View Full Version : Lagging, slow refresh rate, IE problems with Advanced Searchbar
xanderman
2009-03-25, 19:59
First, thank you everybody working hard here to help users like me, I hope I can repay the favor some time.
IE7 crashing, hanging, not closing, multiple instances running in background, general lag and hang after closing IE7. When all iexplore.exe processes closed running a bit better, some lag, i.e., when closing a window it slowly wipes down the screen, 2-3s to close and refresh desktop.
Upgraded to IE8, same problem, works alright with no addons, identified Advanced searchbar as possible cause, uninstalled, IE8 running OK but there is a persistent problem with lag in Windows explorer, any window takes a few seconds to close before the desktop is in view.
The system process in Task manager is always at the top with 98 or 99%, but I see quite a few entries not listed in TM when using HJT, and I don't know what many of them are...
MS Win XP Home SP3 with all patches, security updates and fixes
on a Dell Inspiron I6000, 1.6GHz CPU, 100GB HDD, 1GB RAM
Previously running Spybot SD 1.6.2, AVG Free 8
AVG/Spybot and many other programs removed in an attempt to identify abberrant processes, currently downloading latest versons for reinstall.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:09 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97513C4A-742D-4B07-8EFC-CF464046B146} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} (AgendiZe.AgendiZeAgent) - http://o1.agendize.com/w1/inserter/AgendiZe.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cedarsalvage.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118116648429
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136480169312
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F87F4892-FA08-4C53-927E-FAAE993791C7}: NameServer = 208.67.222.222,75.154.133.68
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: wvussqn - wvussqn.dll (file missing)
O20 - Winlogon Notify: __c00852D2 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - Unknown owner - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: WinIP - Unknown owner - C:\Program Files\Algenta\WinIP 4\WinIPservice.exe (file missing)
--
End of file - 11748 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
xanderman
2009-03-28, 02:54
DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 18:43:15.53 on Fri 03/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.301 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uSearch Page =
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Quero: {a411d7f4-8d11-43ef-bde4-aa921666388a} - c:\progra~1\querot~1\Quero.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Auto EPSON Stylus Photo R220 Series on RABBIT] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p45 "auto epson stylus photo r220 series on rabbit" /o17 "\\rabbit\EPSONSty" /M "Stylus Photo R220"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WheelMouse] c:\progra~1\a4tech\mouse\Amoumain.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton goback\GBTray.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-system: NoColorChoice = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intel.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118116648429
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136480169312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: wvussqn - wvussqn.dll
AppInit_DLLs: c:\windows\system32\wmfhotfix.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 c:\\windows\\system32\\vtutq
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-25 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 107912]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-3-4 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\hhvcdv7sys\VC7SecS.exe [2006-3-4 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-3-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-6-9 11776]
S3 IEGP;IEGP;c:\windows\system32\drivers\igmap.sys --> c:\windows\system32\drivers\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlannds.sys --> c:\windows\system32\drivers\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-7-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
=============== Created Last 30 ================
2009-03-25 17:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-25 16:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-25 16:58 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-25 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-25 16:52 <DIR> --d----- c:\docume~1\david\applic~1\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-03-25 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-25 11:16 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 10:49 <DIR> --d----- c:\documents and settings\david\Bluetooth Software
2009-03-25 10:08 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 10:08 <DIR> --d----- c:\program files\Motorola
2009-03-25 10:08 984,832 a------- c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-03-25 09:53 <DIR> --d----- c:\program files\Realtek AC97
2009-03-25 09:53 315,392 a------- c:\windows\alcupd.exe
2009-03-25 09:53 217,088 a------- c:\windows\alcrmv.exe
2009-03-25 09:38 <DIR> --d----- c:\program files\A4Tech
2009-03-25 09:38 389,120 a------- c:\windows\system32\Amsample.dll
2009-03-25 09:38 86,016 a------- c:\windows\system32\Amoures.dll
2009-03-25 09:38 36,864 a------- c:\windows\system32\Amhooker.dll
2009-03-25 09:38 10,240 a------- c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 9,984 a------- c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 7,424 a------- c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 5,120 a------- c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 534,440 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 <DIR> --d----- c:\program files\WIDCOMM
2009-03-25 09:16 <DIR> --d----- c:\program files\Unibrain
2009-03-25 09:15 <DIR> --d----- c:\program files\Intel Desktop Board
2009-03-25 09:14 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 <DIR> --dsh--- c:\documents and settings\david\IECompatCache
2009-03-24 18:56 <DIR> --dsh--- c:\documents and settings\david\PrivacIE
2009-03-24 18:52 <DIR> --dsh--- c:\documents and settings\david\IETldCache
2009-03-24 18:48 <DIR> --d----- c:\windows\ie8updates
2009-03-24 18:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-24 18:41 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:00 <DIR> --d----- C:\d9af3cde6c7ee023e2d2
2009-03-22 13:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-02-26 13:51 <DIR> --d----- c:\windows\system32\Adobe
==================== Find3M ====================
2009-03-22 13:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 17:32 6,889 a------- c:\windows\mozver.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-12 23:24 117,996 a------- c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 134,144 -------- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 18:20 1,497,088 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 18:20 1,022,976 -------- c:\windows\system32\dllcache\browseui.dll
2009-01-07 18:20 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2007-03-18 14:42 191 a------- c:\documents and settings\david\dir.dat
2007-03-10 08:32 988,263 a------- c:\documents and settings\david\root.zip
2007-01-29 14:11 61,440 a------- c:\documents and settings\david\JavaInstall.exe
2006-04-03 12:40 774,144 a------- c:\program files\RngInterstitial.dll
2005-07-02 19:30 1,295,582 a------- c:\documents and settings\david\cygwin1.dll
2003-08-09 02:32 108,544 a------- c:\documents and settings\david\unzip.exe
1998-08-24 12:09 10,000 a------- c:\windows\inf\unregpn.exe
2008-08-21 16:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat
============= FINISH: 18:43:36.96 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2005 6:10:18 PM
System Uptime: 3/27/2009 3:40:50 PM (3 hours ago)
Motherboard: Dell Inc. | | 0W9260
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 93 GiB total, 27.301 GiB free.
D: is CDROM ()
E: is CDROM ()
Z: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Service: w29n51
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: System speaker
Device ID: ACPI\PNP0800\4&15F2F7D1&0
Manufacturer: (Standard system devices)
Name: System speaker
PNP Device ID: ACPI\PNP0800\4&15F2F7D1&0
Service:
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7 Wonders
A4Tech iWheelWorks 7.64
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS
Adobe Reader 9.1
AI RoboForm (All Users)
ALPS Touch Pad Driver
Animated GIF producer 3.3 TRIAL
AnyDVD
Arcalands (remove only)
AVG 8.5
BitPim 0.9.11
Blue's Reading Time Activities
Bob the Builder
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Cabela's Dangerous Hunts
CCleaner (remove only)
CDDRV_Installer
Cleanse Uninstaller Pro 2008
Conexant D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Digital Line Detect
Direct Show Ogg Vorbis Filter (remove only)
Dream Aquarium
Driver Detective
e-Sword
FaxTools
Feeding Frenzy
Feeding Frenzy 2 1.0
FileTransferDriver
FUJIFILM USB Driver
Google Earth
Guitar Pro 5.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hunting Unlimited 4 1.0
Indeo® Software
Intel(R) Graphics Media Accelerator Driver for Mobile
ISA 2 basic
ISA 2.0 - CLV module 1.1.5
ISA 2.0 - YLT module 1.1.2
Java(TM) 6 Update 12
KaraFun Studio 1.18
Karaoke CD+G Creator Pro
KhalInstallWrapper
Logitech Gaming Software
Logitech SetPoint
MediaDirect
Memory-Map Navigator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Minilyrics(remove only)
Motorola SM56 Speakerphone Modem
MSXML 6.0 Parser (KB933579)
Nero 7 Demo
NetWaiting
Nobeltec Visual Series
Norton GoBack 4.02 (Symantec Corporation)
O&O Defrag Professional Edition
OLYMPUS Master 2
ParetoLogic Privacy Controls
PC CAM 300A
Plus! MP3 Audio Converter LE
Power CD+G Burner
PowerDVD 5.6
QPST
Quero Toolbar 3.1
RAW FILE CONVERTER LE
Recover My Files
RegCure 1.5.2.7
Remove Outlook Express
Resco Explorer
Security Configuration Manager
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Spybot - Search & Destroy
Stedman's Medical Dictionary for the Health Professions and Nursing 1.0
SyncToy
Turbo Lister 2
TweakNow RegCleaner Standard
ubCore
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtual CD v7
VividLyrics 2.5.2
Watchtower Library 2007 - English
Water Bugs (remove only)
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows WMF Metafile Vulnerability HotFix 1.4
Windows XP Service Pack 3
WinRAR archiver
XviD 1.1 final uninstall
==== Event Viewer Messages From Past Week ========
3/22/2009 2:17:29 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/22/2009 2:03:37 PM, error: Service Control Manager [7000] - The OpenDNS Updater service failed to start due to the following error: The system cannot find the file specified.
3/22/2009 1:54:18 PM, error: SideBySide [36] - The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.
3/24/2009 6:52:36 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/25/2009 7:01:58 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
3/25/2009 6:09:09 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
3/27/2009 6:35:02 AM, error: Service Control Manager [7022] - The InCD Helper service hung on starting.
3/22/2009 2:07:14 PM, information: Windows File Protection [64005] - The protected system file msimn.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is David. The file version of the bad file is unknown.
3/22/2009 2:07:14 PM, information: Windows File Protection [64005] - The protected system file msoert2.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is David. The file version of the bad file is unknown.
3/22/2009 2:07:14 PM, information: Windows File Protection [64005] - The protected system file msoeacct.dll was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is David. The file version of the bad file is unknown.
==== End Of File ===========================
The last couple errors reported were from uninstalling Outlook Express, which has been reinstalled to see if the renamed dlls were responsible for the poor system performance. (msoertt2.dll was manually renamed to restore it, to fix outlook after uninstalling outlook express..., others renamed *.old by program "remove outlook express" and restored automatically by the same, to *.dll)
Hi again :)
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
xanderman
2009-03-28, 16:09
ComboFix 09-03-27.02 - David 2009-03-28 7:34:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\emMON.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PCIDump
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d-------- c:\program files\Uniblue
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 18:06 . 2009-03-25 18:06 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 17:56 . 2009-03-25 18:14 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 16:58 . 2009-03-26 18:27 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 16:58 . 2009-03-28 07:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-25 16:58 . 2009-03-25 16:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 . 2009-03-25 16:58 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 . 2009-03-25 16:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\David\Application Data\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-25 16:51 . 2009-03-25 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-25 16:32 . 2009-03-25 16:42 <DIR> d-------- c:\program files\RegCure
2009-03-25 11:16 . 2009-03-25 11:16 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 10:49 . 2009-03-25 10:49 <DIR> d-------- c:\documents and settings\David\Bluetooth Software
2009-03-25 10:08 . 2009-03-25 10:08 <DIR> d-------- c:\program files\Motorola
2009-03-25 10:08 . 2007-01-29 18:26 984,832 --a------ c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 . 2007-01-29 18:22 196,608 --a------ c:\windows\system32\sm56co6a.dll
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 09:53 . 2009-03-25 10:01 <DIR> d-------- c:\program files\Realtek AC97
2009-03-25 09:53 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-25 09:53 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2009-03-25 09:38 . 2009-03-25 10:20 <DIR> d-------- c:\program files\A4Tech
2009-03-25 09:38 . 2004-08-25 17:46 389,120 --a------ c:\windows\system32\Amsample.dll
2009-03-25 09:38 . 2004-08-25 17:29 86,016 --a------ c:\windows\system32\Amoures.dll
2009-03-25 09:38 . 2004-08-25 17:29 36,864 --a------ c:\windows\system32\Amhooker.dll
2009-03-25 09:38 . 2004-08-25 17:09 10,240 --a------ c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 . 2004-08-25 17:09 9,984 --a------ c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 . 2004-08-25 17:09 7,424 --a------ c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 . 2004-08-25 17:09 5,120 --a------ c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 . 2008-04-15 04:13 534,440 --a------ c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 . 2007-09-20 04:59 156,392 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 . 2008-03-27 03:17 89,896 --a------ c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 . 2008-02-04 10:57 37,160 --a------ c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 . 2009-03-25 09:30 <DIR> d-------- c:\program files\WIDCOMM
2009-03-25 09:16 . 2009-03-25 09:16 <DIR> d-------- c:\program files\Unibrain
2009-03-25 09:15 . 2009-03-25 09:15 <DIR> d-------- c:\program files\Intel Desktop Board
2009-03-25 09:14 . 2007-02-12 12:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 . 2009-03-25 07:29 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 . 2009-03-24 19:07 <DIR> d--hs---- c:\documents and settings\David\IECompatCache
2009-03-24 18:56 . 2009-03-24 18:56 <DIR> d--hs---- c:\documents and settings\David\PrivacIE
2009-03-24 18:52 . 2009-03-24 18:52 <DIR> d--hs---- c:\documents and settings\David\IETldCache
2009-03-24 18:48 . 2009-03-24 18:48 <DIR> d-------- c:\windows\ie8updates
2009-03-24 18:47 . 2009-03-24 18:47 <DIR> d--h-c--- c:\windows\ie8
2009-03-24 18:41 . 2009-02-27 21:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 . 2009-01-09 12:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:02 . 2009-03-22 15:02 <DIR> d-------- c:\program files\MSBuild
2009-03-22 15:00 . 2009-03-22 15:01 <DIR> d-------- C:\d9af3cde6c7ee023e2d2
2009-03-22 14:37 . 2009-03-22 14:37 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-22 13:50 . 2009-03-22 13:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-22 13:49 . 2009-03-22 13:49 <DIR> d-------- c:\program files\Java
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 01:56 --------- d-----w c:\documents and settings\David\Application Data\Uniblue
2009-03-28 01:25 --------- d-----w c:\program files\Any Audio Converter
2009-03-27 12:56 --------- d-----w c:\program files\LimeWire
2009-03-27 12:56 --------- d-----w c:\program files\eMule
2009-03-27 12:54 --------- d-----w c:\documents and settings\David\Application Data\LimeWire
2009-03-26 01:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 16:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 14:25 --------- d-----w c:\program files\Microsoft
2009-03-25 14:14 --------- d-----w c:\program files\Dream Aquarium
2009-03-22 22:08 --------- d-----w c:\program files\NOS
2009-03-22 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-22 20:59 --------- d-----w c:\program files\FutureTax NETFILE 2008
2009-03-22 20:45 --------- d-----w c:\program files\Siber Systems
2009-03-21 22:51 --------- d-----w c:\program files\Windows Desktop Search
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-02-28 13:47 --------- d-----w c:\program files\MSECache
2009-02-26 11:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 14:30 --------- d-----w c:\program files\mozilla.org
2009-02-18 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\1472
2009-02-07 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\1C33C
2009-02-03 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\382AF
2009-01-13 06:24 117,996 ----a-w c:\windows\Remove Outlook Express Uninstaller.exe
2007-03-18 21:42 191 ----a-w c:\documents and settings\David\dir.dat
2007-03-10 15:32 988,263 ----a-w c:\documents and settings\David\root.zip
2007-01-29 21:11 61,440 ----a-w c:\documents and settings\David\JavaInstall.exe
2006-04-03 19:40 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-07-03 02:30 1,295,582 ----a-w c:\documents and settings\David\cygwin1.dll
2003-08-09 09:32 108,544 ----a-w c:\documents and settings\David\unzip.exe
2008-08-21 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-21 1369288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R220 Series on RABBIT"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-10-20 871936]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-09-01 147456]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-10 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Norton GoBack.lnk - c:\program files\Norton GoBack\GBTray.exe [2004-12-21 804480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wmfhotfix.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"WinIP"=3 (0x3)
"OpenDNS Updater.exe"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft ActiveSync\\WMP10_Update.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\50\\bin\\TCPTEST.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Documents and Settings\\David\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"990:TCP"= 990:TCP:bluetooth inbound TCP
"999:TCP"= 999:TCP:BT inbound TCP
"5678:TCP"= 5678:TCP:BT IB TCP
"5721:UDP"= 5721:UDP:INBOUND TCP BT
"5679:UDP"= 5679:UDP:BT outbound UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 107912]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-03-04 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-07-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\HHVcdV7Sys\VC7SecS.exe [2006-03-04 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-03-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-07-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-06-09 11776]
S3 IEGP;IEGP;c:\windows\system32\DRIVERS\igmap.sys --> c:\windows\system32\DRIVERS\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-07-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-27 c:\windows\Tasks\ParetoLogic Privacy Controls_{F152D62C-1997-11DE-97A5-00123FD0C5BB}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 11:29]
2009-03-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
2009-03-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
2009-03-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2009-03-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2007-01-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Notify-IntelWireless - (no file)
Notify-wvussqn - wvussqn.dll
Notify-__c00852D2 - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intel.com\www
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 07:39:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3617735250-3398334271-505246713-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a2,29,d9,aa,bd,
6c,01,86,e2,63,26,f1,3f,c8,ff,68,71,6e,f9,24,51,7c,ac,a1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,c3,bb,16,89,
d9,68,8c,6a,9c,d6,61,af,45,84,18,22,92,9a,36,ba,8b,c4,4c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e9,cf,5c,c1,a3,
b0,12,f9,ff,7c,85,e0,43,d4,0e,fe,0b,01,48,57,fa,49,5a,a0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f0,9b,25,30,c9,
ef,ca,b0,86,8c,21,01,be,91,eb,e7,2b,aa,29,50,6c,c3,0a,b5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6d,22,86,41,5d,
ed,dd,15,f5,1d,4d,73,a8,13,5c,05,96,2e,2e,1b,a7,85,aa,43,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,09,4c,7e,fc,92,
98,50,b3,df,20,58,62,78,6b,cf,c8,fb,bb,7a,d7,eb,f5,fa,e2,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,86,e4,23,e0,91,
82,6a,be,fb,a7,78,e6,12,2f,9a,ea,e5,33,12,42,af,aa,09,39,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f3,f6,99,08,98,
1c,3c,0f,01,3a,48,fc,e8,04,4a,f1,e0,30,7e,a0,b2,a6,41,a1,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,17,f6,34,be,
dd,d0,01,f6,0f,4e,58,98,5b,89,c9,2c,10,24,99,98,8f,43,29,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,b3,24,f2,29,
c4,7f,41,3d,ce,ea,26,2d,45,aa,78,67,a2,d4,c3,9c,72,41,7f,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,85,b1,d0,c4,37,
4c,c5,cd,2a,b7,cc,b5,b9,7f,41,e7,d4,11,1a,4e,d9,2a,82,64,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d2,44,bb,2e,6d,
29,36,86,6c,43,2d,1e,aa,22,2f,9c,76,06,9a,af,1b,7a,90,7a,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E1DB375E33B0859BDCFBDF089327443DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A2D97226D213B5554D8616B33713943F3AEB5A86DBBB7C5EBDFAB6E4BDA29D13165E64F00523E30FBF614E873653212668044F0DD49EB1DC3CA23AC550F97089F72D3AC2C79A7A8B596D7ED71B4A470AD05C33ABC7C307C60C0BD5CC9AA2DD83D115C863B2DD636FA5AAC461505D783042271658F310ED6C6335264A512275775D87D89A0EB5E8FA031C3A85D2345DC0E196F82C2CAC89004B27B8AEBBC276C0A7FA2453B42A09D324C9E3C8B3BA51CA286653E65707B2179F6A9192B493D720926B5E21190E76000FBEC1D39821E2BFDDD08DEA6DCFF62C110D28B02B65433754D728B3BDF198EC1F8BC275B9DBD6F3A51685BBFD7C951E24A06568A24E160F76C09BE43BAC096C04C2CC9BE5A22321F2FC0E04AB46032FB23AAA3BB2A9E091572F4330BE5B16B13FFCB95DFC71F5E48B4DED92AC296806E8744AD10715690F28AB20B507DCC3D32955D5F1F589ABC00DD2DD584A68232CC7EB8AF45E72A93A6FC6A63A6AD247D1E9EB61B8D8EE5A99675F0C6CE4074290A3C227950C684F2B05123EA34FA50B0B836413304268483A5DC61B07EBCF8A06261FCFC5F661BC5D98244200B27F2FC146E592FDE403F0CD86622108E7CF7543CAA8253C9A8A8530AB9704FC25D08322591DFC6B850F84E6500E27EE71572FE0E210C05386D57466938CC6F04BCC1236B73863657DA0E5FBF82BAC64B8FB18DE9384AC8BDD7A86A7792342515BE812EEB1EBCB7CBA0FAC64949EA2B0FD96C39F563DE70758F2ED7FDC0524BBA4E0F3A067EF2EE53D77A5DF8B50EEC01AC4FB6976F2E50C40FB8E5D0E5A8AEF05B4D983D1FEF8F99ABACE0E982C6CA8F467BCE416E38C8675980594B3520A51F1A799B4BAD80CB57CFADBF3CCA4E89D8DA3372328D0B7846B8E9B5CC620ABE772BF3FB44142BBBA20A0357C0BADA5F8F5E24F15F680B63A29E8D5501679695FA44987665882D14E575A75740B40D8B855521D911F3C4CFC4A75E770429B36883752671345E40C5785156C0D59572E7F65E2EED11151AEC77D453C1F41C1F2D56FAE0268A4399AE3A6081D5CD3F5C112F34943F512908A3B07AEF025DDB1F960A5F5B4746453A226C5A8C0DAB19F27DB647FCF00B9D17D18BC4E56AB35AE1663C5828DADC78ABD700534416677DCE1692CC1FBD5756D1B470B7EF144B986073F50F24D6AE5B9F73E1A2BBF40823A6E6C5512E5C28741EAD1EFE47E613086037858AC6C69A7C1D2A9CCD10E8D82483BBC7F35DCF3022FE6E7016468D93280AF35085495C94E864476FC2F3458FA9D28D15B3466FBCF9C7E5C63AA516AAECCA9439AD62510"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Norton GoBack\GBPoll.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-28 7:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-28 14:43:41
Pre-Run: 29,035,917,312 bytes free
Post-Run: 28,953,403,392 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
366 --- E O F --- 2009-03-25 17:00:18
The program was reporting AVG free as running, I can not get it to stop, used task manager to end process avgrsx.exe, will not stop, used avg ui to disable resident shield, restart, still running, uncheck avg in msconfig startup and services, restart, still reports it as running, uninstalled and restart, still reports as running
Uninstall failed, error on uninstall and reinstall, can not remove AVG free 8.5.
Maually edited registry to remove all keys associated with AVG and ran this program.
xanderman
2009-03-28, 16:28
OK, after manually deleting the registry keys for AVG I was able to install AVG Free 8.5.258; AVG, Spybot and Windows Firewall are all back up and running now.
Problem with AVG was probably from 'Registry Booster' "fixing" the registry.
(which also did not boost performance)
Problem with lag remains, slow response on opening and choppy closing of windows, when dragging windows trails displayed for a long time after dropping, just general slow graphics.
Unable to find any newer graphics accelerator drivers etc... up to date.
Hi
Have you defragged hard drive(s) lately?
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\program files\LimeWire
c:\program files\eMule
c:\documents and settings\David\Application Data\LimeWire
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
xanderman
2009-03-28, 18:15
ComboFix 09-03-27.02 - David 2009-03-28 9:16:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.484 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David\Application Data\LimeWire
c:\documents and settings\David\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\David\Application Data\LimeWire\410splashpro.png
c:\documents and settings\David\Application Data\LimeWire\414splashpro.png
c:\documents and settings\David\Application Data\LimeWire\active.mojito
c:\documents and settings\David\Application Data\LimeWire\createtimes.cache
c:\documents and settings\David\Application Data\LimeWire\fileurns.cache
c:\documents and settings\David\Application Data\LimeWire\filters.props
c:\documents and settings\David\Application Data\LimeWire\gnutella.net
c:\documents and settings\David\Application Data\LimeWire\installation.props
c:\documents and settings\David\Application Data\LimeWire\library.dat
c:\documents and settings\David\Application Data\LimeWire\limewire.props
c:\documents and settings\David\Application Data\LimeWire\mojito.props
c:\documents and settings\David\Application Data\LimeWire\passive.mojito
c:\documents and settings\David\Application Data\LimeWire\pub1.key
c:\documents and settings\David\Application Data\LimeWire\public.key
c:\documents and settings\David\Application Data\LimeWire\questions.props
c:\documents and settings\David\Application Data\LimeWire\responses.cache
c:\documents and settings\David\Application Data\LimeWire\simpp.xml
c:\documents and settings\David\Application Data\LimeWire\spam.dat
c:\documents and settings\David\Application Data\LimeWire\tables.props
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\splashpro.png
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\version.txt
c:\documents and settings\David\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\David\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\David\Application Data\LimeWire\ttree.cache
c:\documents and settings\David\Application Data\LimeWire\update.xml
c:\documents and settings\David\Application Data\LimeWire\version.key
c:\documents and settings\David\Application Data\LimeWire\version.xml
c:\documents and settings\David\Application Data\LimeWire\xml\data\application.sxml
c:\documents and settings\David\Application Data\LimeWire\xml\data\audio.sxml
c:\documents and settings\David\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\David\Application Data\LimeWire\xml\data\image.sxml
c:\documents and settings\David\Application Data\LimeWire\xml\data\video.sxml
c:\documents and settings\David\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\David\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\David\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\David\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\David\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\David\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\David\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\David\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\David\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\David\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\eMule
c:\program files\eMule\Temp\007.part.met
c:\program files\eMule\Temp\011.part
c:\program files\eMule\Temp\011.part.met
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid1832.log
c:\program files\LimeWire\hs_err_pid2472.log
c:\program files\LimeWire\hs_err_pid2848.log
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d-------- c:\program files\Uniblue
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 18:06 . 2009-03-25 18:06 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 17:56 . 2009-03-25 18:14 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 16:58 . 2009-03-28 08:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 16:58 . 2009-03-28 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-25 16:58 . 2009-03-25 16:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 . 2009-03-28 08:12 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 . 2009-03-25 16:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\David\Application Data\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-25 16:51 . 2009-03-25 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-25 16:32 . 2009-03-25 16:42 <DIR> d-------- c:\program files\RegCure
2009-03-25 11:16 . 2009-03-25 11:16 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 10:49 . 2009-03-25 10:49 <DIR> d-------- c:\documents and settings\David\Bluetooth Software
2009-03-25 10:08 . 2009-03-25 10:08 <DIR> d-------- c:\program files\Motorola
2009-03-25 10:08 . 2007-01-29 18:26 984,832 --a------ c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 . 2007-01-29 18:22 196,608 --a------ c:\windows\system32\sm56co6a.dll
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 09:53 . 2009-03-25 10:01 <DIR> d-------- c:\program files\Realtek AC97
2009-03-25 09:53 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-25 09:53 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2009-03-25 09:38 . 2009-03-25 10:20 <DIR> d-------- c:\program files\A4Tech
2009-03-25 09:38 . 2004-08-25 17:46 389,120 --a------ c:\windows\system32\Amsample.dll
2009-03-25 09:38 . 2004-08-25 17:29 86,016 --a------ c:\windows\system32\Amoures.dll
2009-03-25 09:38 . 2004-08-25 17:29 36,864 --a------ c:\windows\system32\Amhooker.dll
2009-03-25 09:38 . 2004-08-25 17:09 10,240 --a------ c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 . 2004-08-25 17:09 9,984 --a------ c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 . 2004-08-25 17:09 7,424 --a------ c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 . 2004-08-25 17:09 5,120 --a------ c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 . 2008-04-15 04:13 534,440 --a------ c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 . 2007-09-20 04:59 156,392 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 . 2008-03-27 03:17 89,896 --a------ c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 . 2008-02-04 10:57 37,160 --a------ c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 . 2009-03-25 09:30 <DIR> d-------- c:\program files\WIDCOMM
2009-03-25 09:16 . 2009-03-25 09:16 <DIR> d-------- c:\program files\Unibrain
2009-03-25 09:15 . 2009-03-25 09:15 <DIR> d-------- c:\program files\Intel Desktop Board
2009-03-25 09:14 . 2007-02-12 12:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 . 2009-03-25 07:29 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 . 2009-03-24 19:07 <DIR> d--hs---- c:\documents and settings\David\IECompatCache
2009-03-24 18:56 . 2009-03-24 18:56 <DIR> d--hs---- c:\documents and settings\David\PrivacIE
2009-03-24 18:52 . 2009-03-24 18:52 <DIR> d--hs---- c:\documents and settings\David\IETldCache
2009-03-24 18:48 . 2009-03-24 18:48 <DIR> d-------- c:\windows\ie8updates
2009-03-24 18:47 . 2009-03-24 18:47 <DIR> d--h-c--- c:\windows\ie8
2009-03-24 18:41 . 2009-02-27 21:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 . 2009-01-09 12:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:02 . 2009-03-22 15:02 <DIR> d-------- c:\program files\MSBuild
2009-03-22 15:00 . 2009-03-22 15:01 <DIR> d-------- C:\d9af3cde6c7ee023e2d2
2009-03-22 14:37 . 2009-03-22 14:37 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-22 13:50 . 2009-03-22 13:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-22 13:49 . 2009-03-22 13:49 <DIR> d-------- c:\program files\Java
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 01:56 --------- d-----w c:\documents and settings\David\Application Data\Uniblue
2009-03-28 01:25 --------- d-----w c:\program files\Any Audio Converter
2009-03-26 01:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 16:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 14:25 --------- d-----w c:\program files\Microsoft
2009-03-25 14:14 --------- d-----w c:\program files\Dream Aquarium
2009-03-22 22:08 --------- d-----w c:\program files\NOS
2009-03-22 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-22 20:59 --------- d-----w c:\program files\FutureTax NETFILE 2008
2009-03-22 20:49 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 20:45 --------- d-----w c:\program files\Siber Systems
2009-03-21 22:51 --------- d-----w c:\program files\Windows Desktop Search
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 21:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 21:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 11:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 11:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 11:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 11:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 11:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 11:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 11:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 11:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 11:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 11:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 11:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 11:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 11:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 11:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 11:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 11:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 11:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 11:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 11:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 11:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 11:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 13:47 --------- d-----w c:\program files\MSECache
2009-02-26 11:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 14:30 --------- d-----w c:\program files\mozilla.org
2009-02-18 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\1472
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\1C33C
2009-02-03 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\382AF
2009-01-13 06:24 117,996 ----a-w c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-08 01:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-08 01:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 01:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
2007-03-18 21:42 191 ----a-w c:\documents and settings\David\dir.dat
2007-03-10 15:32 988,263 ----a-w c:\documents and settings\David\root.zip
2007-01-29 21:11 61,440 ----a-w c:\documents and settings\David\JavaInstall.exe
2006-04-03 19:40 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-07-03 02:30 1,295,582 ----a-w c:\documents and settings\David\cygwin1.dll
2003-08-09 09:32 108,544 ----a-w c:\documents and settings\David\unzip.exe
1998-08-24 19:09 10,000 ----a-w c:\windows\inf\unregpn.exe
2008-08-21 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-28_ 7.42.18.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-28 15:14:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-21 1369288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R220 Series on RABBIT"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-10-20 871936]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-09-01 147456]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-10 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Norton GoBack.lnk - c:\program files\Norton GoBack\GBTray.exe [2004-12-21 804480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 16:58 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00852D2]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wmfhotfix.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"WinIP"=3 (0x3)
"OpenDNS Updater.exe"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft ActiveSync\\WMP10_Update.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\50\\bin\\TCPTEST.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Documents and Settings\\David\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"990:TCP"= 990:TCP:bluetooth inbound TCP
"999:TCP"= 999:TCP:BT inbound TCP
"5678:TCP"= 5678:TCP:BT IB TCP
"5721:UDP"= 5721:UDP:INBOUND TCP BT
"5679:UDP"= 5679:UDP:BT outbound UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-03-04 76672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-07-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\HHVcdV7Sys\VC7SecS.exe [2006-03-04 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-03-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-07-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-06-09 11776]
S3 IEGP;IEGP;c:\windows\system32\DRIVERS\igmap.sys --> c:\windows\system32\DRIVERS\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-07-23 93450]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-27 c:\windows\Tasks\ParetoLogic Privacy Controls_{F152D62C-1997-11DE-97A5-00123FD0C5BB}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 11:29]
2009-03-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
2009-03-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
2009-03-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2009-03-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2007-01-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intel.com\www
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 09:19:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3617735250-3398334271-505246713-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a2,29,d9,aa,bd,
6c,01,86,e2,63,26,f1,3f,c8,ff,68,71,6e,f9,24,51,7c,ac,a1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,c3,bb,16,89,
d9,68,8c,6a,9c,d6,61,af,45,84,18,22,92,9a,36,ba,8b,c4,4c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e9,cf,5c,c1,a3,
b0,12,f9,ff,7c,85,e0,43,d4,0e,fe,0b,01,48,57,fa,49,5a,a0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f0,9b,25,30,c9,
ef,ca,b0,86,8c,21,01,be,91,eb,e7,2b,aa,29,50,6c,c3,0a,b5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6d,22,86,41,5d,
ed,dd,15,f5,1d,4d,73,a8,13,5c,05,96,2e,2e,1b,a7,85,aa,43,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,09,4c,7e,fc,92,
98,50,b3,df,20,58,62,78,6b,cf,c8,fb,bb,7a,d7,eb,f5,fa,e2,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,86,e4,23,e0,91,
82,6a,be,fb,a7,78,e6,12,2f,9a,ea,e5,33,12,42,af,aa,09,39,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f3,f6,99,08,98,
1c,3c,0f,01,3a,48,fc,e8,04,4a,f1,e0,30,7e,a0,b2,a6,41,a1,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,17,f6,34,be,
dd,d0,01,f6,0f,4e,58,98,5b,89,c9,2c,10,24,99,98,8f,43,29,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,b3,24,f2,29,
c4,7f,41,3d,ce,ea,26,2d,45,aa,78,67,a2,d4,c3,9c,72,41,7f,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,85,b1,d0,c4,37,
4c,c5,cd,2a,b7,cc,b5,b9,7f,41,e7,d4,11,1a,4e,d9,2a,82,64,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d2,44,bb,2e,6d,
29,36,86,6c,43,2d,1e,aa,22,2f,9c,76,06,9a,af,1b,7a,90,7a,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E1DB375E33B0859BDCFBDF089327443DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A2D97226D213B5554D8616B33713943F3AEB5A86DBBB7C5EBDFAB6E4BDA29D13165E64F00523E30FBF614E873653212668044F0DD49EB1DC3CA23AC550F97089F72D3AC2C79A7A8B596D7ED71B4A470AD05C33ABC7C307C60C0BD5CC9AA2DD83D115C863B2DD636FA5AAC461505D783042271658F310ED6C6335264A512275775D87D89A0EB5E8FA031C3A85D2345DC0E196F82C2CAC89004B27B8AEBBC276C0A7FA2453B42A09D324C9E3C8B3BA51CA286653E65707B2179F6A9192B493D720926B5E21190E76000FBEC1D39821E2BFDDD08DEA6DCFF62C110D28B02B65433754D728B3BDF198EC1F8BC275B9DBD6F3A51685BBFD7C951E24A06568A24E160F76C09BE43BAC096C04C2CC9BE5A22321F2FC0E04AB46032FB23AAA3BB2A9E091572F4330BE5B16B13FFCB95DFC71F5E48B4DED92AC296806E8744AD10715690F28AB20B507DCC3D32955D5F1F589ABC00DD2DD584A68232CC7EB8AF45E72A93A6FC6A63A6AD247D1E9EB61B8D8EE5A99675F0C6CE4074290A3C227950C684F2B05123EA34FA50B0B836413304268483A5DC61B07EBCF8A06261FCFC5F661BC5D98244200B27F2FC146E592FDE403F0CD86622108E7CF7543CAA8253C9A8A8530AB9704FC25D08322591DFC6B850F84E6500E27EE71572FE0E210C05386D57466938CC6F04BCC1236B73863657DA0E5FBF82BAC64B8FB18DE9384AC8BDD7A86A7792342515BE812EEB1EBCB7CBA0FAC64949EA2B0FD96C39F563DE70758F2ED7FDC0524BBA4E0F3A067EF2EE53D77A5DF8B50EEC01AC4FB6976F2E50C40FB8E5D0E5A8AEF05B4D983D1FEF8F99ABACE0E982C6CA8F467BCE416E38C8675980594B3520A51F1A799B4BAD80CB57CFADBF3CCA4E89D8DA3372328D0B7846B8E9B5CC620ABE772BF3FB44142BBBA20A0357C0BADA5F8F5E24F15F680B63A29E8D5501679695FA44987665882D14E575A75740B40D8B855521D911F3C4CFC4A75E770429B36883752671345E40C5785156C0D59572E7F65E2EED11151AEC77D453C1F41C1F2D56FAE0268A4399AE3A6081D5CD3F5C112F34943F512908A3B07AEF025DDB1F960A5F5B4746453A226C5A8C0DAB19F27DB647FCF00B9D17D18BC4E56AB35AE1663C5828DADC78ABD700534416677DCE1692CC1FBD5756D1B470B7EF144B986073F50F24D6AE5B9F73E1A2BBF40823A6E6C5512E5C28741EAD1EFE47E613086037858AC6C69A7C1D2A9CCD10E8D82483BBC7F35DCF3022FE6E7016468D93280AF35085495C94E864476FC2F3458FA9D28D15B3466FBCF9C7E5C63AA516AAECCA9439AD62510"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\wmfhotfix.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\wmfhotfix.dll
.
Completion time: 2009-03-28 9:21:22
ComboFix-quarantined-files.txt 2009-03-28 16:21:14
ComboFix2.txt 2009-03-28 14:43:45
Pre-Run: 28,770,885,632 bytes free
Post-Run: 28,755,529,728 bytes free
615 --- E O F --- 2009-03-25 17:00:18
xanderman
2009-03-28, 23:34
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 28, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 28, 2009 17:59:24
Records in database: 1981585
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Z:\
Scan statistics:
Files scanned: 99320
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:20:37
File name / Threat name / Threats count
C:\Documents and Settings\David\My Documents\My Music\so over it katherine macphee.snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\David\My Documents\My Received Files\karaoke spiderwebs no doubt[256k quality].snd Infected: Trojan-Downloader.WMA.GetCodec.s 1
The selected area was scanned.
ComboFix 09-03-27.02 - David 2009-03-28 15:22:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.653 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d-------- c:\program files\Uniblue
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 18:06 . 2009-03-25 18:06 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 17:56 . 2009-03-25 18:14 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 16:58 . 2009-03-28 08:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 16:58 . 2009-03-28 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-25 16:58 . 2009-03-25 16:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 . 2009-03-28 08:12 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 . 2009-03-25 16:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\David\Application Data\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-25 16:51 . 2009-03-25 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-25 16:32 . 2009-03-25 16:42 <DIR> d-------- c:\program files\RegCure
2009-03-25 11:16 . 2009-03-25 11:16 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 10:49 . 2009-03-25 10:49 <DIR> d-------- c:\documents and settings\David\Bluetooth Software
2009-03-25 10:08 . 2009-03-25 10:08 <DIR> d-------- c:\program files\Motorola
2009-03-25 10:08 . 2007-01-29 18:26 984,832 --a------ c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 . 2007-01-29 18:22 196,608 --a------ c:\windows\system32\sm56co6a.dll
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 09:53 . 2009-03-25 10:01 <DIR> d-------- c:\program files\Realtek AC97
2009-03-25 09:53 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-25 09:53 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2009-03-25 09:38 . 2009-03-25 10:20 <DIR> d-------- c:\program files\A4Tech
2009-03-25 09:38 . 2004-08-25 17:46 389,120 --a------ c:\windows\system32\Amsample.dll
2009-03-25 09:38 . 2004-08-25 17:29 86,016 --a------ c:\windows\system32\Amoures.dll
2009-03-25 09:38 . 2004-08-25 17:29 36,864 --a------ c:\windows\system32\Amhooker.dll
2009-03-25 09:38 . 2004-08-25 17:09 10,240 --a------ c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 . 2004-08-25 17:09 9,984 --a------ c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 . 2004-08-25 17:09 7,424 --a------ c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 . 2004-08-25 17:09 5,120 --a------ c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 . 2008-04-15 04:13 534,440 --a------ c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 . 2007-09-20 04:59 156,392 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 . 2008-03-27 03:17 89,896 --a------ c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 . 2008-02-04 10:57 37,160 --a------ c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 . 2009-03-25 09:30 <DIR> d-------- c:\program files\WIDCOMM
2009-03-25 09:16 . 2009-03-25 09:16 <DIR> d-------- c:\program files\Unibrain
2009-03-25 09:15 . 2009-03-25 09:15 <DIR> d-------- c:\program files\Intel Desktop Board
2009-03-25 09:14 . 2007-02-12 12:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 . 2009-03-25 07:29 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 . 2009-03-24 19:07 <DIR> d--hs---- c:\documents and settings\David\IECompatCache
2009-03-24 18:56 . 2009-03-24 18:56 <DIR> d--hs---- c:\documents and settings\David\PrivacIE
2009-03-24 18:52 . 2009-03-24 18:52 <DIR> d--hs---- c:\documents and settings\David\IETldCache
2009-03-24 18:48 . 2009-03-24 18:48 <DIR> d-------- c:\windows\ie8updates
2009-03-24 18:47 . 2009-03-24 18:47 <DIR> d--h-c--- c:\windows\ie8
2009-03-24 18:41 . 2009-02-27 21:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 . 2009-01-09 12:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:02 . 2009-03-22 15:02 <DIR> d-------- c:\program files\MSBuild
2009-03-22 15:00 . 2009-03-22 15:01 <DIR> d-------- C:\d9af3cde6c7ee023e2d2
2009-03-22 14:37 . 2009-03-22 14:37 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-22 13:50 . 2009-03-22 13:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-22 13:49 . 2009-03-22 13:49 <DIR> d-------- c:\program files\Java
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 01:56 --------- d-----w c:\documents and settings\David\Application Data\Uniblue
2009-03-28 01:25 --------- d-----w c:\program files\Any Audio Converter
2009-03-26 01:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 16:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 14:25 --------- d-----w c:\program files\Microsoft
2009-03-25 14:14 --------- d-----w c:\program files\Dream Aquarium
2009-03-22 22:08 --------- d-----w c:\program files\NOS
2009-03-22 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-22 20:59 --------- d-----w c:\program files\FutureTax NETFILE 2008
2009-03-22 20:49 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 20:45 --------- d-----w c:\program files\Siber Systems
2009-03-21 22:51 --------- d-----w c:\program files\Windows Desktop Search
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 21:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 21:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 11:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 11:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 11:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 11:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 11:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 11:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 11:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 11:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 11:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 11:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 11:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 11:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 11:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 11:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 11:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 11:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 11:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 11:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 11:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 11:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 11:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 13:47 --------- d-----w c:\program files\MSECache
2009-02-26 11:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 14:30 --------- d-----w c:\program files\mozilla.org
2009-02-18 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\1472
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\1C33C
2009-02-03 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\382AF
2009-01-13 06:24 117,996 ----a-w c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-08 01:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-08 01:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 01:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
2007-03-18 21:42 191 ----a-w c:\documents and settings\David\dir.dat
2007-03-10 15:32 988,263 ----a-w c:\documents and settings\David\root.zip
2007-01-29 21:11 61,440 ----a-w c:\documents and settings\David\JavaInstall.exe
2006-04-03 19:40 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-07-03 02:30 1,295,582 ----a-w c:\documents and settings\David\cygwin1.dll
2003-08-09 09:32 108,544 ----a-w c:\documents and settings\David\unzip.exe
1998-08-24 19:09 10,000 ----a-w c:\windows\inf\unregpn.exe
2008-08-21 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-28_ 7.42.18.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-28 15:14:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-13 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-05-21 1369288]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R220 Series on RABBIT"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-10-20 871936]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-09-01 147456]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-25 1932568]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-14 596584]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-10 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Norton GoBack.lnk - c:\program files\Norton GoBack\GBTray.exe [2004-12-21 804480]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 16:58 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00852D2]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wmfhotfix.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"WinIP"=3 (0x3)
"OpenDNS Updater.exe"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft ActiveSync\\WMP10_Update.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\50\\bin\\TCPTEST.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Documents and Settings\\David\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"990:TCP"= 990:TCP:bluetooth inbound TCP
"999:TCP"= 999:TCP:BT inbound TCP
"5678:TCP"= 5678:TCP:BT IB TCP
"5721:UDP"= 5721:UDP:INBOUND TCP BT
"5679:UDP"= 5679:UDP:BT outbound UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-03-04 76672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-07-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\HHVcdV7Sys\VC7SecS.exe [2006-03-04 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-03-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-07-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-06-09 11776]
S3 IEGP;IEGP;c:\windows\system32\DRIVERS\igmap.sys --> c:\windows\system32\DRIVERS\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-07-23 93450]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-27 c:\windows\Tasks\ParetoLogic Privacy Controls_{F152D62C-1997-11DE-97A5-00123FD0C5BB}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 11:29]
2009-03-28 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
2009-03-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
2009-03-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2009-03-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2007-01-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intel.com\www
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 15:25:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3617735250-3398334271-505246713-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a2,29,d9,aa,bd,
6c,01,86,e2,63,26,f1,3f,c8,ff,68,71,6e,f9,24,51,7c,ac,a1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,c3,bb,16,89,
d9,68,8c,6a,9c,d6,61,af,45,84,18,22,92,9a,36,ba,8b,c4,4c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e9,cf,5c,c1,a3,
b0,12,f9,ff,7c,85,e0,43,d4,0e,fe,0b,01,48,57,fa,49,5a,a0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f0,9b,25,30,c9,
ef,ca,b0,86,8c,21,01,be,91,eb,e7,2b,aa,29,50,6c,c3,0a,b5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6d,22,86,41,5d,
ed,dd,15,f5,1d,4d,73,a8,13,5c,05,96,2e,2e,1b,a7,85,aa,43,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,09,4c,7e,fc,92,
98,50,b3,df,20,58,62,78,6b,cf,c8,fb,bb,7a,d7,eb,f5,fa,e2,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,86,e4,23,e0,91,
82,6a,be,fb,a7,78,e6,12,2f,9a,ea,e5,33,12,42,af,aa,09,39,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f3,f6,99,08,98,
1c,3c,0f,01,3a,48,fc,e8,04,4a,f1,e0,30,7e,a0,b2,a6,41,a1,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,17,f6,34,be,
dd,d0,01,f6,0f,4e,58,98,5b,89,c9,2c,10,24,99,98,8f,43,29,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,b3,24,f2,29,
c4,7f,41,3d,ce,ea,26,2d,45,aa,78,67,a2,d4,c3,9c,72,41,7f,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,85,b1,d0,c4,37,
4c,c5,cd,2a,b7,cc,b5,b9,7f,41,e7,d4,11,1a,4e,d9,2a,82,64,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d2,44,bb,2e,6d,
29,36,86,6c,43,2d,1e,aa,22,2f,9c,76,06,9a,af,1b,7a,90,7a,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E1DB375E33B0859BDCFBDF089327443DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A2D97226D213B5554D8616B33713943F3AEB5A86DBBB7C5EBDFAB6E4BDA29D13165E64F00523E30FBF614E873653212668044F0DD49EB1DC3CA23AC550F97089F72D3AC2C79A7A8B596D7ED71B4A470AD05C33ABC7C307C60C0BD5CC9AA2DD83D115C863B2DD636FA5AAC461505D783042271658F310ED6C6335264A512275775D87D89A0EB5E8FA031C3A85D2345DC0E196F82C2CAC89004B27B8AEBBC276C0A7FA2453B42A09D324C9E3C8B3BA51CA286653E65707B2179F6A9192B493D720926B5E21190E76000FBEC1D39821E2BFDDD08DEA6DCFF62C110D28B02B65433754D728B3BDF198EC1F8BC275B9DBD6F3A51685BBFD7C951E24A06568A24E160F76C09BE43BAC096C04C2CC9BE5A22321F2FC0E04AB46032FB23AAA3BB2A9E091572F4330BE5B16B13FFCB95DFC71F5E48B4DED92AC296806E8744AD10715690F28AB20B507DCC3D32955D5F1F589ABC00DD2DD584A68232CC7EB8AF45E72A93A6FC6A63A6AD247D1E9EB61B8D8EE5A99675F0C6CE4074290A3C227950C684F2B05123EA34FA50B0B836413304268483A5DC61B07EBCF8A06261FCFC5F661BC5D98244200B27F2FC146E592FDE403F0CD86622108E7CF7543CAA8253C9A8A8530AB9704FC25D08322591DFC6B850F84E6500E27EE71572FE0E210C05386D57466938CC6F04BCC1236B73863657DA0E5FBF82BAC64B8FB18DE9384AC8BDD7A86A7792342515BE812EEB1EBCB7CBA0FAC64949EA2B0FD96C39F563DE70758F2ED7FDC0524BBA4E0F3A067EF2EE53D77A5DF8B50EEC01AC4FB6976F2E50C40FB8E5D0E5A8AEF05B4D983D1FEF8F99ABACE0E982C6CA8F467BCE416E38C8675980594B3520A51F1A799B4BAD80CB57CFADBF3CCA4E89D8DA3372328D0B7846B8E9B5CC620ABE772BF3FB44142BBBA20A0357C0BADA5F8F5E24F15F680B63A29E8D5501679695FA44987665882D14E575A75740B40D8B855521D911F3C4CFC4A75E770429B36883752671345E40C5785156C0D59572E7F65E2EED11151AEC77D453C1F41C1F2D56FAE0268A4399AE3A6081D5CD3F5C112F34943F512908A3B07AEF025DDB1F960A5F5B4746453A226C5A8C0DAB19F27DB647FCF00B9D17D18BC4E56AB35AE1663C5828DADC78ABD700534416677DCE1692CC1FBD5756D1B470B7EF144B986073F50F24D6AE5B9F73E1A2BBF40823A6E6C5512E5C28741EAD1EFE47E613086037858AC6C69A7C1D2A9CCD10E8D82483BBC7F35DCF3022FE6E7016468D93280AF35085495C94E864476FC2F3458FA9D28D15B3466FBCF9C7E5C63AA516AAECCA9439AD62510"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\wmfhotfix.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\wmfhotfix.dll
.
Completion time: 2009-03-28 15:28:06
ComboFix-quarantined-files.txt 2009-03-28 22:28:04
ComboFix2.txt 2009-03-28 16:21:23
ComboFix3.txt 2009-03-28 14:43:45
Pre-Run: 28,698,300,416 bytes free
Post-Run: 28,749,729,792 bytes free
394 --- E O F --- 2009-03-25 17:00:18
Hi
Please post fresh dds.txt contents too :)
xanderman
2009-03-29, 16:10
DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 7:07:49.14 on Sun 03/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.545 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Desktop\dds.com
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Quero: {a411d7f4-8d11-43ef-bde4-aa921666388a} - c:\progra~1\querot~1\Quero.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Auto EPSON Stylus Photo R220 Series on RABBIT] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p45 "auto epson stylus photo r220 series on rabbit" /o17 "\\rabbit\EPSONSty" /M "Stylus Photo R220"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intel.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118116648429
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136480169312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-25 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-3-4 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\hhvcdv7sys\VC7SecS.exe [2006-3-4 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-3-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-6-9 11776]
S3 IEGP;IEGP;c:\windows\system32\drivers\igmap.sys --> c:\windows\system32\drivers\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlannds.sys --> c:\windows\system32\drivers\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-7-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
=============== Created Last 30 ================
2009-03-29 07:05 389,120 a------- c:\windows\system32\CF16626.exe
2009-03-29 07:05 <DIR> --d----- C:\ComboFix
2009-03-28 07:33 <DIR> a-dshr-- C:\cmdcons
2009-03-28 07:32 161,792 a------- c:\windows\SWREG.exe
2009-03-28 07:32 98,816 a------- c:\windows\sed.exe
2009-03-27 18:56 <DIR> --d----- c:\program files\Uniblue
2009-03-27 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 17:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-25 16:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-25 16:58 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-25 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-25 16:52 <DIR> --d----- c:\docume~1\david\applic~1\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-03-25 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-25 11:16 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 10:49 <DIR> --d----- c:\documents and settings\david\Bluetooth Software
2009-03-25 10:08 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 10:08 <DIR> --d----- c:\program files\Motorola
2009-03-25 10:08 984,832 a------- c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-03-25 09:53 <DIR> --d----- c:\program files\Realtek AC97
2009-03-25 09:53 315,392 a------- c:\windows\alcupd.exe
2009-03-25 09:53 217,088 a------- c:\windows\alcrmv.exe
2009-03-25 09:38 <DIR> --d----- c:\program files\A4Tech
2009-03-25 09:38 389,120 a------- c:\windows\system32\Amsample.dll
2009-03-25 09:38 86,016 a------- c:\windows\system32\Amoures.dll
2009-03-25 09:38 36,864 a------- c:\windows\system32\Amhooker.dll
2009-03-25 09:38 10,240 a------- c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 9,984 a------- c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 7,424 a------- c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 5,120 a------- c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 534,440 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 <DIR> --d----- c:\program files\WIDCOMM
2009-03-25 09:16 <DIR> --d----- c:\program files\Unibrain
2009-03-25 09:15 <DIR> --d----- c:\program files\Intel Desktop Board
2009-03-25 09:14 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 <DIR> --dsh--- c:\documents and settings\david\IECompatCache
2009-03-24 18:56 <DIR> --dsh--- c:\documents and settings\david\PrivacIE
2009-03-24 18:52 <DIR> --dsh--- c:\documents and settings\david\IETldCache
2009-03-24 18:48 <DIR> --d----- c:\windows\ie8updates
2009-03-24 18:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-24 18:41 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:00 <DIR> --d----- C:\d9af3cde6c7ee023e2d2
2009-03-22 13:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
==================== Find3M ====================
2009-03-22 13:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 17:32 6,889 a------- c:\windows\mozver.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-12 23:24 117,996 a------- c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 134,144 -------- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 18:20 1,497,088 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 18:20 1,022,976 -------- c:\windows\system32\dllcache\browseui.dll
2009-01-07 18:20 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2007-03-18 14:42 191 a------- c:\documents and settings\david\dir.dat
2007-03-10 08:32 988,263 a------- c:\documents and settings\david\root.zip
2007-01-29 14:11 61,440 a------- c:\documents and settings\david\JavaInstall.exe
2006-04-03 12:40 774,144 a------- c:\program files\RngInterstitial.dll
2005-07-02 19:30 1,295,582 a------- c:\documents and settings\david\cygwin1.dll
2003-08-09 02:32 108,544 a------- c:\documents and settings\david\unzip.exe
1998-08-24 12:09 10,000 a------- c:\windows\inf\unregpn.exe
2008-08-21 16:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat
============= FINISH: 7:08:30.92 ===============
xanderman
2009-03-29, 17:19
DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 7:07:49.14 on Sun 03/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.545 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Desktop\dds.com
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Quero: {a411d7f4-8d11-43ef-bde4-aa921666388a} - c:\progra~1\querot~1\Quero.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Auto EPSON Stylus Photo R220 Series on RABBIT] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p45 "auto epson stylus photo r220 series on rabbit" /o17 "\\rabbit\EPSONSty" /M "Stylus Photo R220"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intel.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118116648429
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136480169312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-25 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-3-4 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 VC7SecS;Virtual CD v7 Management Service;c:\program files\hhvcdv7sys\VC7SecS.exe [2006-3-4 106496]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-3-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-6-9 11776]
S3 IEGP;IEGP;c:\windows\system32\drivers\igmap.sys --> c:\windows\system32\drivers\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlannds.sys --> c:\windows\system32\drivers\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-7-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 WinIP;WinIP; [x]
=============== Created Last 30 ================
2009-03-29 07:05 389,120 a------- c:\windows\system32\CF16626.exe
2009-03-29 07:05 <DIR> --d----- C:\ComboFix
2009-03-28 07:33 <DIR> a-dshr-- C:\cmdcons
2009-03-28 07:32 161,792 a------- c:\windows\SWREG.exe
2009-03-28 07:32 98,816 a------- c:\windows\sed.exe
2009-03-27 18:56 <DIR> --d----- c:\program files\Uniblue
2009-03-27 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 17:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-25 16:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-25 16:58 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-25 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-25 16:52 <DIR> --d----- c:\docume~1\david\applic~1\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-03-25 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-25 11:16 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 10:49 <DIR> --d----- c:\documents and settings\david\Bluetooth Software
2009-03-25 10:08 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 10:08 <DIR> --d----- c:\program files\Motorola
2009-03-25 10:08 984,832 a------- c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-03-25 09:53 <DIR> --d----- c:\program files\Realtek AC97
2009-03-25 09:53 315,392 a------- c:\windows\alcupd.exe
2009-03-25 09:53 217,088 a------- c:\windows\alcrmv.exe
2009-03-25 09:38 <DIR> --d----- c:\program files\A4Tech
2009-03-25 09:38 389,120 a------- c:\windows\system32\Amsample.dll
2009-03-25 09:38 86,016 a------- c:\windows\system32\Amoures.dll
2009-03-25 09:38 36,864 a------- c:\windows\system32\Amhooker.dll
2009-03-25 09:38 10,240 a------- c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 9,984 a------- c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 7,424 a------- c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 5,120 a------- c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 534,440 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 <DIR> --d----- c:\program files\WIDCOMM
2009-03-25 09:16 <DIR> --d----- c:\program files\Unibrain
2009-03-25 09:15 <DIR> --d----- c:\program files\Intel Desktop Board
2009-03-25 09:14 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 <DIR> --dsh--- c:\documents and settings\david\IECompatCache
2009-03-24 18:56 <DIR> --dsh--- c:\documents and settings\david\PrivacIE
2009-03-24 18:52 <DIR> --dsh--- c:\documents and settings\david\IETldCache
2009-03-24 18:48 <DIR> --d----- c:\windows\ie8updates
2009-03-24 18:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-24 18:41 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:00 <DIR> --d----- C:\d9af3cde6c7ee023e2d2
2009-03-22 13:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
==================== Find3M ====================
2009-03-22 13:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 17:32 6,889 a------- c:\windows\mozver.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-12 23:24 117,996 a------- c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 134,144 -------- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 18:20 1,497,088 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 18:20 1,022,976 -------- c:\windows\system32\dllcache\browseui.dll
2009-01-07 18:20 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2007-03-18 14:42 191 a------- c:\documents and settings\david\dir.dat
2007-03-10 08:32 988,263 a------- c:\documents and settings\david\root.zip
2007-01-29 14:11 61,440 a------- c:\documents and settings\david\JavaInstall.exe
2006-04-03 12:40 774,144 a------- c:\program files\RngInterstitial.dll
2005-07-02 19:30 1,295,582 a------- c:\documents and settings\david\cygwin1.dll
2003-08-09 02:32 108,544 a------- c:\documents and settings\david\unzip.exe
1998-08-24 12:09 10,000 a------- c:\windows\inf\unregpn.exe
2008-08-21 16:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat
============= FINISH: 7:08:30.92 ===============
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
mURLSearchHooks: H - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {43F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
File::
C:\Documents and Settings\David\My Documents\My Music\so over it katherine macphee.snd
C:\Documents and Settings\David\My Documents\My Received Files\karaoke spiderwebs no doubt[256k quality].snd
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00852D2]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows (including this one). Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & dds.txt log. How's the system running?
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
xanderman
2009-03-29, 21:23
ComboFix 09-03-28.06 - David 2009-03-29 12:14:51.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.626 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\cfscript.txt
* Created a new restore point
FILE ::
c:\documents and settings\David\My Documents\My Music\so over it katherine macphee.snd
c:\documents and settings\David\My Documents\My Received Files\karaoke spiderwebs no doubt[256k quality].snd
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David\My Documents\My Music\so over it katherine macphee.snd
c:\documents and settings\David\My Documents\My Received Files\karaoke spiderwebs no doubt[256k quality].snd
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d-------- c:\program files\Uniblue
2009-03-27 18:56 . 2009-03-27 18:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 18:06 . 2009-03-25 18:06 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-25 17:56 . 2009-03-25 18:14 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-25 16:58 . 2009-03-28 08:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-25 16:58 . 2009-03-28 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-25 16:58 . 2009-03-25 16:58 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 . 2009-03-28 08:12 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 . 2009-03-25 16:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\David\Application Data\ParetoLogic
2009-03-25 16:52 . 2009-03-25 16:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-25 16:51 . 2009-03-25 16:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-25 16:32 . 2009-03-25 16:42 <DIR> d-------- c:\program files\RegCure
2009-03-25 11:16 . 2009-03-25 11:16 <DIR> d-------- c:\program files\Trend Micro
2009-03-25 10:49 . 2009-03-25 10:49 <DIR> d-------- c:\documents and settings\David\Bluetooth Software
2009-03-25 10:08 . 2009-03-25 10:08 <DIR> d-------- c:\program files\Motorola
2009-03-25 10:08 . 2007-01-29 18:26 984,832 --a------ c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 . 2007-01-29 18:22 196,608 --a------ c:\windows\system32\sm56co6a.dll
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 . 2001-08-17 13:57 16,128 --a------ c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 09:53 . 2009-03-25 10:01 <DIR> d-------- c:\program files\Realtek AC97
2009-03-25 09:53 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-03-25 09:53 . 2006-07-31 11:27 217,088 --a------ c:\windows\alcrmv.exe
2009-03-25 09:38 . 2009-03-25 10:20 <DIR> d-------- c:\program files\A4Tech
2009-03-25 09:38 . 2004-08-25 17:46 389,120 --a------ c:\windows\system32\Amsample.dll
2009-03-25 09:38 . 2004-08-25 17:29 86,016 --a------ c:\windows\system32\Amoures.dll
2009-03-25 09:38 . 2004-08-25 17:29 36,864 --a------ c:\windows\system32\Amhooker.dll
2009-03-25 09:38 . 2004-08-25 17:09 10,240 --a------ c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 . 2004-08-25 17:09 9,984 --a------ c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 . 2004-08-25 17:09 7,424 --a------ c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 . 2004-08-25 17:09 5,120 --a------ c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 . 2008-04-15 04:13 534,440 --a------ c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 . 2007-09-20 04:59 156,392 --a------ c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 . 2008-03-27 03:17 89,896 --a------ c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 . 2008-02-04 10:57 37,160 --a------ c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 . 2009-03-25 09:30 <DIR> d-------- c:\program files\WIDCOMM
2009-03-25 09:16 . 2009-03-25 09:16 <DIR> d-------- c:\program files\Unibrain
2009-03-25 09:15 . 2009-03-25 09:15 <DIR> d-------- c:\program files\Intel Desktop Board
2009-03-25 09:14 . 2007-02-12 12:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 . 2009-03-25 07:29 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 . 2009-03-24 19:07 <DIR> d--hs---- c:\documents and settings\David\IECompatCache
2009-03-24 18:56 . 2009-03-24 18:56 <DIR> d--hs---- c:\documents and settings\David\PrivacIE
2009-03-24 18:52 . 2009-03-24 18:52 <DIR> d--hs---- c:\documents and settings\David\IETldCache
2009-03-24 18:48 . 2009-03-24 18:48 <DIR> d-------- c:\windows\ie8updates
2009-03-24 18:47 . 2009-03-24 18:47 <DIR> d--h-c--- c:\windows\ie8
2009-03-24 18:41 . 2009-02-27 21:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 . 2009-01-09 12:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:02 . 2009-03-22 15:02 <DIR> d-------- c:\program files\MSBuild
2009-03-22 15:00 . 2009-03-22 15:01 <DIR> d-------- C:\d9af3cde6c7ee023e2d2
2009-03-22 14:37 . 2009-03-22 14:37 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-22 13:50 . 2009-03-22 13:49 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-22 13:49 . 2009-03-22 13:49 <DIR> d-------- c:\program files\Java
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 01:56 --------- d-----w c:\documents and settings\David\Application Data\Uniblue
2009-03-28 01:25 --------- d-----w c:\program files\Any Audio Converter
2009-03-26 01:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 00:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 00:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-25 16:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 14:25 --------- d-----w c:\program files\Microsoft
2009-03-25 14:14 --------- d-----w c:\program files\Dream Aquarium
2009-03-22 22:08 --------- d-----w c:\program files\NOS
2009-03-22 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-03-22 20:59 --------- d-----w c:\program files\FutureTax NETFILE 2008
2009-03-22 20:49 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 20:45 --------- d-----w c:\program files\Siber Systems
2009-03-21 22:51 --------- d-----w c:\program files\Windows Desktop Search
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 21:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 21:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 11:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 11:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 11:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 11:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 11:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 11:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 11:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 11:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 11:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 11:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 11:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 11:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 11:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 11:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 11:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 11:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 11:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 11:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 11:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 11:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 11:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 13:47 --------- d-----w c:\program files\MSECache
2009-02-26 11:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 14:30 --------- d-----w c:\program files\mozilla.org
2009-02-18 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\1472
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-07 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\1C33C
2009-02-03 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\382AF
2009-01-13 06:24 117,996 ----a-w c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-08 01:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-08 01:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 01:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
2007-03-18 21:42 191 ----a-w c:\documents and settings\David\dir.dat
2007-03-10 15:32 988,263 ----a-w c:\documents and settings\David\root.zip
2007-01-29 21:11 61,440 ----a-w c:\documents and settings\David\JavaInstall.exe
2006-04-03 19:40 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-07-03 02:30 1,295,582 ----a-w c:\documents and settings\David\cygwin1.dll
2003-08-09 09:32 108,544 ----a-w c:\documents and settings\David\unzip.exe
1998-08-24 19:09 10,000 ----a-w c:\windows\inf\unregpn.exe
2008-08-21 23:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-28_ 7.42.18.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-23 21:02:10 42,858 ----a-w c:\windows\system32\hsfci014.dll
+ 2005-02-23 22:02:10 42,858 ----a-w c:\windows\system32\hsfci014.dll
+ 2006-10-31 21:26:58 204,800 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56aec.dll
+ 2007-01-30 01:22:30 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56brz.dll
+ 2007-01-30 01:22:30 53,248 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56chs.dll
+ 2007-01-30 01:22:30 53,248 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56cht.dll
+ 2007-01-30 01:22:38 196,608 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56co6a.dll
+ 2007-01-30 01:22:30 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56dnk.dll
+ 2007-01-30 01:22:28 69,632 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56eng.dll
+ 2007-01-30 01:22:32 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56esp.dll
+ 2007-01-30 01:22:30 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56fra.dll
+ 2007-01-30 01:22:28 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56ger.dll
+ 2007-01-30 01:22:28 638,976 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56hlpr.exe
+ 2007-01-30 01:22:32 65,536 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56ita.dll
+ 2007-01-30 01:22:30 57,344 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56jpn.dll
+ 2007-01-30 01:22:32 53,248 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\sm56kor.dll
+ 2007-01-30 01:26:24 984,832 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\x86\smserial.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus Photo R220 Series on RABBIT"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-08 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-25 16:58 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wmfhotfix.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-05-21 12:50 1369288 c:\program files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 12:33 155648 c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-03-25 16:58 1932568 c:\progra~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2005-04-28 14:34 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-10-14 15:46 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-10-14 15:50 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-10-14 15:49 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2005-10-20 15:45 871936 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 03:32 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a------ 2002-02-04 22:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2007-01-29 18:22 638976 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2009-01-26 15:31 5365592 c:\program files\Spybot - Search & Destroy\SpybotSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 11:16 73728 c:\program files\Logitech\Profiler\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-22 13:49 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 09:48 2019624 c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
--a------ 2004-09-01 02:06 147456 c:\progra~1\A4Tech\Mouse\Amoumain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"WinIP"=3 (0x3)
"OpenDNS Updater.exe"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"VC7SecS"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stllssvr"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PNRPSvc"=3 (0x3)
"PlugPlay"=2 (0x2)
"p2psvc"=3 (0x3)
"p2pimsvc"=3 (0x3)
"p2pgasvc"=3 (0x3)
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"LmHosts"=2 (0x2)
"LexBceS"=2 (0x2)
"LBTServ"=3 (0x3)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"InCDsrv"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"GBPoll"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"btwdins"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"6to4"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft ActiveSync\\WMP10_Update.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\50\\bin\\TCPTEST.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Documents and Settings\\David\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"990:TCP"= 990:TCP:bluetooth inbound TCP
"999:TCP"= 999:TCP:BT inbound TCP
"5678:TCP"= 5678:TCP:BT IB TCP
"5721:UDP"= 5721:UDP:INBOUND TCP BT
"5679:UDP"= 5679:UDP:BT outbound UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-03-04 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-07-27 36352]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-03-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-07-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-06-09 11776]
S3 IEGP;IEGP;c:\windows\system32\DRIVERS\igmap.sys --> c:\windows\system32\DRIVERS\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-07-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 VC7SecS;Virtual CD v7 Management Service;c:\program files\HHVcdV7Sys\VC7SecS.exe [2006-03-04 106496]
S4 WinIP;WinIP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-27 c:\windows\Tasks\ParetoLogic Privacy Controls_{F152D62C-1997-11DE-97A5-00123FD0C5BB}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 11:29]
2009-03-29 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25]
2009-03-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]
2009-03-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2009-03-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 10:58]
2007-01-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intel.com\www
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 12:17:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3617735250-3398334271-505246713-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a2,29,d9,aa,bd,
6c,01,86,e2,63,26,f1,3f,c8,ff,68,71,6e,f9,24,51,7c,ac,a1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,c3,bb,16,89,
d9,68,8c,6a,9c,d6,61,af,45,84,18,22,92,9a,36,ba,8b,c4,4c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e9,cf,5c,c1,a3,
b0,12,f9,ff,7c,85,e0,43,d4,0e,fe,0b,01,48,57,fa,49,5a,a0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f0,9b,25,30,c9,
ef,ca,b0,86,8c,21,01,be,91,eb,e7,2b,aa,29,50,6c,c3,0a,b5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,6d,22,86,41,5d,
ed,dd,15,f5,1d,4d,73,a8,13,5c,05,96,2e,2e,1b,a7,85,aa,43,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,09,4c,7e,fc,92,
98,50,b3,df,20,58,62,78,6b,cf,c8,fb,bb,7a,d7,eb,f5,fa,e2,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,86,e4,23,e0,91,
82,6a,be,fb,a7,78,e6,12,2f,9a,ea,e5,33,12,42,af,aa,09,39,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f3,f6,99,08,98,
1c,3c,0f,01,3a,48,fc,e8,04,4a,f1,e0,30,7e,a0,b2,a6,41,a1,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,20,17,f6,34,be,
dd,d0,01,f6,0f,4e,58,98,5b,89,c9,2c,10,24,99,98,8f,43,29,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,b3,24,f2,29,
c4,7f,41,3d,ce,ea,26,2d,45,aa,78,67,a2,d4,c3,9c,72,41,7f,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,85,b1,d0,c4,37,
4c,c5,cd,2a,b7,cc,b5,b9,7f,41,e7,d4,11,1a,4e,d9,2a,82,64,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d2,44,bb,2e,6d,
29,36,86,6c,43,2d,1e,aa,22,2f,9c,76,06,9a,af,1b,7a,90,7a,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="E1DB375E33B0859BDCFBDF089327443DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D6794A2D97226D213B5554D8616B33713943F3AEB5A86DBBB7C5EBDFAB6E4BDA29D13165E64F00523E30FBF614E873653212668044F0DD49EB1DC3CA23AC550F97089F72D3AC2C79A7A8B596D7ED71B4A470AD05C33ABC7C307C60C0BD5CC9AA2DD83D115C863B2DD636FA5AAC461505D783042271658F310ED6C6335264A512275775D87D89A0EB5E8FA031C3A85D2345DC0E196F82C2CAC89004B27B8AEBBC276C0A7FA2453B42A09D324C9E3C8B3BA51CA286653E65707B2179F6A9192B493D720926B5E21190E76000FBEC1D39821E2BFDDD08DEA6DCFF62C110D28B02B65433754D728B3BDF198EC1F8BC275B9DBD6F3A51685BBFD7C951E24A06568A24E160F76C09BE43BAC096C04C2CC9BE5A22321F2FC0E04AB46032FB23AAA3BB2A9E091572F4330BE5B16B13FFCB95DFC71F5E48B4DED92AC296806E8744AD10715690F28AB20B507DCC3D32955D5F1F589ABC00DD2DD584A68232CC7EB8AF45E72A93A6FC6A63A6AD247D1E9EB61B8D8EE5A99675F0C6CE4074290A3C227950C684F2B05123EA34FA50B0B836413304268483A5DC61B07EBCF8A06261FCFC5F661BC5D98244200B27F2FC146E592FDE403F0CD86622108E7CF7543CAA8253C9A8A8530AB9704FC25D08322591DFC6B850F84E6500E27EE71572FE0E210C05386D57466938CC6F04BCC1236B73863657DA0E5FBF82BAC64B8FB18DE9384AC8BDD7A86A7792342515BE812EEB1EBCB7CBA0FAC64949EA2B0FD96C39F563DE70758F2ED7FDC0524BBA4E0F3A067EF2EE53D77A5DF8B50EEC01AC4FB6976F2E50C40FB8E5D0E5A8AEF05B4D983D1FEF8F99ABACE0E982C6CA8F467BCE416E38C8675980594B3520A51F1A799B4BAD80CB57CFADBF3CCA4E89D8DA3372328D0B7846B8E9B5CC620ABE772BF3FB44142BBBA20A0357C0BADA5F8F5E24F15F680B63A29E8D5501679695FA44987665882D14E575A75740B40D8B855521D911F3C4CFC4A75E770429B36883752671345E40C5785156C0D59572E7F65E2EED11151AEC77D453C1F41C1F2D56FAE0268A4399AE3A6081D5CD3F5C112F34943F512908A3B07AEF025DDB1F960A5F5B4746453A226C5A8C0DAB19F27DB647FCF00B9D17D18BC4E56AB35AE1663C5828DADC78ABD700534416677DCE1692CC1FBD5756D1B470B7EF144B986073F50F24D6AE5B9F73E1A2BBF40823A6E6C5512E5C28741EAD1EFE47E613086037858AC6C69A7C1D2A9CCD10E8D82483BBC7F35DCF3022FE6E7016468D93280AF35085495C94E864476FC2F3458FA9D28D15B3466FBCF9C7E5C63AA516AAECCA9439AD62510"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\msaud32.acm
c:\windows\system32\iac25_32.ax
.
Completion time: 2009-03-29 12:19:20
ComboFix-quarantined-files.txt 2009-03-29 19:19:13
ComboFix2.txt 2009-03-28 22:28:11
ComboFix3.txt 2009-03-28 16:21:23
ComboFix4.txt 2009-03-28 14:43:45
Pre-Run: 29,211,181,056 bytes free
Post-Run: 29,239,435,264 bytes free
549 --- E O F --- 2009-03-25 17:00:18
DDS (Ver_09-03-16.01) - NTFSx86
Run by David at 12:20:09.31 on Sun 03/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.494 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\David\Desktop\dds.com
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Quero: {a411d7f4-8d11-43ef-bde4-aa921666388a} - c:\progra~1\querot~1\Quero.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Auto EPSON Stylus Photo R220 Series on RABBIT] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p45 "auto epson stylus photo r220 series on rabbit" /o17 "\\rabbit\EPSONSty" /M "Stylus Photo R220"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - {628A3E94-1B5F-48c1-9487-71082189C019}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intel.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {020EA84E-76BD-4D97-8BF4-9C402E412137} - hxxp://o1.agendize.com/w1/inserter/AgendiZe.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118116648429
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136480169312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
TCP: {F87F4892-FA08-4C53-927E-FAAE993791C7} = 208.67.222.222,75.154.133.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\wmfhotfix.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-25 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-25 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-25 108552]
R1 vdrv7000;vdrv7000;c:\windows\system32\drivers\vdrv7000.sys [2006-3-4 76672]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2009-3-25 9984]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-6-9 11776]
S3 IEGP;IEGP;c:\windows\system32\drivers\igmap.sys --> c:\windows\system32\drivers\igmap.sys [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\drivers\wlannds.sys --> c:\windows\system32\drivers\wlanNDS.sys [?]
S3 ZSMC302;PC CAM 300A;c:\windows\system32\drivers\usbVM302.sys [2006-7-23 93450]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-25 298264]
S4 OpenDNS Updater.exe;OpenDNS Updater; [x]
S4 VC7SecS;Virtual CD v7 Management Service;c:\program files\hhvcdv7sys\VC7SecS.exe [2006-3-4 106496]
S4 WinIP;WinIP; [x]
=============== Created Last 30 ================
2009-03-28 07:33 <DIR> a-dshr-- C:\cmdcons
2009-03-28 07:32 161,792 a------- c:\windows\SWREG.exe
2009-03-28 07:32 98,816 a------- c:\windows\sed.exe
2009-03-27 18:56 <DIR> --d----- c:\program files\Uniblue
2009-03-27 18:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-25 17:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-25 16:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-25 16:58 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-25 16:58 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-25 16:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-25 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-25 16:52 <DIR> --d----- c:\docume~1\david\applic~1\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-03-25 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-03-25 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-25 11:16 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 10:49 <DIR> --d----- c:\documents and settings\david\Bluetooth Software
2009-03-25 10:08 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-03-25 10:08 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-03-25 10:08 <DIR> --d----- c:\program files\Motorola
2009-03-25 10:08 984,832 a------- c:\windows\system32\drivers\smserial.sys
2009-03-25 10:08 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-03-25 09:53 <DIR> --d----- c:\program files\Realtek AC97
2009-03-25 09:53 315,392 a------- c:\windows\alcupd.exe
2009-03-25 09:53 217,088 a------- c:\windows\alcrmv.exe
2009-03-25 09:38 <DIR> --d----- c:\program files\A4Tech
2009-03-25 09:38 389,120 a------- c:\windows\system32\Amsample.dll
2009-03-25 09:38 86,016 a------- c:\windows\system32\Amoures.dll
2009-03-25 09:38 36,864 a------- c:\windows\system32\Amhooker.dll
2009-03-25 09:38 10,240 a------- c:\windows\system32\drivers\Amusbprt.sys
2009-03-25 09:38 9,984 a------- c:\windows\system32\drivers\Amps2prt.sys
2009-03-25 09:38 7,424 a------- c:\windows\system32\drivers\Amusbdev.sys
2009-03-25 09:38 5,120 a------- c:\windows\system32\drivers\Amfilter.sys
2009-03-25 09:31 534,440 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-25 09:31 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-25 09:31 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-03-25 09:31 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-03-25 09:30 <DIR> --d----- c:\program files\WIDCOMM
2009-03-25 09:16 <DIR> --d----- c:\program files\Unibrain
2009-03-25 09:15 <DIR> --d----- c:\program files\Intel Desktop Board
2009-03-25 09:14 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-25 07:29 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-03-24 19:07 <DIR> --dsh--- c:\documents and settings\david\IECompatCache
2009-03-24 18:56 <DIR> --dsh--- c:\documents and settings\david\PrivacIE
2009-03-24 18:52 <DIR> --dsh--- c:\documents and settings\david\IETldCache
2009-03-24 18:48 <DIR> --d----- c:\windows\ie8updates
2009-03-24 18:47 <DIR> -cd-h--- c:\windows\ie8
2009-03-24 18:41 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-03-23 14:13 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-22 15:00 <DIR> --d----- C:\d9af3cde6c7ee023e2d2
2009-03-22 13:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
==================== Find3M ====================
2009-03-22 13:49 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 17:32 6,889 a------- c:\windows\mozver.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-12 23:24 117,996 a------- c:\windows\Remove Outlook Express Uninstaller.exe
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 134,144 -------- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 18:20 1,497,088 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 18:20 1,022,976 -------- c:\windows\system32\dllcache\browseui.dll
2009-01-07 18:20 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2007-03-18 14:42 191 a------- c:\documents and settings\david\dir.dat
2007-03-10 08:32 988,263 a------- c:\documents and settings\david\root.zip
2007-01-29 14:11 61,440 a------- c:\documents and settings\david\JavaInstall.exe
2006-04-03 12:40 774,144 a------- c:\program files\RngInterstitial.dll
2005-07-02 19:30 1,295,582 a------- c:\documents and settings\david\cygwin1.dll
2003-08-09 02:32 108,544 a------- c:\documents and settings\david\unzip.exe
1998-08-24 12:09 10,000 a------- c:\windows\inf\unregpn.exe
2008-08-21 16:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat
============= FINISH: 12:20:32.04 ===============
xanderman
2009-03-29, 21:26
There is no improvement in system performance.
Temperature seems pretty good, fan is running and clear of obstruction...
Hi again,
Since I can't spot anything else malware related there I can only ask you to check this (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) for hints how to improve system performance. If it doesn't help you may want to post at http://forums.pcpitstop.com .
However, let's uninstall those programs we used.
Now lets uninstall ComboFix:
Click START then RUN
Now type "c:\documents and settings\David\Desktop\ComboFix.exe" /u in the runbox and click OK
You may also delete dds.com file and related logs.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.