View Full Version : Help Me Please
motox822
2009-07-07, 06:43
I am having some serious problems with my computer. It always freezes up when I try to run scans with Spybot and any other programs and when it freezes up sometimes something inside my CPU (not my speakers) will give a loud continuous beep. Any ways.. here is my HJT log on a normal system start up please take a look and tell me if you see anything. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:44 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Documents and Settings\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [FeatherSoft Windows Hider] "C:\Program Files\FeatherSoft Windows Hider\hideme.exe" /startMin
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 12436 bytes
Bio-Hazard
2009-07-08, 11:01
Hello and Welcome to forums!
My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
No Reply Within 5 Days Will Result In Your Topic Being Closed!!
Bio-Hazard
2009-07-08, 11:05
Use of P2P (Person to Person) file sharing programs
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent DNA
Please read HERE (http://forums.spybot.info/showpost.php?p=218503&postcount=4) the Safer Networking Forums policy on the use of P2P file sharing programs. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.
NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
STEP 1
Download DDS
Please download DDS by sUBs from one of the links below and save it to your desktop:
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop from:
Link1 (http://www.techsupportforum.com/sectools/sUBs/dds)
Link2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link3 (http://www.forospyware.com/sUBs/dds)
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
STEP 2
RootRepeal - Rootkit Detector
Download RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip) and unzip it to your Desktop.
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Clickthe Scan button
In the Select Scan dialog, check:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
Next Reply
Please reply with:
DDS.txt
Attach.txt
RootRepeal.txt
motox822
2009-07-09, 06:00
Thank you for responding! I got rid of the DNA thing from Bittorrent like you said and here are those reports you asked for:
DDS:
DDS (Ver_09-06-26.01) - NTFSx86
Run by MOM and DAD at 19:14:05.06 on Wed 07/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.536 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MOM and DAD\Desktop\Forum Stuff\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\momand~1\applic~1\mozilla\firefox\profiles\oqlefedq.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-15 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-15 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-15 298776]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-8 47640]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-6-21 1373480]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2008-2-27 53307]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys --> c:\windows\system32\drivers\scrcap.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-07-08 19:01 <DIR> --d----- c:\temp\cs630_XP
2009-07-08 19:01 <DIR> --d----- C:\temp
2009-07-06 20:40 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 16:23 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-06 16:16 155,136 a------- c:\windows\PEV.exe
2009-07-06 16:16 <DIR> --ds---- C:\ComboFix
2009-07-04 10:20 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-01 09:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-25 20:31 <DIR> --d----- c:\docume~1\momand~1\applic~1\WinFF
2009-06-25 20:26 <DIR> --d----- c:\docume~1\momand~1\applic~1\MPEG Streamclip
2009-06-25 20:20 <DIR> --d----- c:\program files\iPod
2009-06-25 20:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-25 20:20 <DIR> --d----- c:\program files\iTunes
2009-06-25 20:18 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-25 20:18 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-24 21:48 <DIR> --d----- c:\program files\Yahoo!
2009-06-21 20:02 <DIR> --d----- c:\docume~1\momand~1\applic~1\ritePen
2009-06-21 19:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rosetta Stone
2009-06-21 19:37 <DIR> --d----- c:\program files\Rosetta Stone
2009-06-21 17:29 <DIR> --d----- c:\docume~1\momand~1\applic~1\WTablet
2009-06-21 17:29 1,380,680 -------- c:\windows\system32\PenTablet.znc
2009-06-21 17:29 2,684,200 -------- c:\windows\system32\PenTablet.cpl
2009-06-21 17:27 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-21 17:27 12,848 a------- c:\windows\system32\drivers\wacomvhid.sys
2009-06-21 17:27 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-21 17:27 <DIR> --d----- c:\windows\system32\WTablet
2009-06-21 17:27 1,373,480 -------- c:\windows\system32\Pen_Tablet.exe
2009-06-21 17:27 181,544 -------- c:\windows\system32\Wintab32.dll
2009-06-21 17:27 128,296 -------- c:\windows\system32\Pen_Tablet.dll
2009-06-21 17:27 <DIR> --d----- c:\program files\Tablet
2009-06-16 17:38 <DIR> --d----- c:\program files\FeatherSoft Windows Hider
2009-06-13 23:42 <DIR> --d----- c:\program files\Moffsoft FreeCalc
2009-06-09 16:09 <DIR> --d----- c:\program files\Bonjour
==================== Find3M ====================
2009-07-02 08:50 34 a------- c:\documents and settings\mom and dad\jagex_runescape_preferences.dat
2009-07-01 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-01 09:42 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 18:26 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-05-15 22:54 81,984 a------- c:\windows\system32\bdod.bin
2009-05-15 22:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 12:11 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-11-08 23:08 56 ---shr-- c:\windows\system32\491A85F95E.sys
2008-11-08 23:08 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-21 07:39 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat
============= FINISH: 19:14:54.95 ===============
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2006 12:44:46 PM
System Uptime: 7/8/2009 7:07:59 PM (0 hours ago)
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 145 GiB total, 107.097 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP90: 4/8/2009 6:00:16 PM - Software Distribution Service 3.0
RP91: 4/9/2009 6:00:16 PM - Software Distribution Service 3.0
RP92: 4/10/2009 8:41:29 AM - Avg8 Update
RP93: 4/10/2009 6:00:34 PM - Software Distribution Service 3.0
RP94: 4/11/2009 12:29:35 PM - Removed Google SketchUp 7
RP95: 4/11/2009 12:42:05 PM - Removed BumpTop
RP96: 4/11/2009 12:44:21 PM - Removed Corel Photo Album 6
RP97: 4/11/2009 12:45:36 PM - Removed LogMeIn
RP98: 4/11/2009 12:46:22 PM - Removed Project64 1.6
RP99: 4/11/2009 12:49:43 PM - Software Distribution Service 3.0
RP100: 4/11/2009 6:00:16 PM - Software Distribution Service 3.0
RP101: 4/12/2009 6:00:15 PM - Software Distribution Service 3.0
RP102: 4/13/2009 6:00:18 PM - Software Distribution Service 3.0
RP103: 4/14/2009 6:00:19 PM - Software Distribution Service 3.0
RP104: 4/14/2009 9:01:42 PM - Installed Age of Empires III
RP105: 4/15/2009 12:03:54 PM - Installed RollerCoaster Tycoon 2
RP106: 4/15/2009 10:43:29 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP107: 4/15/2009 10:45:12 PM - Installed DirectX
RP108: 4/16/2009 6:00:37 PM - Software Distribution Service 3.0
RP109: 4/16/2009 6:13:23 PM - Avg8 Update
RP110: 4/17/2009 6:00:36 PM - Software Distribution Service 3.0
RP111: 4/18/2009 6:00:19 PM - Software Distribution Service 3.0
RP112: 4/19/2009 6:00:18 PM - Software Distribution Service 3.0
RP113: 4/19/2009 6:18:00 PM - Removed RollerCoaster Tycoon 2
RP114: 4/19/2009 6:18:40 PM - Installed RollerCoaster Tycoon 2
RP115: 4/20/2009 6:00:16 PM - Software Distribution Service 3.0
RP116: 4/20/2009 9:18:50 PM - Software Distribution Service 3.0
RP117: 4/21/2009 6:00:17 PM - Software Distribution Service 3.0
RP118: 4/22/2009 6:00:15 PM - Software Distribution Service 3.0
RP119: 4/22/2009 9:01:42 PM - Software Distribution Service 3.0
RP120: 4/23/2009 7:13:17 PM - Software Distribution Service 3.0
RP121: 4/24/2009 6:00:17 PM - Software Distribution Service 3.0
RP122: 4/25/2009 10:13:34 PM - System Checkpoint
RP123: 4/28/2009 9:41:43 PM - Installed Jitbit Macro Recorder LITE
RP124: 4/28/2009 10:08:36 PM - Software Distribution Service 3.0
RP125: 4/29/2009 11:02:47 PM - System Checkpoint
RP126: 5/1/2009 6:27:56 PM - Avg8 Update
RP127: 5/1/2009 6:29:07 PM - Avg8 Update
RP128: 5/1/2009 10:43:49 PM - Installed Dragon NaturallySpeaking 9
RP129: 5/2/2009 12:02:57 PM - Removed Dragon NaturallySpeaking 9
RP130: 5/2/2009 4:20:42 PM - Installed Symantec pcAnywhere.
RP131: 5/3/2009 6:02:36 PM - Installed Windows XP Wudf01007.
RP132: 5/3/2009 6:03:36 PM - Installed Windows XP winusb0100.
RP133: 5/3/2009 6:54:22 PM - Removed Age of Empires III
RP134: 5/3/2009 7:05:11 PM - Removed RollerCoaster Tycoon 2
RP135: 5/14/2009 8:45:40 PM - Avira AntiVir Personal - 5/14/2009 20:44
RP136: 5/14/2009 8:49:55 PM - Installed BitDefender Free Edition v10
RP137: 5/15/2009 10:53:01 PM - Installed AVG Free 8.5
RP138: 5/15/2009 10:56:32 PM - Removed BitDefender Free Edition v10
RP139: 5/17/2009 11:52:20 AM - Software Distribution Service 3.0
RP140: 5/18/2009 3:24:09 PM - Avg8 Update
RP141: 5/18/2009 3:25:22 PM - Avg8 Update
RP142: 5/19/2009 9:32:04 PM - System Checkpoint
RP143: 5/21/2009 4:59:44 PM - System Checkpoint
RP144: 5/22/2009 5:40:17 PM - System Checkpoint
RP145: 5/23/2009 10:16:18 PM - System Checkpoint
RP146: 5/25/2009 12:35:13 AM - System Checkpoint
RP147: 5/25/2009 12:56:59 PM - Installed Rosetta Stone Version 3
RP148: 5/26/2009 9:21:52 PM - System Checkpoint
RP149: 5/29/2009 6:24:28 PM - System Checkpoint
RP150: 5/30/2009 4:34:34 PM - WS RESTORE POINT
RP151: 5/31/2009 6:58:34 PM - System Checkpoint
RP152: 6/1/2009 9:32:51 PM - Installed Brother MFL-Pro Suite
RP153: 6/4/2009 5:14:18 PM - System Checkpoint
RP154: 6/5/2009 5:24:23 PM - System Checkpoint
RP155: 6/6/2009 4:18:16 PM - Installed BumpTop
RP156: 6/7/2009 6:11:04 PM - System Checkpoint
RP157: 6/8/2009 6:26:05 PM - SPTD setup V1.50
RP158: 6/9/2009 5:11:48 PM - Installed QuickTime
RP159: 6/10/2009 6:44:27 PM - System Checkpoint
RP160: 6/11/2009 7:58:38 PM - System Checkpoint
RP161: 6/12/2009 8:58:38 PM - System Checkpoint
RP162: 6/13/2009 9:23:31 PM - System Checkpoint
RP163: 6/15/2009 9:36:39 AM - System Checkpoint
RP164: 6/16/2009 9:39:33 AM - System Checkpoint
RP165: 6/17/2009 10:03:46 AM - System Checkpoint
RP166: 6/18/2009 11:16:11 AM - Installed DirectX 9.0
RP167: 6/18/2009 12:08:29 PM - Removed BumpTop
RP168: 6/18/2009 12:15:09 PM - Removed Rosetta Stone Version 3
RP169: 6/19/2009 2:24:19 PM - System Checkpoint
RP170: 6/21/2009 7:03:15 PM - System Checkpoint
RP171: 6/21/2009 7:37:39 PM - Installed Rosetta Stone Version 3
RP172: 6/21/2009 8:01:54 PM - Installed ritePen
RP173: 6/23/2009 12:06:43 PM - System Checkpoint
RP174: 6/24/2009 6:53:03 PM - System Checkpoint
RP175: 6/25/2009 8:20:33 PM - Installed iTunes
RP176: 6/26/2009 9:02:56 PM - System Checkpoint
RP177: 6/27/2009 9:26:56 PM - System Checkpoint
RP178: 6/28/2009 10:14:56 PM - System Checkpoint
RP179: 6/29/2009 10:50:56 PM - System Checkpoint
RP180: 6/30/2009 11:26:56 PM - System Checkpoint
RP181: 7/1/2009 9:41:15 AM - Avg8 Update
RP182: 7/1/2009 9:42:34 AM - Avg8 Update
RP183: 7/2/2009 10:41:22 AM - System Checkpoint
RP184: 7/3/2009 12:58:59 PM - System Checkpoint
RP185: 7/4/2009 12:19:36 PM - Removed ritePen
RP186: 7/5/2009 7:55:25 PM - Installed Ad-Aware
RP187: 7/6/2009 4:36:22 PM - Software Distribution Service 3.0
RP188: 7/6/2009 4:44:45 PM - Removed Ad-Aware
RP189: 7/8/2009 6:45:05 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Torrent
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 8.1.4
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Bonjour
Brother MFL-Pro Suite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Cheat Engine 5.5
Clear Cache feature for Internet Explorer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Digital Content Portal
GearDrvs
Google
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
Jitbit Macro Recorder LITE
LG USB Modem driver
Linksys Wireless-N USB Network Adapter WUSB300N
Macromedia Flash Player
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Small Business Accounting 2006
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WinUsb 1.0
Moffsoft FreeCalc
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
Pen Tablet
PopCap Browser Plugin
PowerISO
Qualxserve Service Agreement
QuickBooks Pro 2008
QuickTime
Rosetta Stone Version 3
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SBA
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skins
Sonic Activation Module
Source Dedicated Server
Spybot - Search & Destroy
Steam
SupportSoft Assisted Service
Team Fortress 2 Dedicated Server
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
Viewpoint Media Player
VLC media player 0.9.9
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zune
Zune Desktop Theme
Zune Language Pack (ES)
Zune Language Pack (FR)
==== Event Viewer Messages From Past Week ========
7/6/2009 9:03:07 PM, error: Service Control Manager [7000] - The SDDMI2 service failed to start due to the following error: The system cannot find the file specified.
7/6/2009 8:27:24 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/6/2009 4:45:45 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
7/6/2009 4:45:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the aawservice service.
7/6/2009 4:37:08 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
7/6/2009 4:16:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/6/2009 4:15:09 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/5/2009 6:41:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 10040128, parameter2 00000002, parameter3 00000000, parameter4 85d0ba32.
7/5/2009 5:14:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/4/2009 12:23:33 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
7/3/2009 4:21:56 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8D6BA4C5-4331-48FF-A8. The master browser is stopping or an election is being forced.
7/3/2009 4:04:45 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0013720DA56B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 3:03:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
==== End Of File ===========================
RootRepeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/07/08 19:18
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ati1r2k.sys
Image Path: C:\WINDOWS\system32\drivers\ati1r2k.sys
Address: 0xEB67B000 Size: 476672 File Visible: No Signed: -
Status: -
Name: cdfsex.sys
Image Path: cdfsex.sys
Address: 0xF78A2000 Size: 20480 File Visible: No Signed: -
Status: -
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xEB5A6000 Size: 872448 File Visible: No Signed: -
Status: -
Name: PCI_NTPNP7634
Image Path: \Driver\PCI_NTPNP7634
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB78D9000 Size: 49152 File Visible: No Signed: -
Status: -
Name: usbnt.sys
Image Path: C:\WINDOWS\system32\drivers\usbnt.sys
Address: 0xF791A000 Size: 18944 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\locals32.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\asr_svr.exe
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\sfccache.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\iasx86.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\cdfsex.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\usbnt.sys
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\ati1r2k.sys
Status: Invisible to the Windows API!
Path: c:\documents and settings\mom and dad\local settings\temp\etilqs_aaqaifidzcp8phez6zco
Status: Allocation size mismatch (API: 32768, Raw: 0)
Path: c:\documents and settings\mom and dad\local settings\temp\etilqs_oyuhuzufhdmjydfkfyl6
Status: Allocation size mismatch (API: 65536, Raw: 32768)
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb6890c4
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb6899f6
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf742e340
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\ati1r2k.sys" at address 0xeb689050
#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf742e418
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf742e298
#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf742e4aa
Stealth Objects
-------------------
Object: Hidden Handle [Index: 1388, Type: File]
Process: svchost.exe (PID: 1284) Address: 0x85458b78 Size: -
Object: Hidden Module [Name: CFScan.dll]
Process: QBCFMonitorService.exe (PID: 2356) Address: 0x009e0000 Size: 45056
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x871ce1e8 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x866c9790 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x871d01e8 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x866ef790 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_CREATE]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_CLOSE]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85786190 Size: 3699
Object: Hidden Code [Driver: iastor, IRP_MJ_POWER]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: iastor, IRP_MJ_PNP]
Process: System Address: 0x871cf1e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x871601e8 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85eb2790 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x866e4408 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x85ef4790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CREATE]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CLOSE]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_READ]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_CLEANUP]
Process: System Address: 0x86613790 Size: 121
Object: Hidden Code [Driver: CdfsЅఋ癁⩧, IRP_MJ_PNP]
Process: System Address: 0x86613790 Size: 121
Hidden Services
-------------------
Service Name: ati1r2k
Image Path: system32\drivers\ati1r2k.sys
Service Name: cdfsex
Image Path: C:\WINDOWS\system32\drivers\cdfsex.sys
Service Name: usbnt
Image Path: C:\WINDOWS\system32\drivers\usbnt.sys
==EOF==
Bio-Hazard
2009-07-09, 08:51
Hello!
Have you run Combofix on this machine?
ATF-Cleaner
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords please click No at the prompt.
Click Exit on the Main menu to close the program.
Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop.
Alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
Alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Kaspersky Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Answer to My question
Malwarebytes Antimalware log
Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
motox822
2009-07-10, 07:12
Answer to question:
Yes, I have run combofix on this computer before. I used it when I had a virus earlier and was told to do so by a professional and once before on my own.
Description of Computers Behavior:
The biggest problem with my computer is it freezes. Whenever I'm working on something or browsing the internet, it randomly freezes. When it freezes, I cannot use ctrl-alt-delete because it it just completely frozen up. This forces me to just restart my system by holding down my CPU's power button for a few seconds. Sometimes my monitor will go blank for a second and come back on with the blue windows error screen and when I restart after that it says it has recovered from a serious error. Lastly, my computer is just running all around slow.
Malwarebytes Log:
Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3
7/9/2009 3:43:31 PM
mbam-log-2009-07-09 (15-43-31).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 207399
Time elapsed: 59 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\mom and dad\my documents\Elite\my pictures\ek_setup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\mom and dad\my documents\Elite\my pictures\_logviewer\logs viewer.exe (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP154\A0037117.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP156\A0037207.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP156\A0037208.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP166\A0038048.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP128\A0029818.rbf (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP128\A0029903.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
c:\windows\system32\locals32.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\windows\system32\asr_svr.exe (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\windows\system32\iasx86.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\windows\system32\drivers\cdfsex.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\windows\system32\drivers\usbnt.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
c:\windows\system32\drivers\ati1r2k.sys (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
Kaspersky Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 10, 2009 02:39:28
Records in database: 2453139
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 88349
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:11:03
File name / Threat name / Threats count
C:\Documents and Settings\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.l 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcecjbffmigojealcfemsjjfcwuaoctsak.dll.vir Infected: Trojan-Clicker.Win32.Small.aea 1
The selected area was scanned.
Fresh HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:51 PM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 9263 bytes
Bio-Hazard
2009-07-10, 08:36
Hello!
Thank you for your reply. As the Combofix has been run previously we need to uninstall it and the run it again.
STEP 1
Download ComboFix
Download ComboFix from one of these locations on to your desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
STEP 2
Delete ComboFix and Clean Up
Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
http://i147.photobucket.com/albums/r301/DFW_photos/CF_Cleanup.png
Please advise if this step is missed for any reason as it performs some important actions.
STEP 3
Download and Run ComboFix
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
ComboFix SHOULD NOT be used unless requested by a forum helper.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click on ComboFix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.
Next Reply
Please reply with:
ComboFix log (found at C:\Combofix.txt)
New HijackThis log
motox822
2009-07-10, 21:38
Thank you for all of your help so far! Here is what you asked for:
Combofix Log:
ComboFix 09-07-09.08 - MOM and DAD 07/10/2009 9:14.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -7:00]
Running from: c:\documents and settings\MOM and DAD\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\test.txt
c:\windows\Downloaded Program Files\popcaploader.inf
.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-10 04:37 . 2003-01-27 22:26 57856 ----a-w- c:\windows\Fce32.dll
2009-07-10 04:37 . 2000-11-12 04:01 389120 ----a-w- c:\windows\system32\ImgX4.dll
2009-07-10 04:37 . 2000-11-12 03:12 675840 ----a-w- c:\windows\system32\_ISource2.dll
2009-07-10 04:37 . 2003-01-27 22:26 57856 ----a-w- c:\windows\system32\Fce32.dll
2009-07-10 04:37 . 2002-01-01 17:45 92672 ----a-w- c:\windows\system32\See32.dll
2009-07-10 04:37 . 2004-10-04 20:14 45056 ----a-w- c:\windows\system32\offer.exe
2009-07-10 04:37 . 2009-07-10 16:04 -------- d-----w- c:\program files\Easy Web Cam
2009-07-09 23:20 . 2009-07-09 23:20 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AskToolbar
2009-07-09 23:06 . 2009-07-09 23:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 23:05 . 2009-07-09 23:05 152576 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 21:39 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 21:39 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 21:39 . 2009-07-09 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:08 . 2009-07-09 03:08 -------- d-----w- c:\program files\Ask.com
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\program files\ManyCam 2.4
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ManyCam
2009-07-09 02:03 . 2001-10-05 23:02 102400 ----a-w- c:\windows\system32\icm10wui.dll
2009-07-09 02:03 . 2001-10-05 23:02 94208 ----a-w- c:\windows\system32\icm10wia.dll
2009-07-09 02:03 . 2001-10-05 23:01 14182 ----a-w- c:\windows\system32\drivers\icm10blk.sys
2009-07-09 02:03 . 2001-10-05 22:57 282681 ----a-w- c:\windows\system32\icm10api.dll
2009-07-09 02:03 . 2000-09-15 22:51 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-07-09 02:03 . 2001-10-05 23:02 65536 ----a-w- c:\windows\system32\ICM10reg.dll
2009-07-09 02:03 . 2001-10-05 23:00 420870 ----a-w- c:\windows\system32\drivers\ICM10USB.sys
2009-07-09 02:03 . 2001-10-05 22:56 266297 ----a-w- c:\windows\system32\ICM10EXT.dll
2009-07-09 02:03 . 2001-10-05 22:56 110649 ----a-w- c:\windows\system32\ICM10com.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-09 02:03 . 2001-10-05 23:00 3398 ----a-w- c:\windows\system32\drivers\icm10ply.sys
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- c:\temp\cs630_XP
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- C:\temp
2009-07-07 06:04 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 04:03 . 2009-07-07 04:03 6041600 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
2009-07-07 04:03 . 2009-07-07 04:03 56320 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
2009-07-07 04:03 . 2009-07-07 04:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
2009-07-07 04:03 . 2009-07-07 04:03 123138 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
2009-07-07 03:40 . 2009-07-07 03:40 -------- d-----w- c:\program files\Trend Micro
2009-07-04 17:20 . 2009-07-04 17:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-01 22:18 . 2009-07-01 22:18 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-26 05:53 . 2009-06-26 05:53 637 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625225359.bat
2009-06-26 03:32 . 2009-06-26 03:32 2278 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625203224.bat
2009-06-26 03:31 . 2009-07-04 19:20 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WinFF
2009-06-26 03:26 . 2009-06-26 03:26 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\MPEG Streamclip
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iPod
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iTunes
2009-06-26 03:19 . 2009-06-26 03:19 -------- d-----w- c:\program files\QuickTime
2009-06-26 03:18 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-26 03:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-26 03:17 . 2009-06-26 03:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 04:48 . 2009-07-04 19:20 -------- d-----w- c:\program files\Yahoo!
2009-06-22 03:02 . 2009-06-22 03:02 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ritePen
2009-06-22 02:37 . 2009-06-22 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-06-22 02:37 . 2009-06-22 02:37 -------- d-----w- c:\program files\Rosetta Stone
2009-06-22 00:29 . 2009-07-10 16:01 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WTablet
2009-06-22 00:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-22 00:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-22 00:27 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\windows\system32\WTablet
2009-06-22 00:27 . 2007-09-07 18:16 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
2009-06-22 00:27 . 2007-09-07 18:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
2009-06-22 00:27 . 2007-09-07 17:55 181544 ------w- c:\windows\system32\Wintab32.dll
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\program files\Tablet
2009-06-17 00:38 . 2009-07-06 00:15 -------- d-----w- c:\program files\FeatherSoft Windows Hider
2009-06-14 06:42 . 2009-06-14 06:42 -------- d-----w- c:\program files\Moffsoft FreeCalc
2009-06-11 22:03 . 2009-06-11 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 16:06 . 2009-05-05 04:21 -------- d-----w- c:\program files\Firefox
2009-07-10 02:49 . 2008-05-29 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 23:05 . 2006-03-14 04:41 -------- d-----w- c:\program files\Java
2009-07-09 22:45 . 2009-05-30 23:35 1090248 ----a-w- c:\windows\system32\sfccache.dll
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 03:03 . 2008-10-26 02:05 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\uTorrent
2009-07-06 02:55 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 15:50 . 2008-10-18 00:45 34 ----a-w- c:\documents and settings\MOM and DAD\jagex_runescape_preferences.dat
2009-07-01 16:42 . 2009-05-16 05:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 16:42 . 2009-05-16 05:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 16:42 . 2009-05-16 05:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 03:21 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-09 23:09 -------- d-----w- c:\program files\Bonjour
2009-06-22 18:26 . 2009-04-18 02:21 -------- d-----w- c:\program files\Cheat Engine
2009-06-22 03:01 . 2006-03-14 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 02:38 . 2009-06-09 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-18 19:15 . 2008-10-01 04:55 -------- d-----w- c:\program files\Steam
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-09 23:18 . 2007-09-06 03:29 33400 ----a-w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 23:09 . 2006-03-22 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:17 . 2009-04-01 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-09 01:26 . 2009-06-09 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-08 23:11 . 2009-06-02 04:31 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 00:50 . 2009-06-02 04:33 65 ----a-w- c:\windows\system32\BD8060.DAT
2009-06-02 04:33 . 2009-06-02 04:32 -------- d-----w- c:\program files\Brother
2009-06-02 04:32 . 2006-03-14 04:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 04:31 . 2009-06-02 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-30 23:47 . 2007-11-13 13:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:47 . 2009-05-30 23:38 91 ----a-w- c:\windows\system32\aticom.dat
2009-05-27 04:59 . 2009-05-27 04:59 -------- d-----r- c:\documents and settings\MOM and DAD\Application Data\Brother
2009-05-25 19:57 . 2009-05-25 19:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-23 03:10 . 2009-05-23 03:10 -------- d-----w- c:\program files\directx
2009-05-23 03:04 . 2009-05-16 20:59 612 ----a-w- c:\windows\eReg.dat
2009-05-23 02:38 . 2009-05-23 02:36 -------- d-----w- c:\program files\PowerISO
2009-05-22 01:55 . 2009-05-16 05:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\AVGTOOLBAR
2009-05-16 22:48 . 2009-05-16 22:44 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Any Video Converter
2009-05-16 05:56 . 2009-05-15 03:49 -------- d-----w- c:\program files\Common Files\Softwin
2009-05-16 05:54 . 2009-05-15 03:55 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-16 05:53 . 2009-05-16 05:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 00:34 . 2009-05-03 00:34 0 -c--a-w- c:\windows\system32\rn.tmp
2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
2009-04-29 04:41 . 2009-04-29 04:41 1406 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
2009-04-20 00:10 . 2009-04-20 00:10 390664 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 19:11 . 2008-10-23 04:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-09 06:08 . 2006-04-05 20:38 56 --sh--r- c:\windows\system32\491A85F95E.sys
2008-11-09 06:08 . 2006-04-05 20:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 18:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-10-09 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"EasyFreeWebCam"="c:\progra~1\EASYWE~1\easywebcam.exe" [2009-01-12 1884160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 16:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MOM and DAD^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\MOM and DAD\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=2 (0x2)
"ZuneNetworkSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"zϐ|,|-|q-|x-|>"= zϐ|,|-|q-|x-|>:Nod32 Runtime
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Easy Web Cam\\easywebcam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 10:53 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 10:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/15/2009 10:53 PM 298776]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/8/2009 7:23 PM 47640]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/21/2009 5:27 PM 1373480]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2/27/2008 8:11 PM 53307]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S0 cdfsex;cdfsex;c:\windows\system32\drivers\cdfsex.sys --> c:\windows\system32\drivers\cdfsex.sys [?]
S1 ati1r2k;ati1r2k;c:\windows\system32\drivers\ati1r2k.sys --> c:\windows\system32\drivers\ati1r2k.sys [?]
S1 usbnt;usbnt;c:\windows\system32\drivers\usbnt.sys --> c:\windows\system32\drivers\usbnt.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 02:22]
2009-07-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E8B} - c:\progra~1\EASYWE~1\easywebcam.exe
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\MOM and DAD\Application Data\Mozilla\Firefox\Profiles\oqlefedq.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 09:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3149744984-3560293793-1601873477-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D04B2C9-617C-D7FB-8978-839558E2F1F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naabkjhddgnjldoedjfapccbbooe"=hex:6b,61,65,70,70,66,63,6e,6f,66,63,69,65,6d,
66,61,61,6b,62,66,65,63,00,00
"magjenmchjjaihbpacdhfnpgoc"=hex:6a,61,70,70,6c,69,69,6d,68,6d,6a,70,70,69,63,
68,68,6f,68,6a,00,d2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-07-10 9:21
ComboFix-quarantined-files.txt 2009-07-10 16:21
ComboFix2.txt 2009-07-06 23:24
Pre-Run: 121,746,059,264 bytes free
Post-Run: 121,807,949,824 bytes free
298 --- E O F --- 2009-07-09 01:50
New HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:14 AM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 9340 bytes
Bio-Hazard
2009-07-11, 16:14
Hello!
I would like to see any information that might be available from the first time you ran ComboFix.
Step 1:
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders:
C:\qoobox In that folder you will find the ComboFix log files.
Please post the contents of each of those log files in your next reply.
I'd like you to check (a file/some files) for Viruses.
Go to VirusTotal (http://www.virustotal.com) or Jotti's (http://virusscan.jotti.org/)
c:\windows\system32\sfccache.dll
Copy/Paste file into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
After a while, a window will open, with details of what the scans found.
Copy and Paste results in your next reply.
Run CFScript
Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:
Drivers::
cdfsex
ati1r2k
usbnt
File::
c:\windows\system32\drivers\usbnt.sys
c:\windows\system32\drivers\ati1r2k.sys
c:\windows\system32\drivers\cdfsex.sys
c:\windows\system32\bdod.bin
c:\windows\system32\rn.tmp
c:\windows\Fce32.dll
c:\windows\system32\ImgX4.dll
c:\windows\system32\_ISource2.dll
c:\windows\system32\Fce32.dll
c:\windows\system32\See32.dll
c:\windows\system32\offer.exe
Folder::
c:\documents and settings\MOM and DAD\Application Data\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
DDS::
uURLSearchHooks: H - No File
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -
Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
http://i219.photobucket.com/albums/cc99/BioHazard_030/CFScriptExample.jpg
Refering to the picture below, drag CFScript into ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt
NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.
Next Reply
Please reply with:
ComboFix log (found at C:\Combofix.txt)
New HijackThis log
motox822
2009-07-12, 00:32
For some reason C:\qoobox only has one Combofix log on it and that was the one from my last post. This might have happened when I uninstalled combo fix like you told me to but I'm not sure.
Virus Total:
File sfccache.dll received on 2009.07.11 20:31:08 (UTC)
Result: 0/41 (0%)
CFScript Combofix log: (After this scan was run, a box came up that said Combofix had to send malware files to its servers for further analysis)
ComboFix 09-07-09.08 - MOM and DAD 07/11/2009 13:34.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.559 [GMT -7:00]
Running from: c:\documents and settings\MOM and DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MOM and DAD\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\Fce32.dll"
"c:\windows\system32\_ISource2.dll"
"c:\windows\system32\bdod.bin"
"c:\windows\system32\drivers\ati1r2k.sys"
"c:\windows\system32\drivers\cdfsex.sys"
"c:\windows\system32\drivers\usbnt.sys"
"c:\windows\system32\Fce32.dll"
"c:\windows\system32\ImgX4.dll"
"c:\windows\system32\offer.exe"
"c:\windows\system32\rn.tmp"
"c:\windows\system32\See32.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\MOM and DAD\Application Data\uTorrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\[PC GAME MULTI] - Gran Theft Auto San Andreas + Crack NoCD - (Perfect DVD Version) - (Eng-Ita-Deu-Fra-Esp) - (By G-ADLVR_R7.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\[PC] MTX Mototrax Motocross [RIP] [dopeman].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\1000+ Cell Phone Java Games.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Action Movie essentials.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Adobe After Effects CS3 Professional 2008 PC + Crack.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Age of Empire 3.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Allok MPEG4 Converter + { ++ CRACK ++ }.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Amberlin.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\ANBERLIN - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Ardamax Keylogger v-4.8+serial.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\AV Voice Changer Diamond 6 0 10 [h33t] [dinguskull].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Anti-Virus 8 Pro + key.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Antivirus 8 0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\AVG Antivirus 8 Pro + 12 Serials [EXPIRY YEAR 2025][h33t].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Black Eyed Peas - [Deluxe Edition] E.N.D [Cov+CD] [Bubanee].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Blaze Media Pro 8.0.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Borat[2006]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\BumpTop.Pro.V1.2646-Madroach.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Civilization_IV.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\DAEMON Tools Pro 4.30.304 (32-64Bit-XP-ViSta).torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\dht.dat
c:\documents and settings\MOM and DAD\Application Data\uTorrent\dht.dat.old
c:\documents and settings\MOM and DAD\Application Data\uTorrent\DJ_dLux-dLectro-2009-MIXFIEND.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Dragon.Naturally.Speaking.9.51.Professional(French+all.English).setup+Readme.Serial.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Easy Window and System Tray Icons Hider v1.20.0-BEAN.exe.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Elite Keylogger 4.3.070.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Eminem - Relapse [2009][CD+2 SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Flight Simulator 2004 ISO - Repack By 108.iso.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Flo-Rida Feat. Kesha - Right Round [iVANA-XviD].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Fort_Minor-The_Rising_Tied-2005-XXL.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\GARRYS_MOD.iso.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Gran.Torino.2008.DvDRip-FxM.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Green Day - 21st Century Breakdown (Complete 320 kBps mp3) by ThE GEorGE.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\GTA San Andreas.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Harold.&.Kumar.Go.To.White.Castle[2004]DvDrip.AC3-aXXo.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Harry Potter and the Chamber of Secrets.7z.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Hollywood Undead - Swan Songs& Misc. Songs.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Incubus - Monuments And Melodies [CD Rip] [All Cov+2CD][Bubanee].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Jamie_Foxx_Ft_T-Pain-Blame_It-(Promo_VLS)-2009.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\jitbit.macro.recorder.4.1.0.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Kid Cudi - Day & Night.mp3.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Kings Of Leon - Only By The Night[2008][MP3@320kbps]-antecho.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Lavasoft Ad-Aware 2008 Pro 7.1.0.11 Final[h33t]-MasterUploader.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Lavasoft Ad-Aware 2008 Pro v7.1.0.11 (Reloaded).torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Left 4 Dead No-Steam Patch 1.0.1.1.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Left 4 Dead.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\MagicISO_Maker_5.5.272.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\MGMT - Oracular Spectacular [2008].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Microsoft Flight Simulator X deluxe.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need For Speed - Hot Pursuit 2.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need For Speed Hot Pursuit 2.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.1.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\PC_GTA.SanAndreas -(rip)-(ToeD).torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pennywise - Reason To Believe [Deluxe Edition].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pennywise.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Pitbull-I_Know_You_Want_Me_(Calle_Ocho)-Promo_CDM-2009.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\PowerIso 4.4 (CLEAN) [blaze69].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\QuickTime Pro v7.60.92 for Windows XPVista.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\resume.dat
c:\documents and settings\MOM and DAD\Application Data\uTorrent\resume.dat.old
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Rise_Against-Appeal_To_Reason-2008-RiSEAGAiNST.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Role Models.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Role.Models[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller Coaster Tycoon 2.1.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller Coaster Tycoon 2.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Roller_Coaster_Tycoon_2(UG).torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Rosetta Stone V3.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\rss.dat
c:\documents and settings\MOM and DAD\Application Data\uTorrent\rss.dat.old
c:\documents and settings\MOM and DAD\Application Data\uTorrent\settings.dat
c:\documents and settings\MOM and DAD\Application Data\uTorrent\settings.dat.old
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Silent Keylogger v1.5 Uploaded By 3DPiMp.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Spiderman 3 [2007] DvDRiP [ENG] - NEO.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Star Wars Battlefront [PC Game].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Symantec pcAnywhere v12.1.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\T.I. - Paper Trail - (Explicit Retail-2008).torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\T.I. (Ft. Justin Timberlake) - Dead and Gone.mp3.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Hangover.2009.Cam-AlienFilms.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Killers - Day And Age [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Offspring - Rise and Fall Rage and Grace [2008].torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\The Smashing Pumpkins Greatest Hits.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\The.Simpsons.Movie[2007]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Top 40 singles USA 13 06 2009 KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\UltraISO Premium Edition v9.3.3.2685 Retail-SHAREGO.rar.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Wanted.2008.DVDRIP-ZEKTORM.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Wanted[2008]DvDrip-aXXo.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\WinRAR_3.80_Professional.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Workspace Macro Pro - Automation Edition 6.0.4.7z.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Yes.Man.2008.DvDRip-FxM.torrent
c:\documents and settings\MOM and DAD\Application Data\uTorrent\Zack And Miri Make A PornoDvDrip (CanusRG-pill).torrent
C:\test.txt
c:\windows\Fce32.dll
c:\windows\system32\bdod.bin
c:\windows\system32\Fce32.dll
c:\windows\system32\ImgX4.dll
c:\windows\system32\offer.exe
c:\windows\system32\rn.tmp
c:\windows\system32\See32.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.
2009-07-10 04:37 . 2009-07-10 16:33 -------- d-----w- c:\program files\Easy Web Cam
2009-07-09 23:20 . 2009-07-09 23:20 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AskToolbar
2009-07-09 23:06 . 2009-07-09 23:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 23:05 . 2009-07-09 23:05 152576 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 21:39 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 21:39 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 21:39 . 2009-07-09 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:08 . 2009-07-09 03:08 -------- d-----w- c:\program files\Ask.com
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\program files\ManyCam 2.4
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ManyCam
2009-07-09 02:03 . 2001-10-05 23:02 102400 ----a-w- c:\windows\system32\icm10wui.dll
2009-07-09 02:03 . 2001-10-05 23:02 94208 ----a-w- c:\windows\system32\icm10wia.dll
2009-07-09 02:03 . 2001-10-05 23:01 14182 ----a-w- c:\windows\system32\drivers\icm10blk.sys
2009-07-09 02:03 . 2001-10-05 22:57 282681 ----a-w- c:\windows\system32\icm10api.dll
2009-07-09 02:03 . 2000-09-15 22:51 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-07-09 02:03 . 2001-10-05 23:02 65536 ----a-w- c:\windows\system32\ICM10reg.dll
2009-07-09 02:03 . 2001-10-05 23:00 420870 ----a-w- c:\windows\system32\drivers\ICM10USB.sys
2009-07-09 02:03 . 2001-10-05 22:56 266297 ----a-w- c:\windows\system32\ICM10EXT.dll
2009-07-09 02:03 . 2001-10-05 22:56 110649 ----a-w- c:\windows\system32\ICM10com.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-09 02:03 . 2001-10-05 23:00 3398 ----a-w- c:\windows\system32\drivers\icm10ply.sys
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- c:\temp\cs630_XP
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- C:\temp
2009-07-07 06:04 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 04:03 . 2009-07-07 04:03 6041600 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
2009-07-07 04:03 . 2009-07-07 04:03 56320 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
2009-07-07 04:03 . 2009-07-07 04:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
2009-07-07 04:03 . 2009-07-07 04:03 123138 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
2009-07-07 03:40 . 2009-07-07 03:40 -------- d-----w- c:\program files\Trend Micro
2009-07-04 17:20 . 2009-07-04 17:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-01 22:18 . 2009-07-01 22:18 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-26 05:53 . 2009-06-26 05:53 637 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625225359.bat
2009-06-26 03:32 . 2009-06-26 03:32 2278 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625203224.bat
2009-06-26 03:31 . 2009-07-04 19:20 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WinFF
2009-06-26 03:26 . 2009-06-26 03:26 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\MPEG Streamclip
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iPod
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iTunes
2009-06-26 03:19 . 2009-06-26 03:19 -------- d-----w- c:\program files\QuickTime
2009-06-26 03:18 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-26 03:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-26 03:17 . 2009-06-26 03:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 04:48 . 2009-07-04 19:20 -------- d-----w- c:\program files\Yahoo!
2009-06-22 03:02 . 2009-06-22 03:02 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ritePen
2009-06-22 02:37 . 2009-06-22 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-06-22 02:37 . 2009-06-22 02:37 -------- d-----w- c:\program files\Rosetta Stone
2009-06-22 00:29 . 2009-07-11 20:19 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WTablet
2009-06-22 00:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-22 00:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-22 00:27 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\windows\system32\WTablet
2009-06-22 00:27 . 2007-09-07 18:16 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
2009-06-22 00:27 . 2007-09-07 18:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
2009-06-22 00:27 . 2007-09-07 17:55 181544 ------w- c:\windows\system32\Wintab32.dll
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\program files\Tablet
2009-06-17 00:38 . 2009-07-06 00:15 -------- d-----w- c:\program files\FeatherSoft Windows Hider
2009-06-14 06:42 . 2009-06-14 06:42 -------- d-----w- c:\program files\Moffsoft FreeCalc
2009-06-11 22:03 . 2009-06-11 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 20:31 . 2009-05-05 04:21 -------- d-----w- c:\program files\Firefox
2009-07-11 05:51 . 2008-05-29 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 23:05 . 2006-03-14 04:41 -------- d-----w- c:\program files\Java
2009-07-09 22:45 . 2009-05-30 23:35 1090248 ----a-w- c:\windows\system32\sfccache.dll
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 02:55 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 15:50 . 2008-10-18 00:45 34 ----a-w- c:\documents and settings\MOM and DAD\jagex_runescape_preferences.dat
2009-07-01 16:42 . 2009-05-16 05:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 16:42 . 2009-05-16 05:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 16:42 . 2009-05-16 05:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 03:21 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-09 23:09 -------- d-----w- c:\program files\Bonjour
2009-06-22 18:26 . 2009-04-18 02:21 -------- d-----w- c:\program files\Cheat Engine
2009-06-22 03:01 . 2006-03-14 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 02:38 . 2009-06-09 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-18 19:15 . 2008-10-01 04:55 -------- d-----w- c:\program files\Steam
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-09 23:18 . 2007-09-06 03:29 33400 ----a-w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 23:09 . 2006-03-22 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:17 . 2009-04-01 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-09 01:26 . 2009-06-09 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-08 23:11 . 2009-06-02 04:31 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 00:50 . 2009-06-02 04:33 65 ----a-w- c:\windows\system32\BD8060.DAT
2009-06-02 04:33 . 2009-06-02 04:32 -------- d-----w- c:\program files\Brother
2009-06-02 04:32 . 2006-03-14 04:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 04:31 . 2009-06-02 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-30 23:47 . 2007-11-13 13:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:47 . 2009-05-30 23:38 91 ----a-w- c:\windows\system32\aticom.dat
2009-05-27 04:59 . 2009-05-27 04:59 -------- d-----r- c:\documents and settings\MOM and DAD\Application Data\Brother
2009-05-25 19:57 . 2009-05-25 19:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-23 03:10 . 2009-05-23 03:10 -------- d-----w- c:\program files\directx
2009-05-23 03:04 . 2009-05-16 20:59 612 ----a-w- c:\windows\eReg.dat
2009-05-23 02:38 . 2009-05-23 02:36 -------- d-----w- c:\program files\PowerISO
2009-05-22 01:55 . 2009-05-16 05:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\AVGTOOLBAR
2009-05-16 22:48 . 2009-05-16 22:44 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Any Video Converter
2009-05-16 05:56 . 2009-05-15 03:49 -------- d-----w- c:\program files\Common Files\Softwin
2009-05-16 05:53 . 2009-05-16 05:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
2009-04-29 04:41 . 2009-04-29 04:41 1406 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
2009-04-20 00:10 . 2009-04-20 00:10 390664 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 19:11 . 2008-10-23 04:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-09 06:08 . 2006-04-05 20:38 56 --sh--r- c:\windows\system32\491A85F95E.sys
2008-11-09 06:08 . 2006-04-05 20:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-10_16.19.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 20:19 . 2009-07-11 20:19 16384 c:\windows\temp\Perflib_Perfdata_90c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 18:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-10-09 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 16:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MOM and DAD^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\MOM and DAD\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=2 (0x2)
"ZuneNetworkSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"zϐ|,|-|q-|x-|>"= zϐ|,|-|q-|x-|>:Nod32 Runtime
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 10:53 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 10:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/15/2009 10:53 PM 298776]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/8/2009 7:23 PM 47640]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/21/2009 5:27 PM 1373480]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2/27/2008 8:11 PM 53307]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S0 cdfsex;cdfsex;c:\windows\system32\drivers\cdfsex.sys --> c:\windows\system32\drivers\cdfsex.sys [?]
S1 ati1r2k;ati1r2k;c:\windows\system32\drivers\ati1r2k.sys --> c:\windows\system32\drivers\ati1r2k.sys [?]
S1 usbnt;usbnt;c:\windows\system32\drivers\usbnt.sys --> c:\windows\system32\drivers\usbnt.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 02:22]
2009-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\MOM and DAD\Application Data\Mozilla\Firefox\Profiles\oqlefedq.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 13:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3149744984-3560293793-1601873477-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D04B2C9-617C-D7FB-8978-839558E2F1F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naabkjhddgnjldoedjfapccbbooe"=hex:6b,61,65,70,70,66,63,6e,6f,66,63,69,65,6d,
66,61,61,6b,62,66,65,63,00,00
"magjenmchjjaihbpacdhfnpgoc"=hex:6a,61,70,70,6c,69,69,6d,68,6d,6a,70,70,69,63,
68,68,6f,68,6a,00,d2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-07-11 13:41
ComboFix-quarantined-files.txt 2009-07-11 20:41
ComboFix2.txt 2009-07-10 16:21
ComboFix3.txt 2009-07-06 23:24
Pre-Run: 121,768,325,120 bytes free
Post-Run: 121,750,384,640 bytes free
402 --- E O F --- 2009-07-09 01:50
New HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:09 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 9233 bytes
Bio-Hazard
2009-07-12, 09:29
Run CFScript
Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:
Driver::
cdfsex
ati1r2k
usbnt
FileLook::
c:\windows\system32\sfccache.dll
FILE ::
c:\windows\system32\drivers\ati1r2k.sys
c:\windows\system32\drivers\cdfsex.sys
c:\windows\system32\drivers\usbnt.sys
Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
http://i219.photobucket.com/albums/cc99/BioHazard_030/CFScriptExample.jpg
Refering to the picture below, drag CFScript into ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt
NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.
ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords please click No at the prompt.
Click Exit on the Main menu to close the program.
Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Ask toolbar
I would remove this toolbar. You can read more about it HERE (http://www.benedelman.org/spyware/ask-toolbars/).
Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):
ASk toolbar
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
ComboFix log (found at C:\Combofix.txt)
ESET Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
motox822
2009-07-14, 20:19
Sorry this took so long to reply.. I didn't realize we went on to a second page. Anyways here is what you asked for.
Description:
My computers problem is that it freezes constantly. Usually the active window will freeze but not the task bar until I try to click anything on it. I cannot use Ctrl-Alt-Delete to quit any programs so I am forced to do a hard reset. My computer especially has problems with videos. It doesn't matter if I use Youtube or Windows media player because they both freeze faster than anything. I have tried taking off the side panel of my computer just in case its overheating and I updated my video driver but that still doesn't do anything. I am starting to think this problem is not from a virus.
Combofix:
ComboFix 09-07-12.03 - MOM and DAD 07/12/2009 20:33.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.577 [GMT -7:00]
Running from: c:\documents and settings\MOM and DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MOM and DAD\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\test.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDFSEX
-------\Legacy_USBNT
-------\Service_ati1r2k
-------\Service_cdfsex
-------\Service_usbnt
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-13 00:41 . 2009-02-25 20:44 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-07-13 00:41 . 2009-02-25 20:38 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-07-13 00:41 . 2008-08-21 01:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-07-13 00:41 . 2009-01-26 17:55 182995 ----a-w- c:\windows\system32\atiicdxx.dat
2009-07-13 00:41 . 2008-08-21 01:37 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-07-13 00:41 . 2009-02-25 20:59 2670080 ----a-w- c:\windows\system32\ativvaxx.dll
2009-07-13 00:41 . 2009-02-25 21:16 3817984 ----a-w- c:\windows\system32\ati3duag.dll
2009-07-13 00:41 . 2009-02-25 21:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-07-13 00:41 . 2009-02-25 20:32 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-07-13 00:41 . 2009-02-25 21:41 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-07-13 00:41 . 2009-02-25 20:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-07-13 00:41 . 2009-02-25 22:58 3565568 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-07-13 00:33 . 2009-02-25 22:58 3565568 ----a-w- c:\windows\system32\dllcache\ati2mtag.sys
2009-07-12 06:59 . 2009-07-12 06:59 3584 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-12 06:59 . 2009-07-12 06:59 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-10 04:37 . 2009-07-10 16:33 -------- d-----w- c:\program files\Easy Web Cam
2009-07-09 23:06 . 2009-07-09 23:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 23:05 . 2009-07-09 23:05 152576 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 21:39 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 21:39 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 21:39 . 2009-07-09 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\program files\ManyCam 2.4
2009-07-09 03:08 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ManyCam
2009-07-09 02:03 . 2001-10-05 23:02 102400 ----a-w- c:\windows\system32\icm10wui.dll
2009-07-09 02:03 . 2001-10-05 23:02 94208 ----a-w- c:\windows\system32\icm10wia.dll
2009-07-09 02:03 . 2001-10-05 23:01 14182 ----a-w- c:\windows\system32\drivers\icm10blk.sys
2009-07-09 02:03 . 2001-10-05 22:57 282681 ----a-w- c:\windows\system32\icm10api.dll
2009-07-09 02:03 . 2000-09-15 22:51 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-07-09 02:03 . 2001-10-05 23:02 65536 ----a-w- c:\windows\system32\ICM10reg.dll
2009-07-09 02:03 . 2001-10-05 23:00 420870 ----a-w- c:\windows\system32\drivers\ICM10USB.sys
2009-07-09 02:03 . 2001-10-05 22:56 266297 ----a-w- c:\windows\system32\ICM10EXT.dll
2009-07-09 02:03 . 2001-10-05 22:56 110649 ----a-w- c:\windows\system32\ICM10com.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-09 02:03 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-09 02:03 . 2001-10-05 23:00 3398 ----a-w- c:\windows\system32\drivers\icm10ply.sys
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- c:\temp\cs630_XP
2009-07-09 02:01 . 2009-07-09 02:01 -------- d-----w- C:\temp
2009-07-07 06:04 . 2009-06-14 23:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 04:03 . 2009-07-07 04:03 6041600 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\Release_01_3062.exe
2009-07-07 04:03 . 2009-07-07 04:03 56320 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
2009-07-07 04:03 . 2009-07-07 04:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
2009-07-07 04:03 . 2009-07-07 04:03 123138 ----a-w- c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
2009-07-07 03:40 . 2009-07-07 03:40 -------- d-----w- c:\program files\Trend Micro
2009-07-04 17:20 . 2009-07-04 17:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-01 22:18 . 2009-07-01 22:18 -------- d-----w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-01 16:42 . 2009-07-01 16:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-26 05:53 . 2009-06-26 05:53 637 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625225359.bat
2009-06-26 03:32 . 2009-06-26 03:32 2278 ----a-w- c:\documents and settings\MOM and DAD\Application Data\WinFF\ff090625203224.bat
2009-06-26 03:31 . 2009-07-04 19:20 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WinFF
2009-06-26 03:26 . 2009-06-26 03:26 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\MPEG Streamclip
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iPod
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\program files\iTunes
2009-06-26 03:19 . 2009-06-26 03:19 -------- d-----w- c:\program files\QuickTime
2009-06-26 03:18 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-26 03:18 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-26 03:17 . 2009-06-26 03:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 04:48 . 2009-07-04 19:20 -------- d-----w- c:\program files\Yahoo!
2009-06-22 03:02 . 2009-06-22 03:02 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\ritePen
2009-06-22 02:37 . 2009-06-22 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-06-22 02:37 . 2009-06-22 02:37 -------- d-----w- c:\program files\Rosetta Stone
2009-06-22 00:29 . 2009-07-12 06:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\WTablet
2009-06-22 00:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-22 00:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-22 00:27 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\windows\system32\WTablet
2009-06-22 00:27 . 2007-09-07 18:16 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
2009-06-22 00:27 . 2007-09-07 18:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
2009-06-22 00:27 . 2007-09-07 17:55 181544 ------w- c:\windows\system32\Wintab32.dll
2009-06-22 00:27 . 2009-06-22 00:29 -------- d-----w- c:\program files\Tablet
2009-06-17 00:38 . 2009-07-06 00:15 -------- d-----w- c:\program files\FeatherSoft Windows Hider
2009-06-14 06:42 . 2009-06-14 06:42 -------- d-----w- c:\program files\Moffsoft FreeCalc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:56 . 2009-05-05 04:21 -------- d-----w- c:\program files\Firefox
2009-07-12 06:58 . 2008-04-10 01:48 -------- d-----w- c:\program files\MSECache
2009-07-12 06:52 . 2008-05-29 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 23:05 . 2006-03-14 04:41 -------- d-----w- c:\program files\Java
2009-07-09 22:45 . 2009-05-30 23:35 1090248 ----a-w- c:\windows\system32\sfccache.dll
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-06 23:54 . 2008-11-15 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 02:55 . 2009-05-03 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 15:50 . 2008-10-18 00:45 34 ----a-w- c:\documents and settings\MOM and DAD\jagex_runescape_preferences.dat
2009-07-01 16:42 . 2009-05-16 05:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 16:42 . 2009-05-16 05:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 16:42 . 2009-05-16 05:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 03:21 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-26 03:20 . 2009-06-09 23:09 -------- d-----w- c:\program files\Bonjour
2009-06-22 18:26 . 2009-04-18 02:21 -------- d-----w- c:\program files\Cheat Engine
2009-06-22 03:01 . 2006-03-14 04:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 02:38 . 2009-06-09 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-18 19:15 . 2008-10-01 04:55 -------- d-----w- c:\program files\Steam
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\Apple Software Update
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-09 23:18 . 2007-09-06 03:29 33400 ----a-w- c:\documents and settings\MOM and DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 23:09 . 2006-03-22 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 03:17 . 2009-04-01 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-09 01:26 . 2009-06-09 01:26 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-08 23:11 . 2009-06-02 04:31 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 00:50 . 2009-06-02 04:33 65 ----a-w- c:\windows\system32\BD8060.DAT
2009-06-02 04:33 . 2009-06-02 04:32 -------- d-----w- c:\program files\Brother
2009-06-02 04:32 . 2006-03-14 04:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 04:31 . 2009-06-02 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-30 23:47 . 2007-11-13 13:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 23:47 . 2009-05-30 23:38 91 ----a-w- c:\windows\system32\aticom.dat
2009-05-27 04:59 . 2009-05-27 04:59 -------- d-----r- c:\documents and settings\MOM and DAD\Application Data\Brother
2009-05-25 19:57 . 2009-05-25 19:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-23 03:10 . 2009-05-23 03:10 -------- d-----w- c:\program files\directx
2009-05-23 03:04 . 2009-05-16 20:59 612 ----a-w- c:\windows\eReg.dat
2009-05-23 02:38 . 2009-05-23 02:36 -------- d-----w- c:\program files\PowerISO
2009-05-22 01:55 . 2009-05-16 05:53 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\AVGTOOLBAR
2009-05-16 22:48 . 2009-05-16 22:44 -------- d-----w- c:\documents and settings\MOM and DAD\Application Data\Any Video Converter
2009-05-16 05:56 . 2009-05-15 03:49 -------- d-----w- c:\program files\Common Files\Softwin
2009-05-16 05:53 . 2009-05-16 05:53 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-11 23:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_FE8D9346612A3FA1CA6C54.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_8558C8A0BCDE26BB5381A1.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe
2009-04-29 04:41 . 2009-04-29 04:41 3638 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_375698F2AAFD2C1E7FA1BC.exe
2009-04-29 04:41 . 2009-04-29 04:41 1406 ----a-r- c:\documents and settings\MOM and DAD\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_CE61F9F35DBEC87A3354B8.exe
2009-04-20 00:10 . 2009-04-20 00:10 390664 ----a-w- c:\documents and settings\MOM and DAD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-11 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 19:11 . 2008-10-23 04:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-15 14:51 . 2004-08-11 23:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-09 06:08 . 2006-04-05 20:38 56 --sh--r- c:\windows\system32\491A85F95E.sys
2008-11-09 06:08 . 2006-04-05 20:38 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\sfccache.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 1090248
Created time: 2009-05-30 23:35
Modified time: 2009-07-09 22:45
MD5: D0FF7C2A3DDCB7004A70376659E705B5
SHA1: 95C06B98451DC5388955BF7A89F3B2DA4F4B7261
((((((((((((((((((((((((((((( SnapShot@2009-07-10_16.19.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 00:34 . 2001-11-09 23:01 24064 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ativcoxx.dll
+ 2009-07-13 00:34 . 2009-02-25 20:38 17408 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atitvo32.dll
+ 2009-07-13 00:34 . 2009-02-25 21:26 53248 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ATIDDC.DLL
+ 2009-07-13 00:34 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\aticalrt.dll
+ 2009-07-13 00:34 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\aticalcl.dll
+ 2009-07-13 00:34 . 2009-02-25 21:29 26112 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\Ati2mdxx.exe
+ 2009-07-13 00:34 . 2009-02-25 20:37 53248 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2erec.dll
+ 2009-07-13 00:34 . 2009-02-25 21:29 43520 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2edxx.dll
+ 2009-07-13 00:34 . 2009-02-25 20:44 49664 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\amdpcom32.dll
+ 2009-07-13 00:52 . 2001-11-09 16:01 24064 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativcoxx.dll
- 2008-10-03 00:36 . 2001-11-09 23:01 24064 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativcoxx.dll
+ 2009-07-13 00:52 . 2009-02-25 20:38 17408 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atitvo32.dll
- 2008-10-03 00:36 . 2006-02-10 03:27 17408 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atitvo32.dll
+ 2009-07-13 00:52 . 2009-02-25 21:26 53248 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIDDC.DLL
- 2008-10-03 00:36 . 2006-02-10 03:51 53248 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIDDC.DLL
+ 2009-07-13 00:52 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0002\DriverFiles\aticalrt.dll
+ 2009-07-13 00:52 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0002\DriverFiles\aticalcl.dll
+ 2009-07-13 00:52 . 2009-02-25 21:29 26112 c:\windows\system32\ReinstallBackups\0002\DriverFiles\Ati2mdxx.exe
- 2008-10-03 00:36 . 2006-02-10 03:53 26112 c:\windows\system32\ReinstallBackups\0002\DriverFiles\Ati2mdxx.exe
+ 2009-07-13 00:52 . 2009-02-25 20:37 53248 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2erec.dll
+ 2009-07-13 00:52 . 2009-02-25 21:29 43520 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2edxx.dll
- 2009-03-01 06:04 . 2009-02-04 03:58 49664 c:\windows\system32\ReinstallBackups\0002\DriverFiles\amdpcom32.dll
+ 2009-07-13 00:52 . 2009-02-25 20:44 49664 c:\windows\system32\ReinstallBackups\0002\DriverFiles\amdpcom32.dll
- 2008-10-03 00:35 . 2001-11-09 23:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2009-07-13 00:52 . 2001-11-09 16:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
- 2008-10-03 00:35 . 2005-08-04 09:08 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2009-07-13 00:52 . 2009-02-04 03:52 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
- 2008-10-03 00:35 . 2005-08-04 10:02 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2009-07-13 00:52 . 2009-02-04 04:40 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2009-07-13 00:52 . 2009-02-04 02:43 45056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticalrt.dll
+ 2009-07-13 00:52 . 2009-02-04 02:42 45056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticalcl.dll
+ 2009-07-13 00:52 . 2009-02-04 04:43 26112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2009-07-13 00:52 . 2009-02-04 03:52 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2009-07-13 00:52 . 2009-02-04 04:43 43520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2009-07-13 00:52 . 2009-02-04 03:58 49664 c:\windows\system32\ReinstallBackups\0001\DriverFiles\amdpcom32.dll
- 2006-03-14 04:29 . 2001-11-09 23:01 24064 c:\windows\system32\ativcoxx.dll
+ 2009-07-13 00:42 . 2001-11-09 23:01 24064 c:\windows\system32\ativcoxx.dll
+ 2009-07-13 00:42 . 2009-02-25 20:38 17408 c:\windows\system32\atitvo32.dll
- 2006-03-14 04:29 . 2009-02-04 03:52 17408 c:\windows\system32\atitvo32.dll
- 2006-03-14 04:29 . 2009-02-04 04:40 53248 c:\windows\system32\ATIDDC.DLL
+ 2009-07-13 00:42 . 2009-02-25 21:26 53248 c:\windows\system32\ATIDDC.DLL
+ 2009-07-13 00:42 . 2009-02-25 20:32 45056 c:\windows\system32\aticalrt.dll
- 2009-02-04 02:43 . 2009-02-04 02:43 45056 c:\windows\system32\aticalrt.dll
- 2009-02-04 02:42 . 2009-02-04 02:42 45056 c:\windows\system32\aticalcl.dll
+ 2009-07-13 00:42 . 2009-02-25 20:32 45056 c:\windows\system32\aticalcl.dll
- 2006-03-14 04:29 . 2009-02-04 04:43 43520 c:\windows\system32\ati2edxx.dll
+ 2009-07-13 00:42 . 2009-02-25 21:29 43520 c:\windows\system32\ati2edxx.dll
+ 2009-07-13 00:34 . 2009-02-25 21:29 155648 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\Oemdspif.dll
+ 2009-07-13 00:34 . 2008-08-21 01:37 887724 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ativva6x.dat
+ 2009-07-13 00:34 . 2009-02-25 21:30 204800 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atipdlxx.dll
+ 2009-07-13 00:34 . 2009-02-25 20:35 290816 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atiok3x2.dll
+ 2009-07-13 00:34 . 2009-02-25 20:40 475136 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atikvmag.dll
+ 2009-07-13 00:34 . 2009-02-25 21:09 307200 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atiiiexx.dll
+ 2009-07-13 00:34 . 2009-01-26 17:55 182995 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atiicdxx.dat
+ 2009-07-13 00:34 . 2009-02-25 21:42 442368 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ATIDEMGX.dll
+ 2009-07-13 00:34 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atibrtmon.exe
+ 2009-07-13 00:34 . 2009-02-25 20:38 126976 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atiadlxx.dll
+ 2009-07-13 00:34 . 2009-02-25 21:27 602112 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2evxx.exe
+ 2009-07-13 00:34 . 2009-02-25 21:29 155648 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2evxx.dll
+ 2009-07-13 00:34 . 2009-02-25 21:41 325120 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2dvag.dll
+ 2009-07-13 00:34 . 2009-02-25 20:32 626688 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2cqag.dll
+ 2009-07-13 00:52 . 2009-02-25 21:29 155648 c:\windows\system32\ReinstallBackups\0002\DriverFiles\Oemdspif.dll
+ 2009-07-13 00:52 . 2009-02-04 04:13 887724 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativva6x.dat
- 2009-03-01 06:04 . 2008-08-21 01:37 887724 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativva6x.dat
+ 2009-07-13 00:52 . 2009-02-25 21:30 204800 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atipdlxx.dll
+ 2009-07-13 00:52 . 2009-02-25 20:35 290816 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiok3x2.dll
+ 2009-07-13 00:52 . 2009-02-25 20:40 475136 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atikvmag.dll
- 2008-10-03 00:36 . 2006-02-10 04:03 307200 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiiiexx.dll
+ 2009-07-13 00:52 . 2009-02-25 21:09 307200 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiiiexx.dll
+ 2009-07-13 00:52 . 2009-01-26 17:55 182995 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiicdxx.dat
+ 2009-07-13 00:52 . 2009-02-25 21:42 442368 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIDEMGX.dll
- 2009-03-01 06:04 . 2009-02-04 04:56 442368 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIDEMGX.dll
- 2009-03-01 06:04 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ATIBRTMON.EXE
+ 2009-07-13 00:52 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atibrtmon.exe
+ 2009-07-13 00:52 . 2009-02-25 20:38 126976 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atiadlxx.dll
+ 2009-07-13 00:52 . 2009-02-25 21:27 602112 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2evxx.exe
+ 2009-07-13 00:52 . 2009-02-25 21:29 155648 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2evxx.dll
+ 2009-07-13 00:52 . 2009-02-25 21:41 325120 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2dvag.dll
+ 2009-07-13 00:52 . 2009-02-25 20:32 626688 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2cqag.dll
+ 2009-07-13 00:52 . 2009-02-04 04:44 155648 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2009-07-13 00:52 . 2009-02-04 04:13 887724 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat
- 2009-03-01 06:04 . 2008-08-21 01:37 887724 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat
+ 2009-07-13 00:52 . 2009-02-04 04:44 196608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2009-07-13 00:52 . 2009-02-25 20:35 290816 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll
+ 2009-07-13 00:52 . 2009-02-25 20:40 475136 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2009-07-13 00:52 . 2009-02-04 03:44 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
- 2008-10-03 00:35 . 2005-08-04 13:07 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2009-07-13 00:52 . 2008-10-29 22:13 180720 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2009-07-13 00:52 . 2009-02-04 04:56 442368 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll
+ 2009-07-13 00:52 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atibrtmon.exe
+ 2009-07-13 00:52 . 2009-02-04 03:53 122880 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiadlxx.dll
+ 2009-07-13 00:52 . 2009-02-04 04:41 602112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2009-07-13 00:52 . 2009-02-04 04:43 155648 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2009-07-13 00:52 . 2009-02-25 21:41 325120 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2009-07-13 00:52 . 2009-02-25 20:32 626688 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2009-07-13 00:42 . 2009-02-25 21:29 155648 c:\windows\system32\Oemdspif.dll
- 2006-03-14 04:29 . 2009-02-04 04:44 155648 c:\windows\system32\Oemdspif.dll
+ 2009-07-13 00:42 . 2009-02-25 21:30 204800 c:\windows\system32\atipdlxx.dll
+ 2009-07-13 00:42 . 2009-02-25 20:35 290816 c:\windows\system32\atiok3x2.dll
- 2008-08-21 01:17 . 2009-02-04 05:03 290816 c:\windows\system32\atiok3x2.dll
+ 2009-07-13 00:42 . 2009-02-25 20:40 475136 c:\windows\system32\atikvmag.dll
+ 2009-07-13 00:42 . 2009-02-25 21:09 307200 c:\windows\system32\atiiiexx.dll
- 2006-03-14 04:29 . 2009-02-04 03:44 307200 c:\windows\system32\atiiiexx.dll
- 2008-08-21 02:19 . 2009-02-04 04:56 442368 c:\windows\system32\ATIDEMGX.dll
+ 2009-07-13 00:42 . 2009-02-25 21:42 442368 c:\windows\system32\ATIDEMGX.dll
- 2008-08-05 21:14 . 2008-10-21 18:51 118784 c:\windows\system32\atibrtmon.exe
+ 2009-07-13 00:42 . 2008-10-21 18:51 118784 c:\windows\system32\atibrtmon.exe
+ 2008-10-03 00:36 . 2009-02-25 22:15 593920 c:\windows\system32\ati2sgag.exe
- 2008-10-03 00:36 . 2009-02-04 05:05 593920 c:\windows\system32\ati2sgag.exe
- 2006-03-14 04:29 . 2009-02-04 04:41 602112 c:\windows\system32\ati2evxx.exe
+ 2009-07-13 00:42 . 2009-02-25 21:27 602112 c:\windows\system32\ati2evxx.exe
+ 2009-07-13 00:42 . 2009-02-25 21:29 155648 c:\windows\system32\ati2evxx.dll
- 2006-03-14 04:29 . 2009-02-04 04:43 155648 c:\windows\system32\ati2evxx.dll
+ 2009-07-12 06:59 . 2009-07-12 06:59 472064 c:\windows\Installer\486a4.msi
+ 2009-07-13 00:34 . 2009-02-25 20:59 2670080 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ativvaxx.dll
+ 2009-07-13 00:34 . 2008-08-21 01:37 3107788 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ativva5x.dat
+ 2009-07-13 00:34 . 2009-02-25 20:30 3227648 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\aticaldd.dll
+ 2009-07-13 00:34 . 2009-02-25 21:16 3817984 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati3duag.dll
+ 2009-07-13 00:34 . 2009-02-25 22:58 3565568 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\ati2mtag.sys
+ 2009-07-13 00:52 . 2009-02-25 20:59 2670080 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativvaxx.dll
- 2009-03-01 06:04 . 2008-08-21 01:37 3107788 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativva5x.dat
+ 2009-07-13 00:52 . 2009-02-04 04:13 3107788 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ativva5x.dat
+ 2009-07-13 00:52 . 2009-02-25 20:30 3227648 c:\windows\system32\ReinstallBackups\0002\DriverFiles\aticaldd.dll
+ 2009-07-13 00:52 . 2009-02-25 21:16 3817984 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati3duag.dll
+ 2009-07-13 00:52 . 2009-02-25 22:58 3565568 c:\windows\system32\ReinstallBackups\0002\DriverFiles\ati2mtag.sys
+ 2009-07-13 00:52 . 2009-02-25 20:59 2670080 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
- 2009-03-01 06:04 . 2008-08-21 01:37 3107788 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat
+ 2009-07-13 00:52 . 2009-02-04 04:13 3107788 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat
+ 2009-07-13 00:52 . 2009-02-04 02:40 3244032 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticaldd.dll
+ 2009-07-13 00:52 . 2009-02-25 21:16 3817984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2009-07-13 00:52 . 2009-02-04 07:27 3488768 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2009-07-13 00:42 . 2009-02-25 20:30 3227648 c:\windows\system32\aticaldd.dll
+ 2009-07-13 00:34 . 2009-02-25 21:30 11841536 c:\windows\system32\ReinstallBackups\0017\DriverFiles\B_76557\atioglxx.dll
+ 2009-07-13 00:52 . 2009-02-25 21:30 11841536 c:\windows\system32\ReinstallBackups\0002\DriverFiles\atioglxx.dll
+ 2009-07-13 00:52 . 2009-02-04 05:57 11702272 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2009-07-13 00:42 . 2009-02-25 21:30 11841536 c:\windows\system32\atioglxx.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 23:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-10-09 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 16:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MOM and DAD^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\MOM and DAD\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=2 (0x2)
"ZuneNetworkSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WUSB300NSvc"=2 (0x2)
"TabletServicePen"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\motox822\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"zϐ|,|-|q-|x-|>"= zϐ|,|-|q-|x-|>:Nod32 Runtime
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2009 10:53 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2009 10:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/15/2009 10:53 PM 298776]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/8/2009 7:23 PM 47640]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [6/21/2009 5:27 PM 1373480]
S4 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [2/27/2008 8:11 PM 53307]
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-07-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 02:22]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\MOM and DAD\Application Data\Mozilla\Firefox\Profiles\oqlefedq.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 20:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3149744984-3560293793-1601873477-1012\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D04B2C9-617C-D7FB-8978-839558E2F1F7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naabkjhddgnjldoedjfapccbbooe"=hex:6b,61,65,70,70,66,63,6e,6f,66,63,69,65,6d,
66,61,61,6b,62,66,65,63,00,00
"magjenmchjjaihbpacdhfnpgoc"=hex:6a,61,70,70,6c,69,69,6d,68,6d,6a,70,70,69,63,
68,68,6f,68,6a,00,d2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-07-13 20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 03:53
ComboFix2.txt 2009-07-11 20:42
ComboFix3.txt 2009-07-10 16:21
ComboFix4.txt 2009-07-06 23:24
Pre-Run: 121,070,510,080 bytes free
Post-Run: 120,951,164,928 bytes free
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
494 --- E O F --- 2009-07-13 01:00
ESET Log: (Pretty sure this isn't a Trojan)
C:\Program Files\Cheat Engine\dbk32.sys probably a variant of Win32/Genetik trojan
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:26 PM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 7053 bytes
Bio-Hazard
2009-07-15, 11:37
Sorry this took so long to reply.. I didn't realize we went on to a second page. Anyways here is what you asked for.
It is ok. No harm done.
I am starting to think this problem is not from a virus.This is possibility.
ESET Log: (Pretty sure this isn't a Trojan)
C:\Program Files\Cheat Engine\dbk32.sys probably a variant of Win32/Genetik trojanIt is not a Trojan. Antivirus programs flags it because the nature of the program.
Disable Teatimer
Please disable Teatimer as it may interfere with the fix.
If you have version 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings in TeaTimer.
Download and run OTM
Download OTM (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.
Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.
:Reg
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
:Files
c:\windows\system32\sfccache.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Update Java Runtime:
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason it's extremely important that you keep the program up to date and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
Go to HERE (http://java.sun.com/javase/downloads/index.jsp)
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 14
Click the Download button to the right
From the dropdown menu choose your platform. Which is Windows
Dont change the language box.
Click on the radio button to Accept License Agreement and after that click continue
Click on Windows Offline Installation Multi-language and save the downloaded file to your computer
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 2 Runtime Environment JRE or JSE)
Reboot your computer
Delete the folder C:\Program Files\Java if present
Install the new version by running the newly-downloaded file and follow the on-screen instructions.
Reboot your computer
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are known security issues with older versions of Adobe Reader. It is strongly suggested that you update to the current version. Please uninstall older version of Adobe Reader before installing the latest version.
If you are using a FULL featured, purchased version of Adobe Acrobat Reader.
These instructions will remove the current version of Adobe Reader and replace it with the limited feature FREE version. If you want to replace the paid for version with the free version, then continue, otherwise DO NOT perform these steps!
Click Start
Control Panel
Double clicking on Add/Remove Programs
Locate older version of Adobe Reader and click on Change/Remove to uninstall it
Click HERE (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.
If you don't like Adobe Reader, you can download Foxit PDF Reader from HERE (http://www.filehippo.com/download_foxit/download/423817ca4028434efe3f6174b07468b0/FoxitReader30_enu_Setup.exe). It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
Optional Fix
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546).
I recommend that you remove the Viewpoint products; however, decide for yourself.
To uninstall the the Viewpoint components :
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:
Open AOL
Go to Help on the toolbar
Select About AOL
Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
OTM Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
motox822
2009-07-16, 03:18
Description:
My computer still freezes up when I run certain programs. This happens mostly when watching videos. Sometimes when it freezes i will try to click something to check if it is frozen and the internal speaker inside my CPU lets out a never ending beep. I have tried updating video drivers and moving my RAM into different plugs but have had no luck. Like I said before, the application will freeze first, the whatever else I click, such as the task bar, will then freeze too. I can still move my mouse but cannot use Ctrl-Alt-Delete.
OTM Log: (It said something cannot be written when doing something with sfccache.dll)
All processes killed
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3bc75a2-1f87-4686-aa43-5347d756017c}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}\ not found.
========== FILES ==========
LoadLibrary failed for c:\windows\system32\sfccache.dll
c:\windows\system32\sfccache.dll NOT unregistered.
c:\windows\system32\sfccache.dll moved successfully.
DllUnregisterServer procedure not found in c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll NOT unregistered.
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Connor.DON
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Don
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65670 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: MOM and DAD
->Temp folder emptied: 138192 bytes
->Temporary Internet Files folder emptied: 1170236 bytes
->Java cache emptied: 30418277 bytes
->FireFox cache emptied: 45713510 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: SHARON
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19793 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.
Windows Temp folder emptied: 2555106 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 76.37 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07152009_093400
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.
Registry entries deleted on Reboot...
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:28 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143051743265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 7094 bytes
Bio-Hazard
2009-07-16, 09:37
Boot into Safe mode.
Here are the instructions how to boot into safe mode in Windows XP
If the computer is running shut down Windows and then turn off the power
Wait 30 seconds and then turn the computer on.
Start tapping the F8 key.(if this doesn't work try the F5 key) The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon some computers display a keyboard error message. To resolve this restart the computer and try again.
Ensure that the Safe mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
You can see Safe mode in every corner of your screen
When you are finished with all troubleshooting close all programs and restart the computer as you normally would.
Remove HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.
Not a Malware Issues
At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum like the Browsers, Internet & email forum (http://forums.whatthetech.com/Browsers_Internet_and_email_f123.html) at WhatTheTech (http://forums.whatthetech.com/forums.html). They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.
I'm sorry that I could not be of more help to you, and I wish you the best of luck with solving your computer problems. If you have any questions or require any other assistance please let me know.
You can get rid of the tools we used:
RootRepeal - (You can just delete the exe file from your desktop)
ATF cleaner - (You can just delete the exe file from your desktop)
Delete ComboFix and Clean Up
Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
http://i147.photobucket.com/albums/r301/DFW_photos/CF_Cleanup.png
Please advise if this step is missed for any reason as it performs some important actions.
OTC
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.
Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
You can now re-enable Spybots teatimer
General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site (http://update.microsoft.com/microsoftupdate) on a regular basis.
NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) or F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html). I suggest that you run one of them at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE (http://surfthenetsafely.com/ieseczone8.htm)
Recommended Programs
I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE (http://www.winpatrol.com/).
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE (http://www.webopedia.com/TERM/A/ActiveX_control.html). You can download SpywareBlaster from HERE (http://www.javacoolsoftware.com/sbdownload.html).
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE (http://forum.malwareremoval.com/viewtopic.php?t=22187) and for more information regarding host files read HERE (http://www.mvps.org/winhelp2002/hosts.htm).
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox (http://www.mozilla.com/en-US/firefox/) or Opera (http://www.opera.com/download/)
Here is a great article by miekiemoes How to prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html).
Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php). You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy surfing and stay clean!
Bio-Hazard
motox822
2009-07-16, 09:46
Bio-Hazard,
I have read your final post and have done everything you have said. Thank you for helping me clean up my machine and thanks for all of the advice.
-motox822
Bio-Hazard
2009-07-16, 09:51
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.