking in my harddrives and discovered this:
C:\Documents and Settings
It contained a folder called All U1sers, and contained an AVG 8 log and a Spybot: S & D folder.
Then I went to:
C:\Documents and Settings\All Users
It contained folders called: A1pplication Data, Ap1plication Data, Appl1ication Data, Applic1ation Data, Application D1ata, Applicati1on Data and Application1 Data. The folder called A1pplication Data contained Spybot: S & D and a Stopzilla folder. I don't have stopzilla so where did it come from?
I have left the folders as they are. All of them contain a Spybot: S & D Folder, a few contain Avocent Admin Works as well and 1 contain Stopzilla. The folder Application Data doesn't appear to exist.
1. The Hosts file appears to be small in this log but when I checked it was very long. Why is it short in this log?
2. It says I have Comodo Firewall enabled. But I uninstalled that product months ago. And I can't find it when I search. I also uninstalled Zone Alarm Pro as I have bought the new AVG 8 Internet Security. Yet it shows Zone Alarm as disabled. Does that mean it is still somewhere on my machine as well?
Do not worry about those; it is fine.
RSIT also shows some leftover drivers, services and files from Avira. I suggest doing this...
1. Download Avira <-- This is the Avira Premium Security Suite which was on your computer.
2. Disconnect from the Internet
3. Disable AVG Anti-Virus
4. Install Avira and then properly uninstall it from Add/Remove programs.
5. Enable AVG Anti-Virus
6. Reconnect back to the Internet
I had AVG remove the threats and then I deleted the Qoobox file.
If this happens again, please tell me the exact message from AVG.
My internet cookies seem to be fine now. Whatever was screwing up my browsers appears to have stopped for some reason. My computer is still running slowly and programs continue to stop responding at times.
Good to hear about the Cookies. The "running slowly" should hopefully sort itself out soon.
I was looking in my harddrives and discovered this:
C:\Documents and Settings
It contained a folder called All U1sers, and contained an AVG 8 log and a Spybot: S & D folder.
Then I went to:
C:\Documents and Settings\All Users
It contained folders called: A1pplication Data, Ap1plication Data, Appl1ication Data, Applic1ation Data, Application D1ata, Applicati1on Data and Application1 Data. The folder called A1pplication Data contained Spybot: S & D and a Stopzilla folder. I don't have stopzilla so where did it come from?
The "All Users" and "Application Data" folders are fine. Are you talking about folders have the "1" within the name? Please do the following...
1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ...(Unless you set these with a anti-spyware program like SpyBot's Immunize feature, or a System Administrator set them, have HiJackThis fix this.)
- Close ALL open windows(especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
2. Please post a new HiJackThis log. We may need to run ComboFix again soon, but not yet.
I followed your steps for Avira and I think it may have been successful.
I checked the history of the Resident Shield Detection in AVG, and this is what it said:
All of the quarantined files by ComboFix except for 1 were called Trojan horse Generic11.ANKS, the file called jkkLFvUK.dll was called a Trojan horse Generic11.AMUK. These files were detected because they attempted to access my open Mozilla Firefox. So, if they were quarantined by ComboFix, how is that they are able to suddenly try to hijack my internet browser? Also, I deleted the Qoobox folder, should I delete it permanently as the threats appear to be escaping?
I hope the computer begins to run fast again; it is still running slower than usual.
Yeah I was talking about the folders with the '1' in the name, as I have never seen them before.
I fixed the 2 HiJackThis entries.
The new log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:33, on 6/10/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
I have noticed in the HiJackThis log and in task manager a process called PSI. I googled it and found it was some licensing company. Any ideas where I might have gotten it from?
I also noticed a thing called Matrox Graphics. I have never heard of this driver nor recall ever seeing it installed on my computer. Is that a default driver?
Hey. I am adding this post because my computer was restarted again. The reason I believe this time that it is malware/something nasty is because Mozilla Firefox when I opened it displayed a message telling me 27 addons had just been installed- all my addons had been uninstalled and then reinstalled!!!! All of them. What's more, I ran a scan with AVG and it detected a Trojan called WIN32/HLLP.De Troie (This trojan was detected in 8 different files in my recycle bin) So I emptied the recycle bin, leaving only the Qoobox folder left. Should I delete that too? I also ran Exterminate This, just to see if it picked up anything. It detected a Trojan called Bitfrost in my registry. The path was: HKEY_CURRENT_USER > Software > wget (a program I have never heard of and removed) Apparently Bitfrost is a Backdoor Trojan; I take it this infection I have is allowing other nasty infections to come. I look forward to your response as I want to remove this infection as quickly as possible before it does anymore damage to my computer.
I also ran Trojan Remover just to see if anything came up. I won't actually remove/delete anything until you tell me to. Trojan remover detected a process called:
C:\WINDOWS\windows32.exe
which is loaded by:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{DDE9D8F8-7939-0C02-2F56-385F01DC566F}
I couldn't find any information on Google about this process, is it safe?
It didn't find anything malicious.
ADDING at 2:53PM:
AVG ran a scheduled scan. It detected this WIN32/HLLP.De Troie virus again, this time 4 of them in the System Restore. So, once again, the System Restore is infected, But this WIN32 appears to be infecting my files slowly. Any way we can halt the spread?
You haven't replied yet but I thought you might like to know a few things.
1/ AVG is still detecting this WIN32/HLLP.De Troie virus; it was found it in the System Restore Information again.
2/ My programs are continuing to freeze/crash/not respond or randomly quit.
3/ My system continues to at times run slowly.
4/ My internet seems to take longer to load pages (with/without a firewall on), and certain addons in Mozilla continue to be reinstalled for no reason.
UPDATE at 8:03PM:
The system restore information is again infected with the same virus. Any way we can stop these constant reinfections?
UPDATE at 8:49PM:
Something I have noticed is that AVG is freezing occasionally, especially if i click on the Firewall component. Also, when i shut down my computer, I sometimes get the following error:
The application dwinn.exe failed to start. The application failed to initialise because the windows station is shutting down. Any ideas why Dr Watson isn't functioning properly?
Also, I noticed this morning when I opened up Driver Max that it quit without any warning after about 2 minutes, and kept on doing that everytime I opened it. Windows Live Messenger also kept freezing, and its window box kept on going blank.
Sorry for the delay; been hugely busy at University.
All of the quarantined files by ComboFix except for 1 were called Trojan horse Generic11.ANKS, the file called jkkLFvUK.dll was called a Trojan horse Generic11.AMUK. These files were detected because they attempted to access my open Mozilla Firefox. So, if they were quarantined by ComboFix, how is that they are able to suddenly try to hijack my internet browser? Also, I deleted the Qoobox folder, should I delete it permanently as the threats appear to be escaping?
That is strange! I've never heard that happening before, but luckly AVG stopped it happening so it should OK. My guess would have been that AVG detected the "quarantined" files, which in that case if normal.
I have noticed in the HiJackThis log and in task manager a process called PSI. I googled it and found it was some licensing company. Any ideas where I might have gotten it from?
I don't, no. I can say it has been present since the first HijackThis log and it is not dangerous.
I also noticed a thing called Matrox Graphics. I have never heard of this driver nor recall ever seeing it installed on my computer. Is that a default driver?
Matrox produce computer products, including Graphic cards. However, where did you notice this? It would seem you have a driver from them. Please do the following...
Copy and paste the following file path into the Search Box in the middle of the page:
C:\WINDOWS\windows32.exe
Now click on the Send File button
NOTE:
If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
[*]Save a copy of the Anti-Virus results only. Post the results in your next reply.
2. If you have ComboFix, delete it. Download a new copy and follow the instructions to install the correct Recovery Console. Post the ComboFix log back here, along with the VirusTotal results.
The application dwinn.exe failed to start. The application failed to initialise because the windows station is shutting down. Any ideas why Dr Watson isn't functioning properly?
can you do a search for dwinn.exe and tell me where it is located.
Sorry for the delay; been hugely busy at University.
That's no problem.
Matrox produce computer products, including Graphic cards. However, where did you notice this? It would seem you have a driver from them. I noticed it in the Program Files folder and just wondered if it was dangerous as I had never really noticed it before. But if it is a Graphics company then all is well.
Copy and paste the following file path into the Search Box in the middle of the page:
C:\WINDOWS\windows32.exe
Now click on the Send File button
NOTE:
If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
Save a copy of the Anti-Virus results only. Post the results in your next reply.
Unable to find the file. I ran a search, and nothing turned up. I also went into Windows Explorer and type the address in bar. Still no luck. Finally, I went into the Windows folder but was unable to find the file.
2. If you have ComboFix, delete it. Download a new copy and follow the instructions to install the correct Recovery Console. Post the ComboFix log back here, along with the VirusTotal results.
I've just deleted my old Combo Fix and am about to download the another one. Why do I need to delete my old one? Is it possible it can get infected?
Can you do a search for dwinn.exe and tell me where it is located.
I downloaded Combo Fix again, from a previous link you gave me in an earlier post. I also downloaded the Windows SP2 package to drag into ComboFix. The Recovery Console was successfully installed. The log:
ComboFix 08-10-07.03 - Liam 2008-10-08 7:25:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1444 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\IE4 Error Log.txt
BITS: Possible infected sites
hxxp://wzporn.com
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=DW6AOE /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=DW6AOE-BAK
Unable to find the file. I ran a search, and nothing turned up. I also went into Windows Explorer and type the address in bar. Still no luck. Finally, I went into the Windows folder but was unable to find the file.
I need you to copy and paste the file path, just like the instructions said to.
Also, scan the following files and post the results back here:
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Yeah, I followed your instructions before but the file doesn't appear to exist. I can't find it anywhere. I did, however, find and scan the other 2 files you wanted me to scan.
choice.exe came up clear with Virus Scan except for esafe, which flagged it as a suspicious file.
deploytk.dll came up clear with Virus Scan for every AV engine.
Then, open Notepad and copy/paste the text in the Quote Box below into it:
Save this as CFScript.txt to your Desktop
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
I followed your above instructions. the Combo Fix Log in the next 2 posts.
I thought you would like to know that:
-AVG detected an EICAR_Test in: C:\DOCUME~1\Liam\LOCALS~1\Temp\AV-test.txt (this was as soon as ComboFix began its scan)
The process detected for this file is: C:\WINDOWS\system32\CF15569.exe
-When ComboFix rebooted the computer, as it was saving the log WinPatrol displayed a warning about a change in the Hosts File; the new change intended to wipe the whole Hosts File so I said no. This has happened before.
-ComboFix has deleted in each of its scan a thing called SuggestedSites.dat, which continues to reappear. Is it a major worry?
ComboFix 08-10-08.02 - Liam 2008-10-09 9:20:39.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1436 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 10:40
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-08 08:30
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 07:44
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-28 02:03
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-08-24 12:26
d
w C:\Documents and Settings\Liam\Application Data\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\BCL Technologies
2008-08-24 12:24
d
w C:\Documents and Settings\All Users\Application Data\Nitro PDF
2008-08-20 08:57
d
w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 04:10
d
w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-12 06:10 4,751,360 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-11 12:13
d
w C:\Program Files\Apple Software Update
2008-08-11 02:48 6,044,864 ----a-w C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-08-10 03:11
d
w C:\Program Files\Windows Live Toolbar
2008-08-10 03:10
d
w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-09 06:16
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 05:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-31 05:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
I also ran a Panda Active Scan, to see if the System restore was still infected. The log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-09 12:15:58
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036518.exe[C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036518.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No D:\AntivirusAntispyware\Flash Disinfector\Flash_Disinfector.exe[D:\AntivirusAntispyware\Flash Disinfector\Flash_Disinfector.exe][nircmd.exe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP69\A0040989.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP69\A0039383.sys
03738686 Generic Malware Virus/Trojan No 0 No No D:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036520.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0037501.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Liam\Desktop\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location Z
;===================================================================================================================================================================================
No C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.0.25\AppleMobileDeviceSupport.msi[unk_0051][EventFixer.exe]
No D:\AntivirusAntispyware\Spyware Scanners\XClean.exe Z
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Z
;===================================================================================================================================================================================
;===================================================================================================================================================================================
As you can see, the System Restore is infected again. Should I just leave it turned off the time being?
Unfortunately, my computer jarred and rebooted again today.
Lets check for other possibilities as it may not be malware.
Click Start | Control Panel | Administrative tools | Even Viewer.
In Event Viewer, select System and have a look for any warning (yellow triangle) or errors (red cross). Open each one by double-clicking and take a screenshot or make notes of the Source, Event ID and Description.
Click Application on the left, and do the same thing. Post the information you have back here.
1. Create a new cfscript, like you did previously, but copy an paste the follwoing info:
Post the new ComboFix log back here.
Will do that in a sec.
2.
Regarding your post...Lets check for other possibilities as it may not be malware.
Click Start | Control Panel | Administrative tools | Even Viewer.
In Event Viewer, select System and have a look for any warning (yellow triangle) or errors (red cross). Open each one by double-clicking and take a screenshot or make notes of the Source, Event ID and Description.
Click Application on the left, and do the same thing. Post the information you have back here.
There were a few red and yellow errors.
Red: Source: Service Control Manager
Source ID: 7026
Description: The following boot-start or system-start driver(s) failed to load: ShldDrv
This error occurred at least once a day.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Panda Process Protection Driver service failed to start due to the following error:
The system cannot find the file specified.
Again, at least once a day.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Java Quick Starter service failed to start due to the following error:
The system cannot find the path specified.
Again, at least once a day. Actually, just so you know, where ever one of these errors is in the log, the other 2 are there close by as well.
Red: Source: DCOM
Source ID: 10016
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. (This one occurs a few times).
Red: Source: DCOM
Source ID: 1003
Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout. (This one occurs a few times).
Red: Source:ialm
Source ID: 108
Description: The driver igxprd32 for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates. (This one I already know about as bullzinipr has been helping me find my graphics drivers so I can fix the problem).
Red: Source: Service Control Manager
Source ID: 7000
Description: The LockServ service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Red: Source: Service Control Manager
Source ID: 7009
Description: Timeout (30000 milliseconds) waiting for the Memory Check Service service to connect.
Yellow: Source: dhcp
Source ID: 10010
Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001B2F373BD1. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Yellow: Source: Tcpip
Source ID: 4226
Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
All of the above errors occurred within the last 3 days often.
This is the ComboFix report. A few things:
-I forgot to turn off AVG and it detected an EICAR_test Virus when ComboFix began doing its scan. Same place as I mentioned in the last few posts.
-ComboFix only deleted the SuggstedSites.dat file again, nothing else.
-When ComboFix was writing the log report it reported 'The system cannot find the path/file specified'.
The report:
ComboFix 08-10-10.01 - Liam 2008-10-11 8:00:46.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1390 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\windows32.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
.
((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.
2008-10-11 07:30 . 2008-10-11 07:30 <DIR> d
C:\ERDNT
2008-10-10 21:10 . 2008-10-10 21:10 606 --a
C:\WINDOWS\Uninstall Manager.INI
2008-10-10 21:07 . 2008-10-10 21:12 <DIR> d
C:\Program Files\Advanced System Optimizer
2008-10-10 21:07 . 2008-10-10 21:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\Systweak
2008-10-10 20:59 . 2008-10-10 21:02 <DIR> d
C:\Program Files\RegCure
2008-10-10 17:42 . 2008-10-10 17:42 <DIR> d
C:\Program Files\MSXML 4.0
2008-10-10 17:02 . 2008-10-10 21:24 <DIR> d
C:\Documents and Settings\Liam\work
2008-10-10 17:02 . 2008-10-10 17:02 1,683,456 --a
C:\Documents and Settings\Liam\FahCore_82.exe
2008-10-10 17:02 . 2008-10-10 17:02 7,168 --a
C:\Documents and Settings\Liam\queue.dat
2008-10-10 08:36 . 2008-10-10 08:36 <DIR> d
C:\Program Files\Folding@home
2008-10-10 07:48 . 2008-10-10 07:53 <DIR> d
C:\Folding
2008-10-10 07:48 . 2008-10-10 09:24 <DIR> d
C:\Documents and Settings\Liam\Application Data\Folding@home-x86
2008-10-10 07:22 . 2008-10-10 07:23 <DIR> d
C:\Program Files\SystemRequirementsLab
2008-10-10 07:22 . 2008-10-10 07:22 <DIR> d
C:\Documents and Settings\Liam\Application Data\SystemRequirementsLab
2008-10-09 17:53 . 2008-10-09 17:53 <DIR> d
C:\WINDOWS\system32\URTTemp
2008-10-09 16:37 . 2008-05-14 09:34 1,000,744 --a
C:\WINDOWS\system32\ShellManager10E2D762.dll
2008-10-09 16:31 . 2008-10-09 16:31 <DIR> d
C:\WINDOWS\system32\Lang
2008-10-09 14:23 . 2008-10-09 16:31 <DIR> d
C:\Program Files\SUPERAntiSpyware
2008-10-09 14:23 . 2008-10-09 14:23 <DIR> d
C:\Documents and Settings\Liam\Application Data\SUPERAntiSpyware.com
2008-10-09 12:53 . 2008-04-10 19:52 648,192 --a
C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-10-08 19:04 . 2008-10-08 19:04 <DIR> d
C:\Documents and Settings\Liam\Application Data\Nero
2008-10-08 18:59 . 2008-10-08 19:33 <DIR> d
C:\Program Files\Common Files\Nero
2008-10-08 13:14 . 2008-10-09 17:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Nero
2008-10-08 12:32 . 2008-10-08 12:32 <DIR> d
C:\Program Files\Secunia
2008-10-07 09:07 . 2008-10-07 09:08 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-10-06 16:39 . 2008-10-10 20:43 <DIR> d
C:\Documents and Settings\Liam\Tracing
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d
C:\WINDOWS\Performance
2008-10-06 15:07 . 2008-10-06 15:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-10-06 15:04 . 2008-10-06 15:04 <DIR> d
C:\Sandbox
2008-10-05 09:05 . 2008-10-11 07:58 <DIR> d
C:\Documents and Settings\Liam\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-05 08:13 . 2008-10-05 08:13 <DIR> d
C:\rsit
2008-10-04 18:53 . 2008-10-05 14:23 <DIR> d
C:\Program Files\MagicISO
2008-10-04 18:36 . 2008-10-04 18:36 <DIR> d
C:\Program Files\Lavasoft
2008-10-04 16:54 . 2008-10-04 16:54 <DIR> d
C:\Program Files\Sandboxie
2008-10-04 16:54 . 2008-10-09 12:49 1,850 --a
C:\WINDOWS\Sandboxie.ini
2008-10-04 14:48 . 2008-10-04 14:48 <DIR> d
C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47 . 2008-10-04 14:47 <DIR> d
C:\Program Files\Microsoft
2008-10-04 14:45 . 2008-10-04 14:45 <DIR> d
C:\Program Files\Common Files\Windows Live
2008-10-04 14:42 . 2008-10-04 14:42 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Program Files\iTunes
2008-10-04 13:17 . 2008-10-04 13:17 <DIR> d
C:\Program Files\iPod
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36 . 2008-10-11 07:26 <DIR> d
C:\WINDOWS\system32\drivers\Avg
2008-10-04 12:36 . 2008-10-05 17:32 <DIR> d
C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:36 . 2008-10-04 12:36 97,928 --a
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 76,040 --a
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-04 12:36 . 2008-10-04 12:36 12,936 --a
C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 10,520 --a
C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:35 . 2008-10-04 12:35 45,568 --a
C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 12:35 . 2008-10-04 12:35 23,296 --a
C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-04 10:43 . 2003-12-11 10:50 37,916 --a
C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-10-04 08:50 . 2008-10-04 08:50 <DIR> d
C:\Program Files\uTorrent
2008-10-03 13:46 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-03 12:03 . 2008-10-03 12:03 <DIR> d
C:\Program Files\WOT
2008-10-03 12:01 . 2008-10-03 19:15 <DIR> d
C:\Documents and Settings\Liam\Application Data\SpamPal
2008-10-03 09:38 . 2008-10-03 09:38 <DIR> d
C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54 . 2008-10-06 13:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 18:50 . 2008-10-02 18:50 <DIR> d
C:\Program Files\Innovative Solutions
2008-10-02 17:06 . 2008-10-02 17:06 106 --a
C:\WINDOWS\asquared.ini
2008-10-02 13:51 . 2006-12-14 15:31 87,040 -ra
C:\WINDOWS\system32\drivers\cmusbser.sys
2008-10-02 13:48 . 2006-11-24 13:03 81,152 -ra
C:\WINDOWS\system32\drivers\cmusbnet.sys
2008-10-02 13:26 . 2008-10-03 09:51 <DIR> d
C:\OEMSettings
2008-10-02 11:10 . 2006-03-20 18:20 <DIR> d
C:\Documents and Settings\Zoomer\Application Data\Avocent AdminWorks
2008-10-02 11:10 . 2008-10-02 11:50 <DIR> d---s---- C:\Documents and Settings\Zoomer
2008-10-02 08:55 . 1999-12-21 08:58 21,312 --a
C:\WINDOWS\choice.exe
2008-10-01 19:57 . 2008-10-02 08:48 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-09-30 10:44 . 2008-09-30 10:44 280 --a
C:\WINDOWS\system32\PDBootState
2008-09-30 10:40 . 2008-09-30 10:40 <DIR> d
C:\Program Files\Raxco
2008-09-30 10:20 . 2008-01-09 23:00 68,624 -ra
C:\WINDOWS\system32\drivers\DefragFS.sys
2008-09-30 10:19 . 2008-09-30 10:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Program Files\BillP Studios
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-30 09:30 . 2008-09-30 09:30 <DIR> d
C:\Program Files\NOS
2008-09-30 09:30 . 2008-09-30 09:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 13:32 . 2008-09-29 13:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\U3
2008-09-29 12:06 . 2008-10-03 12:10 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-09-29 12:02 . 2008-10-04 14:33 <DIR> d
C:\WINDOWS\Internet Logs
2008-09-28 20:46 . 2008-09-14 19:50 102,664 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-24 17:50 . 2003-12-11 10:50 70,894 --a
C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-09-24 17:50 . 2003-12-11 10:50 25,630 --a
C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-09-24 17:50 . 2003-11-26 10:50 19,968 --a
C:\WINDOWS\Logi_MwX.Exe
2008-09-23 22:42 . 2008-09-23 22:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-23 21:57 . 2008-10-06 08:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 18:45 . 2008-09-21 18:45 <DIR> d
C:\Program Files\Windows Installer Clean Up
2008-09-21 17:48 . 2004-08-04 16:00 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-09-19 08:27 . 2008-10-09 09:46 <DIR> d
C:\Program Files\Driver Sweeper
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 19:49 . 2008-09-21 16:50 <DIR> d
C:\Documents and Settings\Liam\.housecall6.6
2008-09-13 16:00 . 2008-09-13 16:00 <DIR> d
C:\Documents and Settings\Liam\Application Data\TrojanHunter
2008-09-12 17:45 . 2008-09-12 17:45 <DIR> d
C:\Program Files\Bonjour
2008-09-11 18:29 . 2008-09-28 16:59 <DIR> d
C:\Program Files\Macromedia
2008-09-11 18:29 . 2008-09-28 17:00 <DIR> d
C:\Program Files\Common Files\Macromedia
2008-09-11 18:12 . 2008-06-25 03:43 74,240 --a
C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-11 18:11 . 2008-06-20 22:51 361,600 --a
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-11 18:11 . 2008-06-21 04:46 245,248 --a
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-11 18:11 . 2008-06-20 22:08 225,856 --a
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-11 18:11 . 2008-06-21 04:46 147,968 --a
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-11 18:11 . 2008-06-20 22:40 138,496 --a
C:\WINDOWS\system32\dllcache\afd.sys
2008-09-11 18:10 . 2008-06-13 22:05 272,128 --a
C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 18:09 . 2008-04-12 06:04 691,712 --a
C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-11 18:08 . 2008-07-08 07:26 253,952 --a
C:\WINDOWS\system32\dllcache\es.dll
2008-09-11 18:08 . 2008-05-09 01:02 203,136 --a
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:43 . 2008-09-10 19:43 <DIR> d--hs---- C:\Documents and Settings\Liam\PrivacIE
2008-09-10 18:50 . 2008-09-10 18:51 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-10 18:45 . 2008-09-10 18:45 <DIR> d
C:\WINDOWS\Logs
2008-09-10 18:31 . 2008-09-10 18:31 <DIR> d
C:\Program Files\Belarc
2008-09-10 18:31 . 2008-02-27 14:49 3,840 --a
C:\WINDOWS\system32\drivers\BANTExt.sys
2008-09-10 11:11 . 2008-09-10 11:11 410,976 --a
C:\WINDOWS\system32\deploytk.dll
2008-09-10 10:07 . 2008-09-10 10:07 <DIR> d
C:\5a45d66c462ee2a14b9a88
2008-09-10 10:06 . 2008-09-10 10:13 <DIR> d
C:\WINDOWS\SxsCaPendDel
2008-09-10 10:00 . 2008-09-10 10:00 <DIR> dr-h
C:\AHCache
2008-09-10 09:49 . 2008-08-11 13:48 3,275,776 --a
C:\WINDOWS\system32\igxpdx32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 10:15
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-09 22:22
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 22:22
d
w C:\Program Files\SpywareBlaster
2008-10-09 09:02
d
w C:\Program Files\Microsoft.NET
2008-10-09 01:32
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 01:14 62,834 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_10_04_09_20_27_small.dmp.zip
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 23:49 2,285,056 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-09-29 23:05
d
w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-28 02:03
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-09 09:42
d
w C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 09:06
d
w C:\Program Files\Trend Micro
2008-09-09 02:41
d
w C:\Program Files\Panda Security
2008-09-09 02:17 2,826 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-08 14:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-09-02 06:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-24 12:26
d
w C:\Documents and Settings\Liam\Application Data\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\BCL Technologies
2008-08-24 12:24
d
w C:\Documents and Settings\All Users\Application Data\Nitro PDF
2008-08-21 17:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-21 17:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-21 17:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-21 17:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-21 17:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-21 17:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-21 17:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-21 17:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-21 17:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-21 17:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-21 17:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-21 17:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-21 16:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-20 08:57
d
w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 00:36 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
2008-08-18 02:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-17 04:10
d
w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-12 06:10 4,751,360 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-11 12:13
d
w C:\Program Files\Apple Software Update
2008-08-11 02:56 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4977.dll
2008-08-11 02:39 2,269,184 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-08-11 02:32 3,883,008 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-08-11 02:26 647,168 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(6).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(5).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(4).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(3).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(2).exe
2008-08-11 02:23 5,672,960 ----a-w C:\WINDOWS\system32\igfxress.dll
2008-08-10 03:11
d
w C:\Program Files\Windows Live Toolbar
2008-08-10 03:10
d
w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-06 05:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-08-05 07:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 05:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-07-31 00:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 00:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 00:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 10:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 09:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 09:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 09:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 09:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 09:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 09:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
I am posting to let you know that my AVG scans are taking longer to scan, even thought there isn't a change. My computer also rebooted again today without my consent.
I will also be away from Monday to Thursday; so if you reply I will respond on Thursday.
Comments
Also, I believe it is illegal to share product keys...but anyway, please be careful in the future about what you download.
I wasn't aware it was illegal to share keys if you bought the program; my Windows representative told me that if the program was bought, you could use it on more than one computer, you could even burn copies if you wish.
But I understand your point.
Thank you for your help.
Ok. I installed Malwarebytes, which stopped responding upon completion. I manged to run a scan, which detected no malware. The log:
Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3, v.3311
3/10/2008 7:19:32 AM
mbam-log-2008-10-03 (07-19-32).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 112856
Time elapsed: 31 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I have noticed that many of my settings have been changed, including in AVG, Zone Alrm, etc.
Good news. I have been able to remove Avira, which was hidden in my system.
The WinLogon errors have disappeared in the User Accounts, although a new one has appeared when I first log on, stating that the domain could not be found.
In Mozilla and Internet Explorer my log in seesions expire immediately, so my cookies have been changed but I have been unable to locate the cause. Winpatrol is accepting cookies, Mozilla accepts them, IE accepts them, Zone Patrol appears to be accepting them, any ideas?
I will let you know if any more errors are appeared/solved.
I looked in Administrative tools to look at the currently running processes and I noticed that Avira had 4 entries which were disabled. Is it still on my computer?
The WinLogon domain error has disappeared.
Both IE and Mozilla log me out of my accounts on ANY website as soon as I load another page. The pages include Ebay, Windows Live, Icrontic, etc. I have java enabled in both browsers, and cookies are being accepted. I am confused and tired of having to log back into the same website a hundred times. If you have any ideas, I will really appreciate it.
I haven't done anything to the system since your last post.
My internet sessions requiring log ins are continuing to expire within a second. If I use an application like Driver Max it logs out as well.
Many of my programs are crashing randomly and I have debugged a few, which keeps them running. The system seems a lot slower at times, as if something is using a lot of memory. Yet when I check Task Manager theres nothing there.
WinPatrol doesn't have anything starting up that I don't recognise. Oh, and I can't run Panda or Kaspersky in my browsers. They just don't load the page. You told me not to run any scans, but I was just checking to see if they could run. Maybe linked to my internet session problem?
If anything more pops up, I will let you know.
ADDING at 9:27PM:
My Windows Live Messenger had settings changed. I noticed that when two windows poped up with a picture of a girl asking me to talk to her. When I clicked to close the box I was taken to mozilla and a webpage attempted to load. Fortunately, WOT warned me it was dangerous and told me I shouldn't enter. I went into Windows Live and found the setting that had been changed- the box that said "Only let people who are on my list see my status and send me messages" was unticked. I ticked it. I hope that solves that problem.
The website:
http://js.peepfinder.com/go (there was a huge string of random characters after this)
But now I am worried. I use Ebay atm for business. I fear I am no longer safe to go Ebay. Correct? It seems many of my settings have been changed and some of my programs hijacked. I will change my Ebay password and avoid it for the time being.
ADDING at 9:57PM:
In my local settings temp folder I was looking for the folders where the online virus scanners downloaded ther files. And I found a folder called MessengerCache. Now as I had just had my settings hijacked I decided to open toe folder. And inside were 9 files, all named with a string of random characters.
For example,
X9VF09yOMgWzhCoDfQnpN4GEQ48=
I have deleted the folder, but left it in the recycle bin until you reply. Which brings me to a question. If I remove viruses and the like and they are in the Recycle Bin, can they do any damage to my system? Can they escape?
Oh, and I found a file called:
etilqs_CvCtSpjoa7hdo4EzslMb (this was in C:\Documents and Settings\Liam\Local Settings\temp)
I attempted to delete it but it came up with an error and told me the file couldn't be found. It then disappeared and didn't appear in the Recycle Bin. Maybe AVG removed it?
Could you post the whole error message if it returns. It will help identy the problem.
Open Firefox. Click Tools > Options > Privacy tab. Make sure "Always clear my private data when I close Firefox" is unchecked. See if this helps.
I'm not sure about IE on this.
Avira is a free Anti-Virus program; this is what is or was on your computer, so it is nothing dangerous. How did you actually remove Avira? Avira was not on your computer when you started this thread.
Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):
"%userprofile%\desktop\dss.exe" /config
When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore
Temp Cleanup
Process Modules
Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.
Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
You can use extra posts here if needed for that.
The Firefox box was already unchecked. The log in problem is gone, but now the internet seems slower (even though I hae a full connection) and many pages won't load. They just finsih with a blank page or come up with 2 things:
1. It sometimes says: blank page 1
blank page 2
blank page 3
2. It sometimes comes up with some text about javascript
This occurs in both IE and Mozilla.
Like I said earlier, Avira just appeared on my computer. I removed it by deleting the Program Folder, removing registry entries and removing it from System Administrative tools. Online scanners no longer detect it on my computer.
The link you gave for Deckard's System Scanner comes up as can't be found. AVG takes me to a page saying that the link can not be found. Is it possible the link is dead or that my browsers are screwing around?
I ran the tool. The uninstall log is:
info.txt logfile of random's system information tool 1.04 2008-10-05 08:13:52
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eAcoustics Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EC4EE3-ED7D-4DCD-86DC-29ACF0B122E9}\setup.exe" -l0x9 -removeonly
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer LANScope Agent-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4771B74C-003B-4E7B-A4A0-ABB7CA342C70}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Digital Locker Assistant-->MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
DriverMax 4-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Intel(R) Active Management Technology LMS Service and SOL Driver-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011F-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NETGEAR WG311v3 PCI Adapter-->C:\Program Files\InstallShield Installation Information\{70014586-7BBA-4A92-A610-CDC896C48F8F}\setup.exe -runfromtemp -l0x0409
Nitro PDF Professional-->MsiExec.exe /I{7AA9AC5F-E6E2-4310-9DE5-8282748C0A90}
NTI Backup NOW! 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B06B842F-2450-494F-BBDE-217CDC151A37}\setup.exe" -l0x9 -uninst -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCA Client history tool install-->"C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Sandboxie 3.30-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Battle for Middle-earth (tm) II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
Trojan Remover 6.7.2-->"C:\Program Files\Trojan Remover\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
WOT for Internet Explorer-->MsiExec.exe /X{5AC2D321-11E2-47E7-A1CA-61A34C2057AB}
Xiph QuickTime Components-->"C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
=====HijackThis Backups=====
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Internet Security
FW: ZoneAlarm Pro Firewall (disabled)
FW: COMODO Firewall Pro
FW: AVG Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Windows Resource Kits\Tools;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
EOF
2 things.
1. The Hosts file appears to be small in this log but when I checked it was very long. Why is it short in this log?
2. It says I have Comodo Firewall enabled. But I uninstalled that product months ago. And I can't find it when I search. I also uninstalled Zone Alarm Pro as I have bought the new AVG 8 Internet Security. Yet it shows Zone Alarm as disabled. Does that mean it is still somewhere on my machine as well?
Logfile of random's system information tool 1.04 (written by random/random)
Run by Liam at 2008-10-05 08:13:36
Microsoft Windows XP Professional Service Pack 3, v.3311
System drive C: has 130 GB (85%) free of 152 GB
Total RAM: 2022 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:50, on 5/10/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Acer\LANScope Agent\awServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\AlarmS4.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Liam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Liam.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [AVG Watchdog Service] C:\Program Files\AVG\AVG8\avgwdsvc.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201381364156
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 11383 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A41D1FC8-2A4B-4DBD-8205-49472C823A79}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-04 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-12-14 392240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-04 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2008-09-15 1421984]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-04 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-11 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-11 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-11 143360]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-09-19 333120]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-11-26 19968]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-04 1235736]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2005-12-08 25600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2008-06-20 153856]
"AVG Watchdog Service"=C:\Program Files\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2008-09-02 716800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-09-09 3513344]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-01 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-08-11 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-02-12 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingPage"=0
"DisableClock"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoUserNameInStartMenu"=0
"NoLogOff"=0
"NoMultiIE"=0
"LWA"=0
"LWB"=0
"LWC"=0
"LWD"=0
"LWE"=0
"LWF"=0
"LWG"=0
"LWH"=0
"LWI"=0
"LWJ"=0
"LWK"=0
"LWL"=0
"LWM"=0
"LWN"=0
"LWO"=0
"LWP"=0
"LWQ"=0
"LWR"=0
"LWS"=0
"LWT"=0
"LWU"=0
"LWV"=0
"LWW"=0
"LWX"=0
"LWY"=0
"LWZ"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabled:patchgrabber"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\trlrm\RMHSvc.exe"="C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2008-10-05 08:13:36 ----D---- C:\rsit
2008-10-04 20:51:05 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-10-04 20:51:05 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-10-04 20:51:05 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-10-04 20:51:05 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-10-04 20:51:05 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-10-04 20:51:04 ----D---- C:\Program Files\Trojan Remover
2008-10-04 20:51:04 ----D---- C:\Documents and Settings\Liam\Application Data\Simply Super Software
2008-10-04 20:51:04 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-04 18:53:42 ----D---- C:\Program Files\MagicISO
2008-10-04 18:36:55 ----D---- C:\Program Files\Lavasoft
2008-10-04 16:54:51 ----A---- C:\WINDOWS\Sandboxie.ini
2008-10-04 16:54:45 ----D---- C:\Program Files\Sandboxie
2008-10-04 14:48:46 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47:54 ----D---- C:\Program Files\Microsoft
2008-10-04 14:45:47 ----D---- C:\Program Files\Common Files\Windows Live
2008-10-04 14:42:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17:58 ----D---- C:\Program Files\iPod
2008-10-04 13:17:57 ----D---- C:\Program Files\iTunes
2008-10-04 13:17:57 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36:38 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:36:33 ----D---- C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:35:01 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 09:08:23 ----D---- C:\Sandbox
2008-10-04 08:52:58 ----D---- C:\Program Files\WinRAR
2008-10-04 08:50:41 ----D---- C:\Program Files\uTorrent
2008-10-03 13:46:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-03 13:46:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-03 13:46:58 ----A---- C:\WINDOWS\system32\java.exe
2008-10-03 12:03:34 ----D---- C:\Program Files\WOT
2008-10-03 10:00:25 ----D---- C:\Documents and Settings\Liam\Application Data\Avira
2008-10-03 09:38:56 ----D---- C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54:54 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 18:50:18 ----D---- C:\Program Files\Innovative Solutions
2008-10-02 17:06:46 ----A---- C:\WINDOWS\asquared.ini
2008-10-02 14:58:48 ----SHD---- C:\RECYCLER
2008-10-02 13:47:54 ----A---- C:\WINDOWS\ModemLog_Data Modem @ 3GPP (6280).txt
2008-10-02 13:44:32 ----A---- C:\ComboFix.txt
2008-10-02 13:26:59 ----D---- C:\OEMSettings
2008-10-02 11:11:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-02 10:49:14 ----A---- C:\WINDOWS\system32\0bdcbb79-.txt
2008-10-02 09:57:17 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-02 08:55:33 ----A---- C:\WINDOWS\choice.exe
2008-10-01 21:41:54 ----RASHD---- C:\autorun.inf
2008-10-01 19:59:04 ----A---- C:\find.txt
2008-10-01 19:57:21 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-30 10:40:35 ----D---- C:\Program Files\Raxco
2008-09-30 10:19:49 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-30 10:07:15 ----D---- C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-30 10:07:05 ----D---- C:\Program Files\BillP Studios
2008-09-30 10:03:19 ----D---- C:\Program Files\WinZip
2008-09-30 09:30:51 ----D---- C:\Program Files\NOS
2008-09-30 09:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 13:32:50 ----D---- C:\Documents and Settings\All Users\Application Data\U3
2008-09-29 12:02:57 ----D---- C:\WINDOWS\Internet Logs
2008-09-26 19:43:51 ----D---- C:\WINDOWS\temp
2008-09-26 19:35:38 ----D---- C:\WINDOWS\erdnt
2008-09-26 19:35:20 ----A---- C:\WINDOWS\zip.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\VFind.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\SWSC.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\swreg.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\sed.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\grep.exe
2008-09-26 19:35:20 ----A---- C:\WINDOWS\fdsv.exe
2008-09-24 17:50:01 ----A---- C:\WINDOWS\Logi_MwX.Exe
2008-09-23 22:42:59 ----D---- C:\TEMP
2008-09-23 22:42:27 ----D---- C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-23 21:57:33 ----A---- C:\WINDOWS\system32\avsda.dll
2008-09-23 21:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 18:45:32 ----D---- C:\Program Files\Windows Installer Clean Up
2008-09-21 17:48:40 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-09-21 17:48:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-19 08:27:55 ----D---- C:\Program Files\Driver Sweeper
2008-09-16 17:40:30 ----D---- C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 17:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 15:16:46 ----RA---- C:\WINDOWS\system32\streamhlp.dll
2008-09-13 14:26:37 ----D---- C:\QooBox
2008-09-12 17:45:08 ----D---- C:\Program Files\Bonjour
2008-09-11 18:29:29 ----D---- C:\Program Files\Common Files\Macromedia
2008-09-11 18:29:24 ----D---- C:\Program Files\Macromedia
2008-09-11 18:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-09-11 18:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-11 18:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-11 18:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-11 18:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-11 18:11:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-11 18:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-11 18:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-11 18:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-11 18:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-11 18:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-09-11 17:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 21:33:30 ----D---- C:\fsaua.data
2008-09-10 18:50:31 ----HDC---- C:\WINDOWS\ie8
2008-09-10 18:47:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-10 18:47:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-10 18:47:39 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-10 18:47:37 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-10 18:47:37 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-10 18:47:35 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-10 18:47:32 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-10 18:47:32 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-10 18:47:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-10 18:47:26 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-10 18:47:24 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-10 18:47:24 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-10 18:47:22 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-10 18:47:18 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-10 18:47:14 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-10 18:47:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-10 18:47:11 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-10 18:47:10 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-10 18:47:09 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-10 18:45:15 ----D---- C:\WINDOWS\Logs
2008-09-10 18:31:14 ----D---- C:\Program Files\Belarc
2008-09-10 11:11:41 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-09-10 10:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-09-10 10:07:02 ----D---- C:\5a45d66c462ee2a14b9a88
2008-09-10 10:06:39 ----D---- C:\WINDOWS\SxsCaPendDel
2008-09-10 10:00:38 ----RHD---- C:\AHCache
2008-09-10 09:50:01 ----A---- C:\WINDOWS\system32\igxprd32.dll
2008-09-10 09:50:01 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2008-09-10 09:50:01 ----A---- C:\WINDOWS\system32\igfxtray.exe
2008-09-10 09:50:01 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2008-09-10 09:50:01 ----A---- C:\WINDOWS\system32\igfxpers.exe
2008-09-10 09:50:00 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2008-09-10 09:50:00 ----A---- C:\WINDOWS\system32\hccutils.dll
2008-09-10 09:49:59 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2008-09-10 09:49:58 ----A---- C:\WINDOWS\system32\igfxCoIn_v4977.dll
2008-09-10 09:49:58 ----A---- C:\WINDOWS\system32\hkcmd.exe
2008-09-10 09:49:57 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2008-09-10 09:49:57 ----A---- C:\WINDOWS\system32\igfxdev.dll
2008-09-10 09:49:52 ----D---- C:\WINDOWS\system32\Lang
2008-09-10 09:49:52 ----A---- C:\WINDOWS\system32\igxpun.exe
2008-09-09 20:57:46 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-09-09 20:42:30 ----D---- C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 20:06:03 ----D---- C:\Program Files\Trend Micro
2008-09-09 14:30:41 ----D---- C:\Intel
2008-09-09 13:41:10 ----D---- C:\Program Files\Panda Security
2008-09-09 13:17:20 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-09 13:17:08 ----A---- C:\rapport.txt
2008-09-09 13:16:50 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-09 13:16:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-09 11:51:26 ----A---- C:\WINDOWS\system32\WS2Fix.exe.vir
2008-09-09 11:51:26 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-09 11:51:24 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-09 11:51:24 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-09 11:36:08 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-09 01:03:46 ----A---- C:\WINDOWS\system32\sirenacm.dll
2008-09-08 23:28:48 ----D---- C:\Program Files\SpywareBlaster
======List of files/folders modified in the last 1 months======
2008-10-05 08:13:37 ----D---- C:\WINDOWS\Prefetch
2008-10-05 08:00:59 ----AD---- C:\WINDOWS\system32
2008-10-05 08:00:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-05 07:58:18 ----D---- C:\Program Files\Mozilla Firefox
2008-10-05 07:56:36 ----AD---- C:\WINDOWS
2008-10-05 07:56:36 ----A---- C:\WINDOWS\system32\log.txt
2008-10-04 23:13:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-04 21:26:46 ----D---- C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-04 20:58:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 20:51:04 ----D---- C:\Program Files
2008-10-04 20:40:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-04 18:44:11 ----SHD---- C:\WINDOWS\Installer
2008-10-04 18:44:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 18:43:57 ----AD---- C:\WINDOWS\system32\drivers
2008-10-04 17:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-04 17:06:29 ----D---- C:\Documents and Settings\Liam\Application Data\Adobe
2008-10-04 14:48:47 ----D---- C:\Program Files\Common Files\System
2008-10-04 14:48:36 ----D---- C:\WINDOWS\WinSxS
2008-10-04 14:47:30 ----D---- C:\Program Files\Windows Live
2008-10-04 14:47:16 ----HD---- C:\WINDOWS\inf
2008-10-04 14:45:47 ----D---- C:\Program Files\Common Files
2008-10-04 14:45:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-04 13:16:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-04 12:35:00 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 12:04:26 ----HD---- C:\$AVG8.VAULT$
2008-10-04 11:49:29 ----D---- C:\Program Files\Java
2008-10-04 10:45:54 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-04 10:45:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-03 11:49:09 ----D---- C:\Program Files\Sun
2008-10-03 11:20:02 ----SHD---- C:\System Volume Information
2008-10-03 11:20:02 ----D---- C:\WINDOWS\system32\Restore
2008-10-03 10:49:09 ----RSH---- C:\boot.ini
2008-10-03 10:49:09 ----A---- C:\WINDOWS\system32\TUKernel.exe
2008-10-03 10:00:46 ----D---- C:\WINDOWS\system32\config
2008-10-03 10:00:39 ----D---- C:\WINDOWS\system32\wbem
2008-10-03 10:00:38 ----D---- C:\WINDOWS\Registration
2008-10-03 09:51:25 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-03 09:51:25 ----D---- C:\WINDOWS\Help
2008-10-03 09:51:25 ----D---- C:\Program Files\Internet Explorer
2008-10-03 09:23:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 09:18:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-03 07:41:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-02 18:58:05 ----D---- C:\Documents and Settings\Liam\Application Data\U3
2008-10-02 18:12:42 ----D---- C:\Program Files\Adobe
2008-10-02 17:29:36 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-02 13:47:20 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-02 13:40:29 ----A---- C:\WINDOWS\system.ini
2008-10-02 13:35:47 ----D---- C:\WINDOWS\AppPatch
2008-10-02 13:23:08 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-02 11:10:49 ----D---- C:\Documents and Settings
2008-09-30 09:45:58 ----D---- C:\Program Files\Common Files\Adobe
2008-09-29 13:14:02 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-09-28 16:53:57 ----D---- C:\WINDOWS\security
2008-09-28 16:50:11 ----D---- C:\WINDOWS\system32\DirectX
2008-09-28 16:48:50 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-28 13:03:27 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-24 22:45:40 ----A---- C:\WINDOWS\win.ini
2008-09-24 17:38:44 ----D---- C:\WINDOWS\system32\RTCOM
2008-09-21 20:21:19 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-21 20:21:17 ----RSD---- C:\WINDOWS\assembly
2008-09-21 19:05:43 ----D---- C:\WINDOWS\system32\URTTemp
2008-09-21 19:00:05 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-21 19:00:04 ----RSD---- C:\WINDOWS\Fonts
2008-09-21 18:45:18 ----D---- C:\Program Files\MSECache
2008-09-21 17:48:23 ----D---- C:\Program Files\Windows Media Player
2008-09-13 23:22:24 ----D---- C:\WINDOWS\Minidump
2008-09-13 21:41:02 ----SD---- C:\WINDOWS\Tasks
2008-09-13 13:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 17:44:48 ----D---- C:\Program Files\QuickTime
2008-09-12 17:44:27 ----D---- C:\Program Files\Common Files\Apple
2008-09-11 18:29:51 ----D---- C:\Documents and Settings\Liam\Application Data\Macromedia
2008-09-11 18:13:36 ----D---- C:\Program Files\Messenger
2008-09-11 18:13:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 18:54:27 ----D---- C:\WINDOWS\system32\en-US
2008-09-10 18:54:26 ----D---- C:\WINDOWS\Media
2008-09-07 16:38:22 ----SD---- C:\Documents and Settings\Liam\Application Data\Microsoft
2008-09-06 23:12:56 ----D---- C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-04 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-04 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-12 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-02-12 14592]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-04 76040]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\DRIVERS\DefragFS.sys [2008-01-09 68624]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
R2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 netlimiter;netlimiter; \??\C:\WINDOWS\system32\drivers\netlimiter.sys []
R2 netlock;netlock; \??\C:\WINDOWS\system32\drivers\netlock.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-28 254872]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-06-19 43264]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-11 6044864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-09-08 6144]
R3 PortRW;PortRW; C:\WINDOWS\System32\Drivers\PortRW.sys [2003-08-16 3456]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-12 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-12 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-02-12 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-12 20608]
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-12-29 282624]
S1 avgio;avgio; \??\C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-02-12 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-01 1479680]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys []
S3 cmusbnet;WAN Driver @ 3GPP (6280); C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2006-11-24 81152]
S3 cmusbser;%CMUSBSER%; C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-12-08 501760]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-12-08 439296]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-12-08 7168]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-12-08 142336]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-12-08 77824]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-12-08 754176]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-12-08 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-12-08 179712]
S3 MTXPARH;MTXPARH; C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-04-22 500608]
S3 NETMNT;NetMonitor Protocol ; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-06-28 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-02-12 61824]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-07-15 4096]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-12-08 114688]
S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-12 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-12 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-04 1220888]
R2 AWService;AdminWorks Agent X6; C:\Acer\LANScope Agent\awServ.exe [2006-08-19 67072]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-18 73728]
R2 LMS;Intel(R) Active Management Technology LMS Service; C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 LockServ;LockServ; C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-05-30 368640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2008-09-02 48640]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-01 405504]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-02-12 267776]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-29 155716]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl; C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-16 81920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bepldr;BCL easyPDF SDK 5 Loader; C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 guvkecginkii;guvkecginkii; C:\WINDOWS\system32\drivers\guvkecginkii.sys [2008-10-03 8576]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 AntiVirFirewallService;Avira Premium Security Suite Firewall; C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe []
S4 AntiVirMailService;Avira Premium Security Suite MailGuard; C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe []
S4 AntiVirScheduler;Avira Premium Security Suite Scheduler; C:\Program Files\Avira\Avira Premium Security Suite\sched.exe []
S4 AntiVirService;Avira Premium Security Suite Guard; C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe []
S4 antivirwebservice;Avira Premium Security Suite WebGuard; C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE []
S4 AVEService;Avira Premium Security Suite MailGuard helper service; C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
EOF
This morning after I did some stuff I came back to my computer and checked my emails. All of a sudden AVG 8 came up with threat alerts, showing most of the files ComboFix had quarantined. AVG claimed they were detected on open.
Yet if they were in quarantine, I thought they couldn't open? I had AVG remove the threats and then I deleted the Qoobox file.
ADDING at 1:39PM:
My internet cookies seem to be fine now. Whatever was screwing up my browsers appears to have stopped for some reason. My computer is still running slowly and programs continue to stop responding at times.
I ran HiJackThis and noticed in the Backups that Search Settings had been backed up. Should they be removed or should I just leave them?
Also my computer at this time rebooted suddenly with no error report generated.
I was looking in my harddrives and discovered this:
C:\Documents and Settings
It contained a folder called All U1sers, and contained an AVG 8 log and a Spybot: S & D folder.
Then I went to:
C:\Documents and Settings\All Users
It contained folders called: A1pplication Data, Ap1plication Data, Appl1ication Data, Applic1ation Data, Application D1ata, Applicati1on Data and Application1 Data. The folder called A1pplication Data contained Spybot: S & D and a Stopzilla folder. I don't have stopzilla so where did it come from?
I have left the folders as they are. All of them contain a Spybot: S & D Folder, a few contain Avocent Admin Works as well and 1 contain Stopzilla. The folder Application Data doesn't appear to exist.
Do not worry about those; it is fine.
RSIT also shows some leftover drivers, services and files from Avira. I suggest doing this...
1. Download Avira <-- This is the Avira Premium Security Suite which was on your computer.
2. Disconnect from the Internet
3. Disable AVG Anti-Virus
4. Install Avira and then properly uninstall it from Add/Remove programs.
5. Enable AVG Anti-Virus
6. Reconnect back to the Internet
If this happens again, please tell me the exact message from AVG.
Good to hear about the Cookies. The "running slowly" should hopefully sort itself out soon.
The "All Users" and "Application Data" folders are fine. Are you talking about folders have the "1" within the name?
Please do the following...
1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
...(Unless you set these with a anti-spyware program like SpyBot's Immunize feature, or a System Administrator set them, have HiJackThis fix this.)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
2. Please post a new HiJackThis log. We may need to run ComboFix again soon, but not yet.
I followed your steps for Avira and I think it may have been successful.
I checked the history of the Resident Shield Detection in AVG, and this is what it said:
All of the quarantined files by ComboFix except for 1 were called Trojan horse Generic11.ANKS, the file called jkkLFvUK.dll was called a Trojan horse Generic11.AMUK. These files were detected because they attempted to access my open Mozilla Firefox. So, if they were quarantined by ComboFix, how is that they are able to suddenly try to hijack my internet browser? Also, I deleted the Qoobox folder, should I delete it permanently as the threats appear to be escaping?
I hope the computer begins to run fast again; it is still running slower than usual.
Yeah I was talking about the folders with the '1' in the name, as I have never seen them before.
I fixed the 2 HiJackThis entries.
The new log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:33, on 6/10/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Acer\LANScope Agent\awServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\AlarmS4.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Liam\Desktop\prem_sec_winnt_en_hp.exe
C:\DOCUME~1\Liam\LOCALS~1\Temp\RarSFX0\basic\setup.exe
C:\DOCUME~1\Liam\LOCALS~1\Temp\RarSFX0\basic\fact.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [AVG Watchdog Service] C:\Program Files\AVG\AVG8\avgwdsvc.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201381364156
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 11279 bytes
I have noticed in the HiJackThis log and in task manager a process called PSI. I googled it and found it was some licensing company. Any ideas where I might have gotten it from?
I also noticed a thing called Matrox Graphics. I have never heard of this driver nor recall ever seeing it installed on my computer. Is that a default driver?
I also ran Trojan Remover just to see if anything came up. I won't actually remove/delete anything until you tell me to. Trojan remover detected a process called:
C:\WINDOWS\windows32.exe
which is loaded by:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{DDE9D8F8-7939-0C02-2F56-385F01DC566F}
I couldn't find any information on Google about this process, is it safe?
It didn't find anything malicious.
ADDING at 2:53PM:
AVG ran a scheduled scan. It detected this WIN32/HLLP.De Troie virus again, this time 4 of them in the System Restore. So, once again, the System Restore is infected, But this WIN32 appears to be infecting my files slowly. Any way we can halt the spread?
You haven't replied yet but I thought you might like to know a few things.
1/ AVG is still detecting this WIN32/HLLP.De Troie virus; it was found it in the System Restore Information again.
2/ My programs are continuing to freeze/crash/not respond or randomly quit.
3/ My system continues to at times run slowly.
4/ My internet seems to take longer to load pages (with/without a firewall on), and certain addons in Mozilla continue to be reinstalled for no reason.
UPDATE at 8:03PM:
The system restore information is again infected with the same virus. Any way we can stop these constant reinfections?
UPDATE at 8:49PM:
Something I have noticed is that AVG is freezing occasionally, especially if i click on the Firewall component. Also, when i shut down my computer, I sometimes get the following error:
The application dwinn.exe failed to start. The application failed to initialise because the windows station is shutting down. Any ideas why Dr Watson isn't functioning properly?
Also, I noticed this morning when I opened up Driver Max that it quit without any warning after about 2 minutes, and kept on doing that everytime I opened it. Windows Live Messenger also kept freezing, and its window box kept on going blank.
That is strange! I've never heard that happening before, but luckly AVG stopped it happening so it should OK. My guess would have been that AVG detected the "quarantined" files, which in that case if normal.
I don't, no. I can say it has been present since the first HijackThis log and it is not dangerous.
Matrox produce computer products, including Graphic cards. However, where did you notice this? It would seem you have a driver from them.
Please do the following...
1. Please scan C:\WINDOWS\windows32.exe file...
- Go to VirusTotal
- Copy and paste the following file path into the Search Box in the middle of the page:
- C:\WINDOWS\windows32.exe
- Now click on the Send File button
- If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.
[*]Save a copy of the Anti-Virus results only. Post the results in your next reply.NOTE:
2. If you have ComboFix, delete it. Download a new copy and follow the instructions to install the correct Recovery Console. Post the ComboFix log back here, along with the VirusTotal results.
can you do a search for dwinn.exe and tell me where it is located.
That's no problem.
Unable to find the file. I ran a search, and nothing turned up. I also went into Windows Explorer and type the address in bar. Still no luck. Finally, I went into the Windows folder but was unable to find the file.
I've just deleted my old Combo Fix and am about to download the another one. Why do I need to delete my old one? Is it possible it can get infected?
I was also unable to find this file.
I will post the Combo Fix log shortly.
ComboFix 08-10-07.03 - Liam 2008-10-08 7:25:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1444 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\IE4 Error Log.txt
BITS: Possible infected sites
hxxp://wzporn.com
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 09:07 . 2008-10-07 09:08 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-10-06 16:39 . 2008-10-07 20:45 <DIR> d
C:\Documents and Settings\Liam\Tracing
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d
C:\WINDOWS\Performance
2008-10-06 15:07 . 2008-10-06 15:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-10-06 15:04 . 2008-10-06 15:04 <DIR> d
C:\Sandbox
2008-10-05 09:05 . 2008-10-08 07:22 <DIR> d
C:\Documents and Settings\Liam\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-05 08:13 . 2008-10-05 08:13 <DIR> d
C:\rsit
2008-10-04 18:53 . 2008-10-05 14:23 <DIR> d
C:\Program Files\MagicISO
2008-10-04 18:36 . 2008-10-04 18:36 <DIR> d
C:\Program Files\Lavasoft
2008-10-04 16:54 . 2008-10-04 16:54 <DIR> d
C:\Program Files\Sandboxie
2008-10-04 16:54 . 2008-10-07 08:13 1,850 --a
C:\WINDOWS\Sandboxie.ini
2008-10-04 14:48 . 2008-10-04 14:48 <DIR> d
C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47 . 2008-10-04 14:47 <DIR> d
C:\Program Files\Microsoft
2008-10-04 14:45 . 2008-10-04 14:45 <DIR> d
C:\Program Files\Common Files\Windows Live
2008-10-04 14:42 . 2008-10-04 14:42 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Program Files\iTunes
2008-10-04 13:17 . 2008-10-04 13:17 <DIR> d
C:\Program Files\iPod
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36 . 2008-10-07 08:20 <DIR> d
C:\WINDOWS\system32\drivers\Avg
2008-10-04 12:36 . 2008-10-05 17:32 <DIR> d
C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:36 . 2008-10-04 12:36 97,928 --a
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 76,040 --a
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-04 12:36 . 2008-10-04 12:36 12,936 --a
C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 10,520 --a
C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:35 . 2008-10-04 12:35 45,568 --a
C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 12:35 . 2008-10-04 12:35 23,296 --a
C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-04 10:43 . 2003-12-11 10:50 37,916 --a
C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-10-04 08:50 . 2008-10-04 08:50 <DIR> d
C:\Program Files\uTorrent
2008-10-03 13:46 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-03 13:20 . 2008-10-03 13:20 8,576 --a
C:\WINDOWS\system32\drivers\guvkecginkii.sys
2008-10-03 12:03 . 2008-10-03 12:03 <DIR> d
C:\Program Files\WOT
2008-10-03 12:01 . 2008-10-03 19:15 <DIR> d
C:\Documents and Settings\Liam\Application Data\SpamPal
2008-10-03 09:38 . 2008-10-03 09:38 <DIR> d
C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54 . 2008-10-06 13:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 18:50 . 2008-10-02 18:50 <DIR> d
C:\Program Files\Innovative Solutions
2008-10-02 17:06 . 2008-10-02 17:06 106 --a
C:\WINDOWS\asquared.ini
2008-10-02 13:51 . 2006-12-14 15:31 87,040 -ra
C:\WINDOWS\system32\drivers\cmusbser.sys
2008-10-02 13:48 . 2006-11-24 13:03 81,152 -ra
C:\WINDOWS\system32\drivers\cmusbnet.sys
2008-10-02 13:26 . 2008-10-03 09:51 <DIR> d
C:\OEMSettings
2008-10-02 11:10 . 2006-03-20 18:20 <DIR> d
C:\Documents and Settings\Zoomer\Application Data\Avocent AdminWorks
2008-10-02 11:10 . 2008-10-02 11:50 <DIR> d---s---- C:\Documents and Settings\Zoomer
2008-10-02 08:55 . 1999-12-21 08:58 21,312 --a
C:\WINDOWS\choice.exe
2008-10-01 19:57 . 2008-10-02 08:48 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-09-30 10:44 . 2008-09-30 10:44 280 --a
C:\WINDOWS\system32\PDBootState
2008-09-30 10:40 . 2008-09-30 10:40 <DIR> d
C:\Program Files\Raxco
2008-09-30 10:20 . 2008-01-09 23:00 68,624 -ra
C:\WINDOWS\system32\drivers\DefragFS.sys
2008-09-30 10:19 . 2008-09-30 10:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Program Files\BillP Studios
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-30 09:30 . 2008-09-30 09:30 <DIR> d
C:\Program Files\NOS
2008-09-30 09:30 . 2008-09-30 09:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 13:32 . 2008-09-29 13:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\U3
2008-09-29 12:06 . 2008-10-03 12:10 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-09-29 12:02 . 2008-10-04 14:33 <DIR> d
C:\WINDOWS\Internet Logs
2008-09-28 20:46 . 2008-09-14 19:50 102,664 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-24 17:50 . 2003-12-11 10:50 70,894 --a
C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-09-24 17:50 . 2003-12-11 10:50 25,630 --a
C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-09-24 17:50 . 2003-11-26 10:50 19,968 --a
C:\WINDOWS\Logi_MwX.Exe
2008-09-23 22:42 . 2008-09-23 22:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-23 21:57 . 2008-10-06 08:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 18:45 . 2008-09-21 18:45 <DIR> d
C:\Program Files\Windows Installer Clean Up
2008-09-21 17:48 . 2004-08-04 16:00 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-09-19 08:27 . 2008-09-19 08:32 <DIR> d
C:\Program Files\Driver Sweeper
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 19:49 . 2008-09-21 16:50 <DIR> d
C:\Documents and Settings\Liam\.housecall6.6
2008-09-13 16:00 . 2008-09-13 16:00 <DIR> d
C:\Documents and Settings\Liam\Application Data\TrojanHunter
2008-09-12 17:45 . 2008-09-12 17:45 <DIR> d
C:\Program Files\Bonjour
2008-09-11 18:29 . 2008-09-28 16:59 <DIR> d
C:\Program Files\Macromedia
2008-09-11 18:29 . 2008-09-28 17:00 <DIR> d
C:\Program Files\Common Files\Macromedia
2008-09-11 18:12 . 2008-06-25 03:43 74,240 --a
C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-11 18:11 . 2008-06-20 22:51 361,600 --a
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-11 18:11 . 2008-06-21 04:46 245,248 --a
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-11 18:11 . 2008-06-20 22:08 225,856 --a
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-11 18:11 . 2008-06-21 04:46 147,968 --a
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-11 18:11 . 2008-06-20 22:40 138,496 --a
C:\WINDOWS\system32\dllcache\afd.sys
2008-09-11 18:10 . 2008-06-13 22:05 272,128 --a
C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 18:09 . 2008-04-12 06:04 691,712 --a
C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-11 18:08 . 2008-07-08 07:26 253,952 --a
C:\WINDOWS\system32\dllcache\es.dll
2008-09-11 18:08 . 2008-05-09 01:02 203,136 --a
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:43 . 2008-09-10 19:43 <DIR> d--hs---- C:\Documents and Settings\Liam\PrivacIE
2008-09-10 18:50 . 2008-09-10 18:51 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-10 18:45 . 2008-09-10 18:45 <DIR> d
C:\WINDOWS\Logs
2008-09-10 18:31 . 2008-09-10 18:31 <DIR> d
C:\Program Files\Belarc
2008-09-10 18:31 . 2008-02-27 14:49 3,840 --a
C:\WINDOWS\system32\drivers\BANTExt.sys
2008-09-10 11:11 . 2008-09-10 11:11 410,976 --a
C:\WINDOWS\system32\deploytk.dll
2008-09-10 10:07 . 2008-09-10 10:07 <DIR> d
C:\5a45d66c462ee2a14b9a88
2008-09-10 10:06 . 2008-09-10 10:13 <DIR> d
C:\WINDOWS\SxsCaPendDel
2008-09-10 10:00 . 2008-09-10 10:00 <DIR> dr-h
C:\AHCache
2008-09-10 09:50 . 2008-08-11 13:48 2,295,328 --a
C:\WINDOWS\system32\igxpdv32.dll
2008-09-10 09:50 . 2008-08-11 13:48 152,064 --a
C:\WINDOWS\system32\igxpgd32.dll
2008-09-10 09:50 . 2008-08-11 13:24 143,360 --a
C:\WINDOWS\system32\igfxtray.exe
2008-09-10 09:50 . 2008-08-11 13:24 143,360 --a
C:\WINDOWS\system32\igfxpers.exe
2008-09-10 09:50 . 2008-08-11 13:23 106,496 --a
C:\WINDOWS\system32\hccutils.dll
2008-09-10 09:50 . 2008-08-11 13:48 57,344 --a
C:\WINDOWS\system32\igxprd32.dll
2008-09-10 09:50 . 2008-08-11 13:24 52,224 --a
C:\WINDOWS\system32\igfxsrvc.dll
2008-09-09 20:42 . 2008-09-09 20:42 <DIR> d
C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 20:06 . 2008-09-09 20:06 <DIR> d
C:\Program Files\Trend Micro
2008-09-09 14:30 . 2008-09-09 14:30 <DIR> d
C:\Intel
2008-09-09 13:41 . 2008-09-09 13:41 <DIR> d
C:\Program Files\Panda Security
2008-09-09 13:41 . 2008-06-19 18:24 28,544 --a
C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-09 13:17 . 2008-09-09 13:17 2,826 --a
C:\WINDOWS\system32\tmp.reg
2008-09-09 13:16 . 2008-09-02 17:51 86,528 --a
C:\WINDOWS\system32\VACFix.exe
2008-09-09 13:16 . 2008-08-18 13:19 82,432 --a
C:\WINDOWS\system32\404Fix.exe
2008-09-09 11:51 . 2007-09-06 01:22 289,144 --a
C:\WINDOWS\system32\VCCLSID.exe
2008-09-09 11:51 . 2006-04-27 18:49 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2008-09-09 11:51 . 2004-07-31 19:50 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2008-09-09 11:51 . 2007-10-04 01:36 25,600 --a
C:\WINDOWS\system32\WS2Fix.exe.vir
2008-09-09 11:36 . 2008-09-30 10:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-09 01:03 . 2008-09-09 01:03 51,712 --a
C:\WINDOWS\system32\sirenacm.dll
2008-09-08 23:28 . 2008-10-07 09:13 <DIR> d
C:\Program Files\SpywareBlaster
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 10:19
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 10:24
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 07:44
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 01:14 62,834 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_10_04_09_20_27_small.dmp.zip
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 23:49 2,285,056 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-28 02:03
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-24 12:26
d
w C:\Documents and Settings\Liam\Application Data\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\BCL Technologies
2008-08-24 12:24
d
w C:\Documents and Settings\All Users\Application Data\Nitro PDF
2008-08-21 17:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-21 17:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-21 17:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-21 17:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-21 17:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-21 17:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-21 17:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-21 17:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-21 17:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-21 17:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-21 17:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-21 17:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-21 16:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-20 08:57
d
w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 00:36 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
2008-08-17 04:10
d
w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-12 06:10 4,751,360 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-11 12:13
d
w C:\Program Files\Apple Software Update
2008-08-11 02:56 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4977.dll
2008-08-11 02:48 6,044,864 ----a-w C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-08-11 02:48 3,275,776 ----a-w C:\WINDOWS\system32\igxpdx32.dll
2008-08-11 02:47 1,481,884 ----a-w C:\WINDOWS\system32\igkrng400.bin
2008-08-11 02:39 2,269,184 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-08-11 02:32 3,883,008 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-08-11 02:26 647,168 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-08-11 02:24 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2008-08-11 02:24 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
2008-08-11 02:24 212,992 ----a-w C:\WINDOWS\system32\igfxpph.dll
2008-08-11 02:24 172,032 ----a-w C:\WINDOWS\system32\igfxext.exe
2008-08-11 02:24 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
2008-08-11 02:23 5,672,960 ----a-w C:\WINDOWS\system32\igfxress.dll
2008-08-11 02:23 217,088 ----a-w C:\WINDOWS\system32\igfxdev.dll
2008-08-10 03:11
d
w C:\Program Files\Windows Live Toolbar
2008-08-10 03:10
d
w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-09 06:16
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 05:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-08-05 07:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 05:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-07-31 00:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 00:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 00:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 10:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 09:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 09:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 09:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 09:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 09:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 09:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 01:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 01:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 01:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 01:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"AVG Watchdog Service"="C:\Program Files\AVG\AVG8\avgwdsvc.exe" [2008-10-04 231704]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]
"SetDefaultMIDI"="MIDIDef.exe" [2005-12-08 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-08-11 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-08-11 172032]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-08-11 143360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-04 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\Logi_MwX.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/16/2008 5:03:11 PM 113664]
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [8/20/2003 10:15:36 AM 241664]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1/26/2006 6:55:04 PM 1486848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 0 (0x0)
"DisableClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a
2008-09-09 01:02 3513344 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-04 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-04 97928]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2006-05-18 26090]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-04 1220888]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-04 76040]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-06 17536]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-07 90112]
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-05-30 368640]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-01-25 11136]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2006-01-19 2116096]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-07-01 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-04-01 4010]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
R3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-16 3456]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [ ]
S2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [ ]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [ ]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-16 81920]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2006-11-24 81152]
S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-04-22 500608]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDE9D8F8-7939-0C02-2F56-385F01DC566F}]
C:\WINDOWS\windows32.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]
2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-10-07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A41D1FC8-2A4B-4DBD-8205-49472C823A79}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 04:05]
.
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ru356jyp.default\
FF -: plugin - C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\ru356jyp.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 07:26:44
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-08 7:28:10
ComboFix-quarantined-files.txt 2008-10-07 20:27:27
Pre-Run: 138,018,574,336 bytes free
Post-Run: 138,162,561,024 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=DW6AOE /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=DW6AOE-BAK
411 --- E O F --- 2008-09-09 20:52:21
2008-08-29 08:38:55 1,563 C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
2008-09-27 06:05:31 5,242,980 C:\Qoobox\Quarantine\C\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat.vir
2008-10-07 20:01:49 8,115 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2008-10-07 20:01:49 8,115 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2008-10-07 20:26:25 12,284 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-07 20:26:39 54 C:\Qoobox\Quarantine\catchme.log
2008-10-07 20:27:10 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-07 20:27:10 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-07 20:27:10 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
ADDING at 10:06AM:
The computer randomly shut down. Also, after I rebooted, it jarred twice (ie. Made a jarring sound), but didn't actually restart or crash.
I need you to copy and paste the file path, just like the instructions said to.
Also, scan the following files and post the results back here:
C:\WINDOWS\system32\deploytk.dll
C:\WINDOWS\choice.exe
Then, open Notepad and copy/paste the text in the Quote Box below into it:
Save this as CFScript.txt to your Desktop
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Yeah, I followed your instructions before but the file doesn't appear to exist. I can't find it anywhere. I did, however, find and scan the other 2 files you wanted me to scan.
choice.exe came up clear with Virus Scan except for esafe, which flagged it as a suspicious file.
deploytk.dll came up clear with Virus Scan for every AV engine.
I followed your above instructions. the Combo Fix Log in the next 2 posts.
I thought you would like to know that:
-AVG detected an EICAR_Test in: C:\DOCUME~1\Liam\LOCALS~1\Temp\AV-test.txt (this was as soon as ComboFix began its scan)
The process detected for this file is: C:\WINDOWS\system32\CF15569.exe
-When ComboFix rebooted the computer, as it was saving the log WinPatrol displayed a warning about a change in the Hosts File; the new change intended to wipe the whole Hosts File so I said no. This has happened before.
-ComboFix has deleted in each of its scan a thing called SuggestedSites.dat, which continues to reappear. Is it a major worry?
ComboFix 08-10-08.02 - Liam 2008-10-09 9:20:39.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1436 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\system32\drivers\guvkecginkii.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\system32\drivers\guvkecginkii.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_GUVKECGINKII
\Service_guvkecginkii
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-08 21:22 . 2008-10-08 21:22 <DIR> d
C:\Documents and Settings\Liam\Application Data\Ahead
2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d
C:\Program Files\Nero
2008-10-08 21:12 . 2008-10-08 21:13 <DIR> d
C:\Program Files\Common Files\Ahead
2008-10-08 19:04 . 2008-10-08 19:04 <DIR> d
C:\Documents and Settings\Liam\Application Data\Nero
2008-10-08 18:59 . 2008-10-08 19:33 <DIR> d
C:\Program Files\Common Files\Nero
2008-10-08 13:14 . 2008-10-08 18:59 <DIR> d
C:\Documents and Settings\All Users\Application Data\Nero
2008-10-08 12:32 . 2008-10-08 12:32 <DIR> d
C:\Program Files\Secunia
2008-10-08 11:37 . 2008-10-08 11:37 <DIR> d
C:\VundoFix Backups
2008-10-07 09:07 . 2008-10-07 09:08 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-10-06 16:39 . 2008-10-08 20:21 <DIR> d
C:\Documents and Settings\Liam\Tracing
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d
C:\WINDOWS\Performance
2008-10-06 15:07 . 2008-10-06 15:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-10-06 15:04 . 2008-10-06 15:04 <DIR> d
C:\Sandbox
2008-10-05 09:05 . 2008-10-09 09:12 <DIR> d
C:\Documents and Settings\Liam\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-05 08:13 . 2008-10-05 08:13 <DIR> d
C:\rsit
2008-10-04 18:53 . 2008-10-05 14:23 <DIR> d
C:\Program Files\MagicISO
2008-10-04 18:36 . 2008-10-04 18:36 <DIR> d
C:\Program Files\Lavasoft
2008-10-04 16:54 . 2008-10-04 16:54 <DIR> d
C:\Program Files\Sandboxie
2008-10-04 16:54 . 2008-10-09 09:16 1,844 --a
C:\WINDOWS\Sandboxie.ini
2008-10-04 14:48 . 2008-10-04 14:48 <DIR> d
C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47 . 2008-10-04 14:47 <DIR> d
C:\Program Files\Microsoft
2008-10-04 14:45 . 2008-10-04 14:45 <DIR> d
C:\Program Files\Common Files\Windows Live
2008-10-04 14:42 . 2008-10-04 14:42 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Program Files\iTunes
2008-10-04 13:17 . 2008-10-04 13:17 <DIR> d
C:\Program Files\iPod
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36 . 2008-10-08 07:45 <DIR> d
C:\WINDOWS\system32\drivers\Avg
2008-10-04 12:36 . 2008-10-05 17:32 <DIR> d
C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:36 . 2008-10-04 12:36 97,928 --a
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 76,040 --a
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-04 12:36 . 2008-10-04 12:36 12,936 --a
C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 10,520 --a
C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:35 . 2008-10-04 12:35 45,568 --a
C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 12:35 . 2008-10-04 12:35 23,296 --a
C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-04 10:43 . 2003-12-11 10:50 37,916 --a
C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-10-04 08:50 . 2008-10-04 08:50 <DIR> d
C:\Program Files\uTorrent
2008-10-03 13:46 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-03 12:03 . 2008-10-03 12:03 <DIR> d
C:\Program Files\WOT
2008-10-03 12:01 . 2008-10-03 19:15 <DIR> d
C:\Documents and Settings\Liam\Application Data\SpamPal
2008-10-03 09:38 . 2008-10-03 09:38 <DIR> d
C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54 . 2008-10-06 13:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 18:50 . 2008-10-02 18:50 <DIR> d
C:\Program Files\Innovative Solutions
2008-10-02 17:06 . 2008-10-02 17:06 106 --a
C:\WINDOWS\asquared.ini
2008-10-02 13:51 . 2006-12-14 15:31 87,040 -ra
C:\WINDOWS\system32\drivers\cmusbser.sys
2008-10-02 13:48 . 2006-11-24 13:03 81,152 -ra
C:\WINDOWS\system32\drivers\cmusbnet.sys
2008-10-02 13:26 . 2008-10-03 09:51 <DIR> d
C:\OEMSettings
2008-10-02 11:10 . 2006-03-20 18:20 <DIR> d
C:\Documents and Settings\Zoomer\Application Data\Avocent AdminWorks
2008-10-02 11:10 . 2008-10-02 11:50 <DIR> d---s---- C:\Documents and Settings\Zoomer
2008-10-02 08:55 . 1999-12-21 08:58 21,312 --a
C:\WINDOWS\choice.exe
2008-10-01 19:57 . 2008-10-02 08:48 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-09-30 10:44 . 2008-09-30 10:44 280 --a
C:\WINDOWS\system32\PDBootState
2008-09-30 10:40 . 2008-09-30 10:40 <DIR> d
C:\Program Files\Raxco
2008-09-30 10:20 . 2008-01-09 23:00 68,624 -ra
C:\WINDOWS\system32\drivers\DefragFS.sys
2008-09-30 10:19 . 2008-09-30 10:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Program Files\BillP Studios
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-30 09:30 . 2008-09-30 09:30 <DIR> d
C:\Program Files\NOS
2008-09-30 09:30 . 2008-09-30 09:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 13:32 . 2008-09-29 13:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\U3
2008-09-29 12:06 . 2008-10-03 12:10 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-09-29 12:02 . 2008-10-04 14:33 <DIR> d
C:\WINDOWS\Internet Logs
2008-09-28 20:46 . 2008-09-14 19:50 102,664 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-24 17:50 . 2003-12-11 10:50 70,894 --a
C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-09-24 17:50 . 2003-12-11 10:50 25,630 --a
C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-09-24 17:50 . 2003-11-26 10:50 19,968 --a
C:\WINDOWS\Logi_MwX.Exe
2008-09-23 22:42 . 2008-09-23 22:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-23 21:57 . 2008-10-06 08:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 18:45 . 2008-09-21 18:45 <DIR> d
C:\Program Files\Windows Installer Clean Up
2008-09-21 17:48 . 2004-08-04 16:00 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-09-19 08:27 . 2008-09-19 08:32 <DIR> d
C:\Program Files\Driver Sweeper
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 19:49 . 2008-09-21 16:50 <DIR> d
C:\Documents and Settings\Liam\.housecall6.6
2008-09-13 16:00 . 2008-09-13 16:00 <DIR> d
C:\Documents and Settings\Liam\Application Data\TrojanHunter
2008-09-12 17:45 . 2008-09-12 17:45 <DIR> d
C:\Program Files\Bonjour
2008-09-11 18:29 . 2008-09-28 16:59 <DIR> d
C:\Program Files\Macromedia
2008-09-11 18:29 . 2008-09-28 17:00 <DIR> d
C:\Program Files\Common Files\Macromedia
2008-09-11 18:12 . 2008-06-25 03:43 74,240 --a
C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-11 18:11 . 2008-06-20 22:51 361,600 --a
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-11 18:11 . 2008-06-21 04:46 245,248 --a
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-11 18:11 . 2008-06-20 22:08 225,856 --a
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-11 18:11 . 2008-06-21 04:46 147,968 --a
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-11 18:11 . 2008-06-20 22:40 138,496 --a
C:\WINDOWS\system32\dllcache\afd.sys
2008-09-11 18:10 . 2008-06-13 22:05 272,128 --a
C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 18:09 . 2008-04-12 06:04 691,712 --a
C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-11 18:08 . 2008-07-08 07:26 253,952 --a
C:\WINDOWS\system32\dllcache\es.dll
2008-09-11 18:08 . 2008-05-09 01:02 203,136 --a
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:43 . 2008-09-10 19:43 <DIR> d--hs---- C:\Documents and Settings\Liam\PrivacIE
2008-09-10 18:50 . 2008-09-10 18:51 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-10 18:45 . 2008-09-10 18:45 <DIR> d
C:\WINDOWS\Logs
2008-09-10 18:31 . 2008-09-10 18:31 <DIR> d
C:\Program Files\Belarc
2008-09-10 18:31 . 2008-02-27 14:49 3,840 --a
C:\WINDOWS\system32\drivers\BANTExt.sys
2008-09-10 11:11 . 2008-09-10 11:11 410,976 --a
C:\WINDOWS\system32\deploytk.dll
2008-09-10 10:07 . 2008-09-10 10:07 <DIR> d
C:\5a45d66c462ee2a14b9a88
2008-09-10 10:06 . 2008-09-10 10:13 <DIR> d
C:\WINDOWS\SxsCaPendDel
2008-09-10 10:00 . 2008-09-10 10:00 <DIR> dr-h
C:\AHCache
2008-09-10 09:50 . 2008-08-11 13:48 2,295,328 --a
C:\WINDOWS\system32\igxpdv32.dll
2008-09-10 09:50 . 2008-08-11 13:48 152,064 --a
C:\WINDOWS\system32\igxpgd32.dll
2008-09-10 09:50 . 2008-08-11 13:24 143,360 --a
C:\WINDOWS\system32\igfxtray.exe
2008-09-10 09:50 . 2008-08-11 13:24 143,360 --a
C:\WINDOWS\system32\igfxpers.exe
2008-09-10 09:50 . 2008-08-11 13:23 106,496 --a
C:\WINDOWS\system32\hccutils.dll
2008-09-10 09:50 . 2008-08-11 13:48 57,344 --a
C:\WINDOWS\system32\igxprd32.dll
2008-09-10 09:50 . 2008-08-11 13:24 52,224 --a
C:\WINDOWS\system32\igfxsrvc.dll
2008-09-09 20:42 . 2008-09-09 20:42 <DIR> d
C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 20:06 . 2008-09-09 20:06 <DIR> d
C:\Program Files\Trend Micro
2008-09-09 14:30 . 2008-09-09 14:30 <DIR> d
C:\Intel
2008-09-09 13:41 . 2008-09-09 13:41 <DIR> d
C:\Program Files\Panda Security
2008-09-09 13:41 . 2008-06-19 18:24 28,544 --a
C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-09 13:17 . 2008-09-09 13:17 2,826 --a
C:\WINDOWS\system32\tmp.reg
2008-09-09 13:16 . 2008-09-02 17:51 86,528 --a
C:\WINDOWS\system32\VACFix.exe
2008-09-09 13:16 . 2008-08-18 13:19 82,432 --a
C:\WINDOWS\system32\404Fix.exe
2008-09-09 11:51 . 2007-09-06 01:22 289,144 --a
C:\WINDOWS\system32\VCCLSID.exe
2008-09-09 11:51 . 2006-04-27 18:49 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2008-09-09 11:51 . 2004-07-31 19:50 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2008-09-09 11:51 . 2007-10-04 01:36 25,600 --a
C:\WINDOWS\system32\WS2Fix.exe.vir
2008-09-09 11:36 . 2008-09-30 10:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-09 01:03 . 2008-09-09 01:03 51,712 --a
C:\WINDOWS\system32\sirenacm.dll
2008-09-08 23:28 . 2008-10-08 07:43 <DIR> d
C:\Program Files\SpywareBlaster
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 10:40
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-08 08:30
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 07:44
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-28 02:03
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-08-24 12:26
d
w C:\Documents and Settings\Liam\Application Data\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\BCL Technologies
2008-08-24 12:24
d
w C:\Documents and Settings\All Users\Application Data\Nitro PDF
2008-08-20 08:57
d
w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 04:10
d
w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-12 06:10 4,751,360 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-11 12:13
d
w C:\Program Files\Apple Software Update
2008-08-11 02:48 6,044,864 ----a-w C:\WINDOWS\system32\drivers\igxpmp32.sys
2008-08-10 03:11
d
w C:\Program Files\Windows Live Toolbar
2008-08-10 03:10
d
w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-09 06:16
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 05:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-31 05:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"AVG Watchdog Service"="C:\Program Files\AVG\AVG8\avgwdsvc.exe" [2008-10-04 231704]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SetDefaultMIDI"="MIDIDef.exe" [2005-12-08 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-08-11 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-08-11 172032]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-08-11 143360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-04 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\Logi_MwX.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 15360]
C:\Documents and Settings\Liam\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [6/16/2008 8:03:08 PM 663552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/16/2008 5:03:11 PM 113664]
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [8/20/2003 10:15:36 AM 241664]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1/26/2006 6:55:04 PM 1486848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 0 (0x0)
"DisableClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a
2008-09-09 01:02 3513344 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-04 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-04 97928]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2006-05-18 26090]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-04 1220888]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-04 76040]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-06 17536]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-07 90112]
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-05-30 368640]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-01-25 11136]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2006-01-19 2116096]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-07-01 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-04-01 4010]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
R3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-16 3456]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [ ]
S2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [ ]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [ ]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-16 81920]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2006-11-24 81152]
S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-04-22 500608]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDE9D8F8-7939-0C02-2F56-385F01DC566F}]
C:\WINDOWS\windows32.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-08 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]
2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-10-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A41D1FC8-2A4B-4DBD-8205-49472C823A79}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 04:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 09:24:34
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-09 9:29:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 22:29:01
ComboFix2.txt 2008-10-07 20:28:11
Pre-Run: 132,166,356,992 bytes free
Post-Run: 135,365,148,672 bytes free
359 --- E O F --- 2008-09-09 20:52:21
2008-10-03 02:20:33 8,576 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\guvkecginkii.sys.vir
2008-10-07 20:35:07 5,242,980 C:\Qoobox\Quarantine\C\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat.vir
2008-10-08 22:21:56 12,145 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-08 22:22:02 838 C:\Qoobox\Quarantine\Registry_backups\Legacy_GUVKECGINKII.reg.dat
2008-10-08 22:22:03 1,180 C:\Qoobox\Quarantine\Registry_backups\Service_guvkecginkii.reg.dat
2008-10-08 22:22:10 54 C:\Qoobox\Quarantine\catchme.log
2008-10-08 22:28:45 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-08 22:28:45 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-08 22:28:45 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
I also ran a Panda Active Scan, to see if the System restore was still infected. The log:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-09 12:15:58
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036518.exe[C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036518.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No D:\AntivirusAntispyware\Flash Disinfector\Flash_Disinfector.exe[D:\AntivirusAntispyware\Flash Disinfector\Flash_Disinfector.exe][nircmd.exe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP69\A0040989.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP69\A0039383.sys
03738686 Generic Malware Virus/Trojan No 0 No No D:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0036520.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{50BF3AB8-5489-4087-8C8B-277823628A25}\RP62\A0037501.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Liam\Desktop\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location Z
;===================================================================================================================================================================================
No C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.0.25\AppleMobileDeviceSupport.msi[unk_0051][EventFixer.exe]
No D:\AntivirusAntispyware\Spyware Scanners\XClean.exe Z
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Z
;===================================================================================================================================================================================
;===================================================================================================================================================================================
As you can see, the System Restore is infected again. Should I just leave it turned off the time being?
I have some good news and some bad news.
The AVG and Spybot scans are coming out clean.
Unfortunately, my computer jarred and rebooted again today.:sad2:
I take it either malware still exists on my computer or they have done something nasty.
I await your reply. Your help has been great.:p
Please do the following...
1. Create a new cfscript, like you did previously, but copy an paste the follwoing info:
Post the new ComboFix log back here.
2. Regarding your post... Lets check for other possibilities as it may not be malware.
Click Start | Control Panel | Administrative tools | Even Viewer.
In Event Viewer, select System and have a look for any warning (yellow triangle) or errors (red cross). Open each one by double-clicking and take a screenshot or make notes of the Source, Event ID and Description.
Click Application on the left, and do the same thing. Post the information you have back here.
Will do that in a sec.
There were a few red and yellow errors.
Red: Source: Service Control Manager
Source ID: 7026
Description: The following boot-start or system-start driver(s) failed to load: ShldDrv
This error occurred at least once a day.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Panda Process Protection Driver service failed to start due to the following error:
The system cannot find the file specified.
Again, at least once a day.
Red: Source: Service Control Manager
Source ID: 7000
Description: The Java Quick Starter service failed to start due to the following error:
The system cannot find the path specified.
Again, at least once a day. Actually, just so you know, where ever one of these errors is in the log, the other 2 are there close by as well.
Red: Source: DCOM
Source ID: 10016
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. (This one occurs a few times).
Red: Source: DCOM
Source ID: 1003
Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout. (This one occurs a few times).
Red: Source: System Error
Source ID: 1003
Description: Error code 000000ea, parameter1 893c5600, parameter2 89e89890, parameter3 89e7f498, parameter4 00000001.
Red: Source:ialm
Source ID: 108
Description: The driver igxprd32 for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates. (This one I already know about as bullzinipr has been helping me find my graphics drivers so I can fix the problem).
Red: Source: Service Control Manager
Source ID: 7000
Description: The LockServ service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Red: Source: Service Control Manager
Source ID: 7009
Description: Timeout (30000 milliseconds) waiting for the Memory Check Service service to connect.
Yellow: Source: dhcp
Source ID: 10010
Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001B2F373BD1. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Yellow: Source: Tcpip
Source ID: 4226
Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
All of the above errors occurred within the last 3 days often.
-I forgot to turn off AVG and it detected an EICAR_test Virus when ComboFix began doing its scan. Same place as I mentioned in the last few posts.
-ComboFix only deleted the SuggstedSites.dat file again, nothing else.
-When ComboFix was writing the log report it reported 'The system cannot find the path/file specified'.
The report:
ComboFix 08-10-10.01 - Liam 2008-10-11 8:00:46.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1390 [GMT 11:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\windows32.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Liam\Local Settings\Temporary Internet Files\SuggestedSites.dat
.
((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.
2008-10-11 07:30 . 2008-10-11 07:30 <DIR> d
C:\ERDNT
2008-10-10 21:10 . 2008-10-10 21:10 606 --a
C:\WINDOWS\Uninstall Manager.INI
2008-10-10 21:07 . 2008-10-10 21:12 <DIR> d
C:\Program Files\Advanced System Optimizer
2008-10-10 21:07 . 2008-10-10 21:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\Systweak
2008-10-10 20:59 . 2008-10-10 21:02 <DIR> d
C:\Program Files\RegCure
2008-10-10 17:42 . 2008-10-10 17:42 <DIR> d
C:\Program Files\MSXML 4.0
2008-10-10 17:02 . 2008-10-10 21:24 <DIR> d
C:\Documents and Settings\Liam\work
2008-10-10 17:02 . 2008-10-10 17:02 1,683,456 --a
C:\Documents and Settings\Liam\FahCore_82.exe
2008-10-10 17:02 . 2008-10-10 17:02 7,168 --a
C:\Documents and Settings\Liam\queue.dat
2008-10-10 08:36 . 2008-10-10 08:36 <DIR> d
C:\Program Files\Folding@home
2008-10-10 07:48 . 2008-10-10 07:53 <DIR> d
C:\Folding
2008-10-10 07:48 . 2008-10-10 09:24 <DIR> d
C:\Documents and Settings\Liam\Application Data\Folding@home-x86
2008-10-10 07:22 . 2008-10-10 07:23 <DIR> d
C:\Program Files\SystemRequirementsLab
2008-10-10 07:22 . 2008-10-10 07:22 <DIR> d
C:\Documents and Settings\Liam\Application Data\SystemRequirementsLab
2008-10-09 17:53 . 2008-10-09 17:53 <DIR> d
C:\WINDOWS\system32\URTTemp
2008-10-09 16:37 . 2008-05-14 09:34 1,000,744 --a
C:\WINDOWS\system32\ShellManager10E2D762.dll
2008-10-09 16:31 . 2008-10-09 16:31 <DIR> d
C:\WINDOWS\system32\Lang
2008-10-09 14:23 . 2008-10-09 16:31 <DIR> d
C:\Program Files\SUPERAntiSpyware
2008-10-09 14:23 . 2008-10-09 14:23 <DIR> d
C:\Documents and Settings\Liam\Application Data\SUPERAntiSpyware.com
2008-10-09 12:53 . 2008-04-10 19:52 648,192 --a
C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-10-08 19:04 . 2008-10-08 19:04 <DIR> d
C:\Documents and Settings\Liam\Application Data\Nero
2008-10-08 18:59 . 2008-10-08 19:33 <DIR> d
C:\Program Files\Common Files\Nero
2008-10-08 13:14 . 2008-10-09 17:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\Nero
2008-10-08 12:32 . 2008-10-08 12:32 <DIR> d
C:\Program Files\Secunia
2008-10-07 09:07 . 2008-10-07 09:08 <DIR> d
C:\Program Files\Your Uninstaller 2008
2008-10-06 16:39 . 2008-10-10 20:43 <DIR> d
C:\Documents and Settings\Liam\Tracing
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d
C:\WINDOWS\Performance
2008-10-06 15:07 . 2008-10-06 15:12 <DIR> d
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-10-06 15:04 . 2008-10-06 15:04 <DIR> d
C:\Sandbox
2008-10-05 09:05 . 2008-10-11 07:58 <DIR> d
C:\Documents and Settings\Liam\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-05 09:05 . 2008-10-05 09:05 <DIR> d
C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-05 08:13 . 2008-10-05 08:13 <DIR> d
C:\rsit
2008-10-04 18:53 . 2008-10-05 14:23 <DIR> d
C:\Program Files\MagicISO
2008-10-04 18:36 . 2008-10-04 18:36 <DIR> d
C:\Program Files\Lavasoft
2008-10-04 16:54 . 2008-10-04 16:54 <DIR> d
C:\Program Files\Sandboxie
2008-10-04 16:54 . 2008-10-09 12:49 1,850 --a
C:\WINDOWS\Sandboxie.ini
2008-10-04 14:48 . 2008-10-04 14:48 <DIR> d
C:\Program Files\Microsoft Office Outlook Connector
2008-10-04 14:47 . 2008-10-04 14:47 <DIR> d
C:\Program Files\Microsoft
2008-10-04 14:45 . 2008-10-04 14:45 <DIR> d
C:\Program Files\Common Files\Windows Live
2008-10-04 14:42 . 2008-10-04 14:42 <DIR> d
C:\Program Files\Common Files\Adobe AIR
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Program Files\iTunes
2008-10-04 13:17 . 2008-10-04 13:17 <DIR> d
C:\Program Files\iPod
2008-10-04 13:17 . 2008-10-04 13:18 <DIR> d
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:36 . 2008-10-11 07:26 <DIR> d
C:\WINDOWS\system32\drivers\Avg
2008-10-04 12:36 . 2008-10-05 17:32 <DIR> d
C:\Documents and Settings\Liam\Application Data\AVGTOOLBAR
2008-10-04 12:36 . 2008-10-04 12:36 97,928 --a
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 76,040 --a
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-04 12:36 . 2008-10-04 12:36 12,936 --a
C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-10-04 12:36 . 2008-10-04 12:36 10,520 --a
C:\WINDOWS\system32\avgrsstx.dll
2008-10-04 12:35 . 2008-10-04 12:35 45,568 --a
C:\WINDOWS\system32\avgfwdx.dll
2008-10-04 12:35 . 2008-10-04 12:35 23,296 --a
C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-04 10:43 . 2003-12-11 10:50 37,916 --a
C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-10-04 08:50 . 2008-10-04 08:50 <DIR> d
C:\Program Files\uTorrent
2008-10-03 13:46 . 2008-06-10 02:32 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-03 12:03 . 2008-10-03 12:03 <DIR> d
C:\Program Files\WOT
2008-10-03 12:01 . 2008-10-03 19:15 <DIR> d
C:\Documents and Settings\Liam\Application Data\SpamPal
2008-10-03 09:38 . 2008-10-03 09:38 <DIR> d
C:\Documents and Settings\Liam\Application Data\URSoft
2008-10-03 08:54 . 2008-10-06 13:28 <DIR> d
C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-02 18:50 . 2008-10-02 18:50 <DIR> d
C:\Program Files\Innovative Solutions
2008-10-02 17:06 . 2008-10-02 17:06 106 --a
C:\WINDOWS\asquared.ini
2008-10-02 13:51 . 2006-12-14 15:31 87,040 -ra
C:\WINDOWS\system32\drivers\cmusbser.sys
2008-10-02 13:48 . 2006-11-24 13:03 81,152 -ra
C:\WINDOWS\system32\drivers\cmusbnet.sys
2008-10-02 13:26 . 2008-10-03 09:51 <DIR> d
C:\OEMSettings
2008-10-02 11:10 . 2006-03-20 18:20 <DIR> d
C:\Documents and Settings\Zoomer\Application Data\Avocent AdminWorks
2008-10-02 11:10 . 2008-10-02 11:50 <DIR> d---s---- C:\Documents and Settings\Zoomer
2008-10-02 08:55 . 1999-12-21 08:58 21,312 --a
C:\WINDOWS\choice.exe
2008-10-01 19:57 . 2008-10-02 08:48 <DIR> d
C:\Program Files\EsetOnlineScanner
2008-09-30 10:44 . 2008-09-30 10:44 280 --a
C:\WINDOWS\system32\PDBootState
2008-09-30 10:40 . 2008-09-30 10:40 <DIR> d
C:\Program Files\Raxco
2008-09-30 10:20 . 2008-01-09 23:00 68,624 -ra
C:\WINDOWS\system32\drivers\DefragFS.sys
2008-09-30 10:19 . 2008-09-30 10:19 <DIR> d
C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Program Files\BillP Studios
2008-09-30 10:07 . 2008-09-30 10:07 <DIR> d
C:\Documents and Settings\Liam\Application Data\WinPatrol
2008-09-30 09:30 . 2008-09-30 09:30 <DIR> d
C:\Program Files\NOS
2008-09-30 09:30 . 2008-09-30 09:47 <DIR> d
C:\Documents and Settings\All Users\Application Data\NOS
2008-09-29 13:32 . 2008-09-29 13:32 <DIR> d
C:\Documents and Settings\All Users\Application Data\U3
2008-09-29 12:06 . 2008-10-03 12:10 4,212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-09-29 12:02 . 2008-10-04 14:33 <DIR> d
C:\WINDOWS\Internet Logs
2008-09-28 20:46 . 2008-09-14 19:50 102,664 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-24 17:50 . 2003-12-11 10:50 70,894 --a
C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-09-24 17:50 . 2003-12-11 10:50 25,630 --a
C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-09-24 17:50 . 2003-11-26 10:50 19,968 --a
C:\WINDOWS\Logi_MwX.Exe
2008-09-23 22:42 . 2008-09-23 22:42 <DIR> d
C:\Documents and Settings\All Users\Application Data\Premium Security Suite
2008-09-23 21:57 . 2008-10-06 08:33 <DIR> d
C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 18:45 . 2008-09-21 18:45 <DIR> d
C:\Program Files\Windows Installer Clean Up
2008-09-21 17:48 . 2004-08-04 16:00 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-09-19 08:27 . 2008-10-09 09:46 <DIR> d
C:\Program Files\Driver Sweeper
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-09-16 17:40 . 2008-09-16 17:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 19:49 . 2008-09-21 16:50 <DIR> d
C:\Documents and Settings\Liam\.housecall6.6
2008-09-13 16:00 . 2008-09-13 16:00 <DIR> d
C:\Documents and Settings\Liam\Application Data\TrojanHunter
2008-09-12 17:45 . 2008-09-12 17:45 <DIR> d
C:\Program Files\Bonjour
2008-09-11 18:29 . 2008-09-28 16:59 <DIR> d
C:\Program Files\Macromedia
2008-09-11 18:29 . 2008-09-28 17:00 <DIR> d
C:\Program Files\Common Files\Macromedia
2008-09-11 18:12 . 2008-06-25 03:43 74,240 --a
C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-11 18:11 . 2008-06-20 22:51 361,600 --a
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-09-11 18:11 . 2008-06-21 04:46 245,248 --a
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-09-11 18:11 . 2008-06-20 22:08 225,856 --a
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-09-11 18:11 . 2008-06-21 04:46 147,968 --a
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-09-11 18:11 . 2008-06-20 22:40 138,496 --a
C:\WINDOWS\system32\dllcache\afd.sys
2008-09-11 18:10 . 2008-06-13 22:05 272,128 --a
C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 18:09 . 2008-04-12 06:04 691,712 --a
C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-11 18:08 . 2008-07-08 07:26 253,952 --a
C:\WINDOWS\system32\dllcache\es.dll
2008-09-11 18:08 . 2008-05-09 01:02 203,136 --a
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:43 . 2008-09-10 19:43 <DIR> d--hs---- C:\Documents and Settings\Liam\PrivacIE
2008-09-10 18:50 . 2008-09-10 18:51 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-10 18:45 . 2008-09-10 18:45 <DIR> d
C:\WINDOWS\Logs
2008-09-10 18:31 . 2008-09-10 18:31 <DIR> d
C:\Program Files\Belarc
2008-09-10 18:31 . 2008-02-27 14:49 3,840 --a
C:\WINDOWS\system32\drivers\BANTExt.sys
2008-09-10 11:11 . 2008-09-10 11:11 410,976 --a
C:\WINDOWS\system32\deploytk.dll
2008-09-10 10:07 . 2008-09-10 10:07 <DIR> d
C:\5a45d66c462ee2a14b9a88
2008-09-10 10:06 . 2008-09-10 10:13 <DIR> d
C:\WINDOWS\SxsCaPendDel
2008-09-10 10:00 . 2008-09-10 10:00 <DIR> dr-h
C:\AHCache
2008-09-10 09:49 . 2008-08-11 13:48 3,275,776 --a
C:\WINDOWS\system32\igxpdx32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 10:15
d
w C:\Documents and Settings\Liam\Application Data\uTorrent
2008-10-09 22:22
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 22:22
d
w C:\Program Files\SpywareBlaster
2008-10-09 09:02
d
w C:\Program Files\Microsoft.NET
2008-10-09 01:32
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 05:58
d
w C:\Program Files\TuneUp Utilities 2008
2008-10-06 04:50
d
w C:\Program Files\Java
2008-10-05 10:02
d
w C:\Program Files\Windows Live Safety Center
2008-10-04 03:47
d
w C:\Program Files\Windows Live
2008-10-04 01:35
d
w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-04 01:14 62,834 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_10_04_09_20_27_small.dmp.zip
2008-10-03 00:49
d
w C:\Program Files\Sun
2008-10-02 23:49 2,285,056 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-10-02 20:41
d
w C:\Program Files\Spybot - Search & Destroy
2008-10-02 07:58
d
w C:\Documents and Settings\Liam\Application Data\U3
2008-09-29 23:05
d
w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-29 22:45
d
w C:\Program Files\Common Files\Adobe
2008-09-28 02:03
d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 07:45
d
w C:\Program Files\MSECache
2008-09-13 02:02
d
w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 06:44
d
w C:\Program Files\QuickTime
2008-09-12 06:44
d
w C:\Program Files\Common Files\Apple
2008-09-09 09:42
d
w C:\Documents and Settings\Liam\Application Data\Uniblue
2008-09-09 09:06
d
w C:\Program Files\Trend Micro
2008-09-09 02:41
d
w C:\Program Files\Panda Security
2008-09-09 02:17 2,826 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-08 14:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-06 12:12
d
w C:\Documents and Settings\Liam\Application Data\My Battle for Middle-earth(tm) II Files
2008-09-04 00:02
d
w C:\Documents and Settings\Liam\Application Data\Search Settings
2008-09-02 06:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-24 12:26
d
w C:\Documents and Settings\Liam\Application Data\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\Nitro PDF
2008-08-24 12:24
d
w C:\Program Files\Common Files\BCL Technologies
2008-08-24 12:24
d
w C:\Documents and Settings\All Users\Application Data\Nitro PDF
2008-08-21 17:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-21 17:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-21 17:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 17:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 17:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-21 17:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-21 17:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-21 17:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-21 17:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-21 17:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-21 17:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-21 17:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-21 17:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 17:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-21 17:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-21 16:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-21 16:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-20 08:57
d
w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 00:36 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
2008-08-18 02:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-17 04:10
d
w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-12 06:10 4,751,360 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-11 12:13
d
w C:\Program Files\Apple Software Update
2008-08-11 02:56 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4977.dll
2008-08-11 02:39 2,269,184 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-08-11 02:32 3,883,008 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-08-11 02:26 647,168 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(6).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(5).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(4).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(3).exe
2008-08-11 02:25 172,032 ----a-w C:\WINDOWS\system32\hkcmd(2).exe
2008-08-11 02:23 5,672,960 ----a-w C:\WINDOWS\system32\igfxress.dll
2008-08-10 03:11
d
w C:\Program Files\Windows Live Toolbar
2008-08-10 03:10
d
w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-10 03:10
d
w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-06 05:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-08-05 07:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-31 05:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-07-31 00:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 00:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 00:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-29 10:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 09:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 09:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 09:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 09:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 09:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 09:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-03-01 22:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030220080303\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]
"AVG Watchdog Service"="C:\Program Files\AVG\AVG8\avgwdsvc.exe" [2008-10-04 231704]
"FahCore_82"="C:\Documents and Settings\Liam\FahCore_82.exe" [2008-10-10 1683456]
"Folding@home"="C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe" [2008-08-01 442880]
"SetDefaultMIDI"="MIDIDef.exe" [2005-12-08 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-08-11 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-08-11 172032]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-08-11 143360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-04 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 C:\WINDOWS\Logi_MwX.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 15360]
C:\Documents and Settings\Liam\Start Menu\Programs\Startup\
Secunia PSI (RC3).lnk - C:\Program Files\Secunia\PSI (RC3)\psi.exe [6/16/2008 8:03:08 PM 663552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/16/2008 5:03:11 PM 113664]
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [8/20/2003 10:15:36 AM 241664]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [1/26/2006 6:55:04 PM 1486848]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 0 (0x0)
"DisableClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\patchget.dat"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-10-04 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-04 97928]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2006-05-18 26090]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-04 1220888]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-04 76040]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [2006-06-06 17536]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [2006-06-07 90112]
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-05-30 368640]
R2 netlimiter;netlimiter;C:\WINDOWS\system32\drivers\netlimiter.sys [2006-01-25 11136]
R2 netlock;netlock;C:\WINDOWS\system32\drivers\netlock.sys [2006-01-19 2116096]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-07-01 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-04-01 4010]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-02-12 14336]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
R3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-16 3456]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [ ]
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [ ]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-16 81920]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-04 23296]
S3 bepldr;BCL easyPDF SDK 5 Loader;C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
S3 cmusbnet;WAN Driver @ 3GPP (6280);C:\WINDOWS\system32\DRIVERS\cmusbnet.sys [2006-11-24 81152]
S3 cmusbser;%CMUSBSER%;C:\WINDOWS\system32\DRIVERS\cmusbser.sys [2006-12-14 87040]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-04-22 500608]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-01 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]
2008-10-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-10-10 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-06-03 13:19]
2008-10-10 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-06-03 13:19]
2008-10-10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A41D1FC8-2A4B-4DBD-8205-49472C823A79}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 04:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 08:01:59
Windows 5.1.2600 Service Pack 3, v.3311 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-11 8:02:31
Pre-Run: 131,701,362,688 bytes free
Post-Run: 131,687,690,240 bytes free
388 --- E O F --- 2008-09-09 20:52:21
I am posting to let you know that my AVG scans are taking longer to scan, even thought there isn't a change. My computer also rebooted again today without my consent.
I will also be away from Monday to Thursday; so if you reply I will respond on Thursday.
I look forward to your reply.:)