View Full Version : Major malware problem that will not go away
I have been suffering from malware (or a virus?) for some time now and it is driving me mad. Initially it started with me opening my browser in which another browser would open and go to some ad site. Then when I went to any site (legitimate ones like a news site for example) a new browser would open taking me to again some odd ad site. This happened for a few weeks, I ran my anti-virus and kept on getting nothing, or it would pick up something, isolate/heal/delete etc, but still problem persisted. Then things started getting worse. Whenever I clicked on my username to log on, I would just get a blue screen, so I either re-started by computer or had to use ctrl + alt+ delete to log off and log on again. After finding this “fix” to that problem, couple days later suddenly my task bar/desktop and general features (windows boxes etc) morphed into some Windows classic/XP hybrid. Then my internet would stop connecting: “no wireless connection is found”. There are other computers in the house which are connected to our wireless network and they work fine, it is only mine that is affected Thus I resorted to the “fix” of having to re-start a dozens times or so till I get a connection.
Then when everything is going "fine and dandy" (after dozens re-starts to get a connection + having the windows classic look) bam! The computer randomly re-starts (thus I repeat the above “fix”). It is like I am playing a game of cat and mouse with my pc/malware/virus or whatever it is that is ruining my computer. In my attempt to solve this myself I downloaded anti-malware software etc, run the scan, malware detected and removed, I can even get my WindowsXP look. Problem solved? NO. I restart my pc and all goes back to malware state.
Download another anti-malware software, malware removed, problem "solved", restart computer and malware is back. I have run repeated anti-virus scans as well and same thing happens, detects something (or in other cases nothing), get rid of it, re-start and back to virus/malaware situation. I ran the windows onecare live and it detecting 6 items + 6 issues, only 3 of each it cured.
Please help me! I just want my computer back! (currently i have done “fix” for the computer –as above- and am afraid to turn it off/restart).
Many thanks!
DDS log below (i am not sure if the second log "attach" is wanted, nor do i know how to zip it):
DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 4:33:40.79 on 28/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.62 [GMT 1:00]
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\firewa~1.lnk - c:\windows\system32\net.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - hxxp://207.226.177.98/gba1402.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli scfcder.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-5 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-5 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-26 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-21 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-21 5897808]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-29 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-29 235120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-5 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-5 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-5 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S2 ScheduleVAIOMediaPlatform-VideoServer-UPnP;Task Scheduler ScheduleVAIOMediaPlatform-VideoServer-UPnP;c:\windows\system32\adobepdfk.exe srv --> c:\windows\system32\AdobePDFk.exe srv [?]
S2 stisvcUPS;Windows Image Acquisition (WIA) stisvcUPS;c:\windows\system32\1037a.exe srv --> c:\windows\system32\1037a.exe srv [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-5 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-29 87664]
=============== Created Last 30 ================
==================== Find3M ====================
2010-06-28 03:33:21 26490195 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-21 16:26:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:20:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-30 23:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 23:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
============= FINISH: 4:38:32.59 ===============
Hi.
Please read the following information carefully.
IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:
Continue to respond to this thread until I I tell you that the logs are clean!
Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
Please follow all instructions in the order posted.
If you have any questions or do not understand instructions, please ask before continuing.
Please reply to this thread. Do not start a new topic.
Please post the second log in your next reply just as you did with the first log in your previous post.
Hi Victor,
Here is the second log:
(Also do i delete the DDS program entirely or do i keep it? As the instructions say to delete it from the desktop but i still have it installed)
--------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/08/2004 20:52:53
System Uptime: 26/06/2010 18:37:09 (34 hours ago)
Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 9.223 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 127.191 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP2096: 05/06/2010 06:18:25 - Avg Update
RP2097: 06/06/2010 01:03:04 - Installed Adobe Photoshop CS2
RP2098: 08/06/2010 16:03:33 - System Checkpoint
RP2099: 08/06/2010 23:18:39 - System Checkpoint
RP2100: 09/06/2010 23:57:01 - System Checkpoint
RP2101: 11/06/2010 19:32:59 - System Checkpoint
RP2102: 14/06/2010 15:20:05 - System Checkpoint
RP2103: 15/06/2010 17:07:14 - System Checkpoint
RP2104: 18/06/2010 21:56:42 - System Checkpoint
RP2105: 20/06/2010 00:59:54 - System Checkpoint
RP2106: 20/06/2010 04:52:07 - Spybot-S&D Spyware removal
RP2107: 21/06/2010 17:18:57 - Avg Update
RP2108: 21/06/2010 17:27:01 - Avg Update
RP2109: 21/06/2010 22:55:22 - Cleaned registry with Windows Live OneCare safety scanner
RP2110: 23/06/2010 06:36:17 - System Checkpoint
RP2111: 24/06/2010 09:00:51 - System Checkpoint
RP2112: 25/06/2010 09:06:20 - System Checkpoint
RP2113: 25/06/2010 13:14:21 - Installed Windows Defender
RP2114: 26/06/2010 13:27:24 - System Checkpoint
RP2115: 26/06/2010 16:58:31 - Cleaned registry with Windows Live OneCare safety scanner
RP2116: 26/06/2010 18:11:22 - Software Distribution Service 3.0
RP2117: 27/06/2010 21:22:04 - System Checkpoint
==== Installed Programs ======================
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware SE Personal
Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java 2 Runtime Environment, SE v1.4.2_01
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997
==== Event Viewer Messages From Past Week ========
26/06/2010 02:32:17, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.8 did not allow the name to be claimed by this machine.
26/06/2010 01:11:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Sony TV Tuner Manager with arguments "-Service" in order to run the server: {C6FA1982-15D6-41CB-81F7-780F3B83C5A2}
25/06/2010 04:51:49, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.6 did not allow the name to be claimed by this machine.
24/06/2010 19:01:46, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
24/06/2010 19:01:46, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
==== End Of File ===========================
I'm sorry about the delay. I hope to post my set of instructions for you within the next 24 hours.
Please do not delete DDS or any other tool downloaded during the fix until the computer is clean.
You may want to print out or save these instructions to file since you will not be connected to internet in Safe Mode:
Please download GMER Rootkit Scanner from Here (http://www.gmer.net/download.php), save it to your desktop and note the filename (don't change the suggested random name!). Do not run the program yet.
Which anti malware programs did you try? Ad-Aware, Hitman Pro, Malwarebytes' Anti Malware, Windows Defender?
If you tried Malwarebytes' Anti Malware, please post the most recent log:
Start MBAM... click the Logs tab at the top.
The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
Click on the most recent log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
Please copy and paste the entire contents of the file in your next reply.
Exit MBAM when done.
Multiple firewalls
Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall will provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources.
I recommend that you uninstall one of the firewalls, i.e. Sunbelt Personal Firewall. To uninstall go to: Start -> Control Panel -> Add or Remove Programs.
Note: Please do not reboot your computer after the uninstall.
Uninstall misc programs
Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.
Please uninstall Spybot Search and Destroy to avoid any conflicts with the tools we are going to use. I will include instructions to reinstall later.
Java 2 Runtime Environment, SE v1.4.2_01
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
If you have closed Add/remove programs. Click on Start -> Control Panel -> Add or Remove Programs.
Uninstall the programs listed above. Please postpone any reboots.
Instructions to reboot you computer.
Please reboot your computer normally to check if the firewall uninstall solved any problems. If there's still lots of trouble, start your computer in safe mode and follow the rest of the instructions in this post.
To start the computer in safe mode:
During startup, but before the Windows logo appears, tap the F5/F8 key continually or hold down the Shift key;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
When asked to proceed to safe mode, click Yes.
Make sure AVG is disabled, then follow the GMER instructions as described below.
When finished reboot the computer normally to post the results..
Disable AVG
Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.
GMER
Double click the GMER .exe file. If asked to allow gmer's ".sys" driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All << (don't miss this one)
See image below, Click the image to enlarge it
http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
If GMER crashes, please try the scan in safe mode (if not already there).
DDS
There should still be a copy of DDS on your desktop. If not, please download DDS by sUBs from one of the links below and save it to your desktop:
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop
Link1 (http://www.techsupportforum.com/sectools/sUBs/dds)
Link2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link3 (http://www.forospyware.com/sUBs/dds/dds.pif) <<< right click and select Save as...
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on the dds icon, a command window will appear. This is normal.
Two logs will appear when the scan is finished:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
You can now enable AVG
When ready, please post (you can use more than one post):
the answer to any questions
the MBAM log
the GMER log
the dds logs
did any problems occur while following the instructions?
Sorry to raise this concern about the firewall issue before i proceed:
My AVG anti-virus & the firewall that comes with it are from the AVG-30 day trial, which is about to expire within 24 hours. I had the AVG free (as a virus scan tool) for a while but when this problem started I decided to update the version (in hopes of solving this) as a result I got the full 30 day free trial. (Sunbelt served as my firewall).
I am going to loose the AVG fire wall pretty soon.
Should I disable the AVG firewall instead?
Yes, instead of uninstalling Sunbelt Personal Firewall, you can disable AVG Firewall. If you need instructions, here they are:
Open the AVG User Interface.
Double click on the Firewall component.
Choose the Firewall disabled option.
Confirm changes by clicking on the Save changes button.
Postpone any reboots.
Then follow the rest of the instructions in my previous post. :)
I ran all 4 anti Malware software. Ad-Aware did not detected anything neither did Windows Defender. Hitman Pro and Malwarebytes' Anti Malware did.
Malwarebytes' Anti Malware log, this is the first scan I ran which detected malware, the subsqeunt scans I ran (3 more) did not detect anything
This is the first scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4236
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/06/2010 04:15:44
mbam-log-2010-06-25 (04-15-44).txt
Scan type: Quick scan
Objects scanned: 140691
Time elapsed: 17 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportMgmtService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RapportService.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\OWNER\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
-------------------------------
This is the latest scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4236
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
25/06/2010 12:22:42
mbam-log-2010-06-25 (12-22-42).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 252383
Time elapsed: 1 hour(s), 30 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER does not seem to work.
When i first tried it I received a Blue Screen error causing my computer to re-start.
I tried it again and the same happened, but after an hour-2hours.
Tried it a third time and i received the 1x0006 error message (i think that is what it is called, but with more numbers) with GMER shutting down.
I ran GMER in Safe Mode and it worked without crashing however the scan did not work properly, well at least the data did not collect into the GMER programme.
Another issue i have with GMER is that as soon as i open it runs a super fast scan, before i can carry out the instructions you gave and start a proper scan, attempts to cancel that "super fast start up scan" cause GMER to shut down/freeze.
After running GMER in Safe Mode these are the "results" -only of the super fast start scan, even though the bar at the bottom showed scanning taking place and finished. (When i ran GMER in normal mode results/data did collect however my pc would crash with the Blue screen error or a different error message causing GMER would shut down).
The scan in normal and safe mode took hours to only have it crash in normal mode and get nothing in Safe Mode. :confused:
These are the "results" i could only get (of the super fast start scan):
1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-04 21:28:57
Windows 5.1.2600 Service Pack 3
Running: z330km67.exe; Driver: C:\DOCUME~1\OWNER\LOCALS~1\Temp\awldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xF81B5F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF81B5552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF81B1882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF81B4A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF81B4910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF81B4F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF81B6034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF81B1D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF81B1E70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF81B5906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF81B1B78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF81B50DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF81B5CE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF81B2038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF81B5BB2]
---- EOF - GMER 1.0.15 ----
Also seems that (thus far) when i re-start my computer the desktop/appearance does not revert back to classic style and i can connect to the internet easily, which was one of the problems I had earlier as mentioned in my first post.
The last anti-malware scan i ran was the Hit-man pro scan (on 26th June) which detected malware (before I came to these forums). After re-booting my pc following that scan I was able to re-set my desktop/appearance settings to XP and get an internet connection without a problem (and then I found these forums).
I only re-started my computer (first time in over a week) after following your instructions on uninstalling the programs you mentioned.
I did not want to shut down/re-start earlier in fear of loosing my connection. So this was unexpected.
So now it seems i do not have a problem re-booting my computer nor loosing connection (for now i have to say, as with these treacherous malware anything is possible and i know i am not out of the woods and not fully clean -as Malware bytes which I ran before Hitman pro did not detect what Hitman pro did).
Every time I re-start my pc (as I had to with the GMER problems) Hitman pro automatically starts a malware scan (which I cancel). Yet, despite cancelling each time it does detect two traces for proxy servers stating “Internet explorer is using a proxy to connect to the internet” –is that normal, as in that is the manner my wireless works which is being detected or something else?
Furthermore when I started in safe mode (for the GMER scan) my desktop had reverted to the classic look with the screen resolution changing to 800 by 600 pixels not the setting I have of 1024 by 768 pixels, is that normal for safe mode?
It is normal with the classic look and lower screen resolution in safe mode.
The default settings of Hitman Pro is to scan at every reboot, this can be deactivated and is not a sign of infection. In general using a wireless network would not require the use of a proxy server. You can try to reset the proxy settings. To do this:
For Internet Explorer: Click the Tools menu -> Internet Options -> Connections tab -> Lan Settings -> uncheck "use a proxy server" and check to "Automatically detect settings". Click OK and reboot the computer.
The MBAM scan log shows traces of the Win32/ZBOT (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot) infection.
You can see from the MS description - unfortunately it's not good:
Win32/Zbot is a family of password stealing trojans. Win32/Zbot also contains backdoor functionality that allows unauthorized access and control of an affected machine.
Due to the functionality of this type of malware, it's impossible to tell what may have been done when the system was compromised. Once infected with this type of infection, the best course of action is to reformat and reinstall Windows. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
If you have used this computer for shopping, banking, or other transactions, it would be wise to :
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
From a known clean computer, change ALL your online passwords -- ISP login password, your email address(es) passwords, banks, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password.
I can attempt to carry on cleaning this machine but I can't guarantee that it will be at all secure afterwards.
Should you have any questions, please feel free to ask.
Thats terrifying.
Has the Win32/ZBOT infection been removed from my PC? Or is it still around?
Does the Malwarebytes log say when i was infected?
Because I do not use this computer for transactions often (the last time i did it was last October/November 2009 and only because i had to). I am averse to online transactions and hate doing them, so try and avoid them as most as I can.
Credit card details and financial details i never keep on this pc (though i have saved online receipts mostly as paint documents –from print screen, -are they at risk)?
I have passwords etc, for various logins/emails stored on a word document. Is this also infected/may have been infected? (Changing them is not much of a problem for me). Thus far I do not think I have been hacked or compromised on online sites etc. If I change the details from a clean computer and access them from this one, will that lead to them being compromised again?
And i would like to keep cleaning my system, if that can be done (unfortunately GMER does not work –is it because of malware it is being blocked?).
Out of curiosity, why did my PC revert back to a classic look and i had difficulty getting an internet connection?? Was that the malware messing around with my systems?
Sorry to ask again, but are word and paint documents at risk, can they be compromised by Win32/malware/trojans? Can they access data/info from them?
Sorry to ask againDon't worry about the number of questions. I will try my best to answer them.
Does the Malwarebytes log say when i was infected?No, however we might find out by further investigation.
unfortunately GMER does not workThis is usually a sign of infection.
If I change the details from a clean computer and access them from this one, will that lead to them being compromised again?We do not know which infections might still be active on this computer and by using any passwords might compromise them again.
I will try my best to answer the remaining questions during the investigation and cleanup over the next posts.
Uninstall misc programs
Please uninstall these to avoid any conflicts with the removal process.
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware SE Personal
Windows Defender
Open Add/remove programs. Click on Start -> Control Panel -> Add or Remove Programs.
Uninstall the programs listed above (if found).
It appears to me that you don't use Norton Internet Security anymore (expired?). If so please also uninstall these:
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Hitman Pro
Open Hitman Pro
Click Settings, then uncheck the option to Scan computer daily during startup
Click History to view the quarantine
Please post filename, path and type of the threat(s) Hitman Pro has previously detected (no tracking cookies please).
Re-run DDS
There should still be a copy of DDS on your desktop. If not, please download DDS by sUBs from one of the links below and save it to your desktop:
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop
Link1 (http://www.techsupportforum.com/sectools/sUBs/dds)
Link2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link3 (http://www.forospyware.com/sUBs/dds/dds.pif) <<< right click and select Save as...
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on the dds icon, a command window will appear. This is normal.
Two logs will appear when the scan is finished:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
When ready, please post (you can use more than one post):
the information from Hitman Pro
the DDS logs
did any problems occur while following the instructions?
Hello...
It has been 2 days since my last post to you.
Do you still need help with this problem?
Do you need more time?
Are you having any trouble uninstalling the requested software? If so then tell me, I can find a solution to the problem.
Just let me know what's going on otherwise... After 24 hrs., if you have not replied to this thread... it will be closed!
Please post back even if you do not wish to continue.
Hi Victor,
I deeply apologise for not replying.
I had to go hospital for a family related matter, which is why I did not respond, it was unexpected otherwise I would have posted something.
I greatly appreciate your time and effort in assisting me and do wish to continue.
This is the Hitman pro log:
File Name: RDPCDD.sys
Path: C:\WINDOWS\Systems32\DRIVERS
Type: Malware
Deleted
(Sat 26th June 2010 06:43)
It is the only one which was dected (other than cookies).
DDS log part 1:
DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 18:01:32.60 on 08/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.76 [GMT 1:00]
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\firewa~1.lnk - c:\windows\system32\net.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - hxxp://207.226.177.98/gba1402.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scfcder.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-5 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-5 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-21 2331032]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-29 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-29 235120]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-5 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-5 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-5 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-21 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S2 ScheduleVAIOMediaPlatform-VideoServer-UPnP;Task Scheduler ScheduleVAIOMediaPlatform-VideoServer-UPnP;c:\windows\system32\adobepdfk.exe srv --> c:\windows\system32\AdobePDFk.exe srv [?]
S2 stisvcUPS;Windows Image Acquisition (WIA) stisvcUPS;c:\windows\system32\1037a.exe srv --> c:\windows\system32\1037a.exe srv [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-5 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-29 87664]
=============== Created Last 30 ================
2010-06-26 06:41:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:43:50 378 ----a-w- c:\windows\system32\.crusader
2010-06-26 05:36:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-26 05:35:51 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24:36 0 d-----w- c:\windows\system32\NtmsData
2010-06-26 00:04:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 02:53:05 0 d-----w- c:\docume~1\OWNER\applic~1\Malwarebytes
2010-06-25 02:52:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 02:52:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04:36 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-23 23:04:42 0 d-----w- c:\program files\Bonjour
2010-06-21 16:25:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
==================== Find3M ====================
2010-07-08 16:30:34 27032444 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-21 16:26:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-05 04:55:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 18:03:06.82 ===============
DDS log part 2:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/08/2004 20:52:53
System Uptime: 07/08/2010 17:54:33 (-719 hours ago)
Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 9.129 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 126.956 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP2096: 05/06/2010 06:18:25 - Avg Update
RP2097: 06/06/2010 01:03:04 - Installed Adobe Photoshop CS2
RP2098: 08/06/2010 16:03:33 - System Checkpoint
RP2099: 08/06/2010 23:18:39 - System Checkpoint
RP2100: 09/06/2010 23:57:01 - System Checkpoint
RP2101: 11/06/2010 19:32:59 - System Checkpoint
RP2102: 14/06/2010 15:20:05 - System Checkpoint
RP2103: 15/06/2010 17:07:14 - System Checkpoint
RP2104: 18/06/2010 21:56:42 - System Checkpoint
RP2105: 20/06/2010 00:59:54 - System Checkpoint
RP2106: 20/06/2010 04:52:07 - Spybot-S&D Spyware removal
RP2107: 21/06/2010 17:18:57 - Avg Update
RP2108: 21/06/2010 17:27:01 - Avg Update
RP2109: 21/06/2010 22:55:22 - Cleaned registry with Windows Live OneCare safety scanner
RP2110: 23/06/2010 06:36:17 - System Checkpoint
RP2111: 24/06/2010 09:00:51 - System Checkpoint
RP2112: 25/06/2010 09:06:20 - System Checkpoint
RP2113: 25/06/2010 13:14:21 - Installed Windows Defender
RP2114: 26/06/2010 13:27:24 - System Checkpoint
RP2115: 26/06/2010 16:58:31 - Cleaned registry with Windows Live OneCare safety scanner
RP2116: 26/06/2010 18:11:22 - Software Distribution Service 3.0
RP2117: 27/06/2010 21:22:04 - System Checkpoint
RP2118: 28/06/2010 22:18:04 - System Checkpoint
RP2119: 29/06/2010 09:29:43 - Avg Update
RP2120: 29/06/2010 09:32:29 - Avg Update
RP2121: 30/06/2010 09:32:45 - System Checkpoint
RP2122: 01/07/2010 09:56:45 - System Checkpoint
RP2123: 02/07/2010 10:20:47 - System Checkpoint
RP2124: 03/07/2010 10:56:44 - System Checkpoint
RP2125: 04/07/2010 04:04:44 - Removed Java 2 Runtime Environment, SE v1.4.2_01
RP2126: 04/07/2010 04:06:25 - Removed Java(TM) 6 Update 3
RP2127: 04/07/2010 04:07:27 - Removed Java(TM) 6 Update 5
RP2128: 05/07/2010 05:57:12 - System Checkpoint
RP2129: 06/07/2010 15:20:13 - System Checkpoint
RP2130: 07/07/2010 15:58:50 - System Checkpoint
RP2131: 08/07/2010 17:49:24 - Removed Windows Defender
RP2132: 08/07/2010 17:52:13 - Removed Norton WMI Update
==== Installed Programs ======================
Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997
==== Event Viewer Messages From Past Week ========
08/07/2010 16:07:59, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 001150C38F2E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
05/07/2010 12:51:50, error: System Error [1003] - Error code 00000050, parameter1 fa227000, parameter2 00000000, parameter3 b0270fec, parameter4 00000000.
04/07/2010 16:13:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/07/2010 10:51:09, error: System Error [1003] - Error code 00000050, parameter1 fb7535e8, parameter2 00000000, parameter3 b05d1d3d, parameter4 00000000.
04/07/2010 05:29:42, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CAROLLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{88F0FC77-B540-40. The master browser is stopping or an election is being forced.
04/07/2010 05:14:00, error: System Error [1003] - Error code 00000050, parameter1 f8db8008, parameter2 00000000, parameter3 b07b453e, parameter4 00000000.
04/07/2010 04:53:07, error: NetBT [4321] - The name "HOME :1d" could not be registered on the Interface with IP address 192.168.0.3. The machine with the IP address 192.168.0.8 did not allow the name to be claimed by this machine.
==== End Of File ===========================
I was unable to remove
Norton Internet Security
Norton Internet Security (Symantec Corporation)
I cannot find Norton Internet Security in the add/remove section.
Norton Internet Security (Symantec Corporation) refused to be removed. Initially it began to work then it (i assumed) finished, however was still present when i tried to remove it again i received an error message.
Once again Victor i want to apologise for the delay and would like to reiterate i am grateful for your assistance and time.
Ok, no problem.
Norton Removal Tool
Please go to Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)
Select the removal tool that corresponds to your installed Norton Product... Save it to your desktop.
Click the Norton Removal Tool, on your desktop, to begin the removal process.
Follow the prompts and instructions.
Warning
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear the infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this it would be wise for you to back up any important files and folders that you don't want to lose before you continue with the instructions below. You need to understand that any damages resulting from our attempts to help you clean your computer of malware are YOUR RESPONSIBILITY.
Disable AVG
Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.
Download and Run ComboFix
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please ensure you read the following guide carefully and install the Recovery Console when prompted.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Click here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) to visit BleepingComputer's ComboFix page for download links, and a guide for running the tool.
Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.
You can now enable AVG Antivirus.
When ready, please post (you can use more than one post):
the ComboFix log
did any problems occur while following the instructions?
Hi Victor,
Is Combo fix going to re-format my pc?
Is the malware situation that bad?
I want to transfer all my important files (mainly word documents) onto a USB sticks, is there any risk of the malware "jumping" onto the USB resulting in re-infection at a future date?
According to the properties section "My documents" is just under 1GB (800MB) is it wise to copy that into a USB (i have a 1GB USB)?
Just means saving all my work is far easier/quicker.
Is Combo fix going to re-format my pc?No, Combofix is a malware disinfection tool.
To securely use your usb stick without reformatting it:
Flash Disinfector
Safely remove your USB Stick from your computer (if connected). Please download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe)...by sUBs and save it to your desktop.
Double click Flash_Disinfector.exe to run it. If prompted with "Do you want to run this file?" ...press the "Yes" button.
Plug in your flash drive...when prompted.
Flash_Disinfector will start disinfecting your flash and hard drives.
This takes a few seconds. Your desktop will disappear in the meantime...this is normal.
When done, a message "Done!" box will appear. Click the OK...button.
Your desktop should now appear. If it doesn't, press (Ctrl + Shift + Esc) or (Ctrl+Alt+Delete) to open Task Manager.
Click on File...then select, press New Task (Run...).
In the "Create New Task" entry box...type in explorer.exe and press Enter. Your desktop should now appear.
Flash Disinfector, as a security measure, will put a folder called Autorun.inf on your hard drive(s) and each removable drive it processed.
This prevents malicious software from putting it's own "autorun.inf" file on the drive.
Note: This procedure should be performed on each flash drive you have, to prevent reinfection.
You can now copy your files onto the USB stick. Please disconnect it from the computer while running ComboFix.
Hey Victor,
Reading about Combo fix and the possible damage it can do is a bit worrying.
Decided to buy some new USBs and have been making copies of important files. I have not run Combo fix yet and will do so today once i finish (re-creating my "arrangement"/organised method on the pc into USBs is lot more time consuming than i imagined).
Thought i would post this in case you thought i have gone awol again.
Hey Victor,
Here is the Combo Fix log.
However some things of concern which happened as i ran this, my clock did not re-set nor did the internet connection disconnect -which the instruction guide said would happen.
Furthermore once the scan had began after about five minutes i left my pc, returning ten minutes later and my PC had re-start and i was at the user login screen. Once i logged back in ComboFix finished running, producing the log.
Is that normal -ComboFix restarting the PC?
(P.S. I have borrowed a laptop from my sister to do my work, so if my connection goes -for any reasons ect- i can still access this site).
-------------------------------------------------------------------
ComboFix 10-07-12.02 - OWNER 12/07/2010 22:39:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.143 [GMT 1:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\2280639600.dat
c:\windows\system32\zip32.dll
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SCHEDULEVAIOMEDIAPLATFORM-VIDEOSERVER-UPNP
-------\Legacy_STISVCUPS
-------\Service_ScheduleVAIOMediaPlatform-VideoServer-UPnP
-------\Service_stisvcUPS
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.
2010-07-12 02:15 . 2010-07-12 02:15 -------- d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-04 10:11 . 2010-07-04 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-06-26 06:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:36 . 2010-07-12 01:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35 . 2010-06-26 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-26 05:35 . 2010-06-26 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24 . 2010-06-26 03:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-26 01:27 . 2010-06-26 01:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-26 00:04 . 2010-06-26 00:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 23:58 . 2010-06-25 23:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-25 23:57 . 2010-07-02 16:02 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-06-25 23:56 . 2010-06-26 00:00 -------- d-----w- c:\program files\Google
2010-06-25 23:55 . 2010-07-08 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 02:53 . 2010-06-25 02:53 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04 . 2010-06-24 03:04 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 03:04 . 2010-06-24 03:04 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2010-06-23 23:04 . 2010-06-23 23:04 -------- d-----w- c:\program files\Bonjour
2010-06-23 22:57 . 2010-06-23 22:58 -------- d-----w- c:\program files\Safari
2010-06-23 22:37 . 2010-06-24 00:42 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 22:32 . 2010-06-23 22:34 -------- d-----w- c:\program files\QuickTime
2010-06-23 22:32 . 2010-06-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-23 04:50 . 2010-06-24 06:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf
2010-06-21 19:10 . 2010-06-26 05:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-21 16:25 . 2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 04:49 . 2010-06-18 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 21:19 . 2004-08-30 00:55 27047231 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-08 16:52 . 2003-12-02 09:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 16:48 . 2006-05-01 20:06 -------- d-----w- c:\documents and settings\OWNER\Application Data\Lavasoft
2010-07-04 03:30 . 2006-05-01 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 03:09 . 2006-05-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 03:07 . 2003-12-02 09:13 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 08:29 . 2010-06-29 08:29 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 22:40 . 2009-06-07 14:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 12:15 . 2004-08-29 20:44 69976 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 22:53 . 2010-06-23 22:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-23 04:53 . 2010-05-20 03:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 16:27 . 2010-06-21 16:27 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-21 16:27 . 2010-06-21 16:27 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-21 16:27 . 2010-06-21 16:27 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-21 16:27 . 2010-06-21 16:27 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-21 16:27 . 2010-06-21 16:27 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-21 16:27 . 2010-06-21 16:27 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-21 16:27 . 2010-06-21 16:27 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-21 16:26 . 2009-04-10 14:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24 . 2010-06-05 04:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20 . 2009-04-10 14:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 16:18 . 2010-06-21 16:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-21 16:18 . 2010-06-21 16:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-21 16:18 . 2010-06-21 16:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-20 04:25 . 2010-06-05 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-20 04:22 . 2010-01-25 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Biiv
2010-06-20 04:22 . 2007-04-10 08:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\Beilr
2010-06-07 14:59 . 2010-06-07 14:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVG9
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-06 00:09 . 2003-12-23 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 00:06 . 2010-06-06 00:06 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-05 05:18 . 2010-06-05 05:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-05 05:17 . 2006-11-25 18:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-05 04:58 . 2010-06-05 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-05 04:55 . 2010-06-05 04:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51 . 2010-06-05 04:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51 . 2010-06-05 04:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-05 04:49 . 2009-04-10 14:28 -------- d-----w- c:\program files\AVG
2010-06-04 22:47 . 2007-08-23 13:25 -------- d-----w- c:\documents and settings\OWNER\Application Data\Fehiz
2010-06-04 22:47 . 2005-02-04 21:18 -------- d-----w- c:\documents and settings\OWNER\Application Data\Ufuhi
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-06-04 18:02 . 2009-09-13 16:01 120 ----a-w- c:\windows\Mnefecofezip.dat
2010-06-03 23:43 . 2009-09-13 16:01 0 ----a-w- c:\windows\Uyuhupavidif.bin
2010-05-29 13:37 . 2006-11-14 00:31 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dyqios
2010-05-24 16:49 . 2010-05-24 16:49 503808 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcp71.dll
2010-05-24 16:49 . 2010-05-24 16:49 499712 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\jmc.dll
2010-05-24 16:49 . 2010-05-24 16:49 348160 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcr71.dll
2010-05-24 16:49 . 2010-05-24 16:49 61440 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-sse.dll
2010-05-24 16:49 . 2010-05-24 16:49 12800 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-d3d.dll
2010-05-24 16:49 . 2003-12-02 09:13 -------- d-----w- c:\program files\Java
2010-05-24 14:47 . 2007-02-07 14:33 -------- d-----w- c:\documents and settings\OWNER\Application Data\Loyb
2010-05-21 22:35 . 2010-05-21 22:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 12:14 . 2010-05-17 12:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird
2010-05-06 10:41 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-12-01 15:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-12-01 15:29 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 09:25 . 2010-06-05 04:58 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-13 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\OWNER\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-23 113664]
Firewall Engine.lnk - c:\windows\system32\net.exe [2003-12-1 42496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\half-life\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\counter-strike source\\hl2.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [05/06/2010 05:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [05/06/2010 05:55 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 15:29 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 15:29 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 10:21 72624]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/06/2010 17:25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/06/2010 17:20 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [05/06/2010 05:52 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [05/06/2010 05:52 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [05/06/2010 05:52 26192]
S0 fary;fary;c:\windows\system32\drivers\kmiwifwu.sys --> c:\windows\system32\drivers\kmiwifwu.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/06/2010 17:24 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 00:57 135664]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2010 05:54 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
.
Contents of the 'Scheduled Tasks' folder
2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 23:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\sony\vaio media music server\SSSvr.exe
c:\program files\sony\photo server\appsrv\PhotoAppSrv.exe
c:\program files\sony\giga pocket\GPVSvr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\sony\giga pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\ICO.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2010-07-12 23:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-12 22:12
Pre-Run: 9,432,141,824 bytes free
Post-Run: 9,938,661,376 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 2042D03D561AA53EA59AD68C74339C3C
However some things of concern which happened as i ran this, my clock did not re-set nor did the internet connection disconnect -which the instruction guide said would happen.
Don't worry about this and Combofix restarting the computer is normal.
Temp File Cleaner
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) and save it to your desktop.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. If needed will you be prompted to reboot. Reboot immediately.
Disable AVG
Open AVG User Interface.
Double-click on the Resident Shield.
Un-tick the option Resident Shield active.
Save the changes and close the window.
Note: Don't forget to re-enable it after the fix.
Combofix
Open notepad and copy/paste the text in the codebox below into it:
KillAll::
Driver::
fary
File::
c:\windows\system32\drivers\kmiwifwu.sys
c:\windows\Uyuhupavidif.bin
c:\windows\Mnefecofezip.dat
DDS::
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Folder::
c:\documents and settings\OWNER\Application Data\Loyb
c:\documents and settings\OWNER\Application Data\Dyqios
c:\documents and settings\OWNER\Application Data\Ufuhi
c:\documents and settings\OWNER\Application Data\Fehiz
c:\documents and settings\OWNER\Application Data\Beilr
c:\documents and settings\OWNER\Application Data\Biiv
c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf
DirLook::
c:\documents and settings\OWNER\Local Settings\Application Data\Temp
c:\documents and settings\LocalService\Local Settings\Application Data\Temp
c:\documents and settings\OWNER\UserData
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
This will reboot the computer: Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe.
If Combofix prompts you to upgrade, please allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt.
Kaspersky Online Scan
Note: This download is about 200Mb and the scan can last for several hours.
Hold down Control then click on the following link to open a new window to Kaspersky Online Scan (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Make sure AVG Antivirus is disabled.
Click on My Computer under Scan. * This will take a while. Please be patient *.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
This visual tutorial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan.
You can now enable AVG.
To post:
the Combofix log
this log: C:\Qoobox\Add-Remove Programs.txt
the Kaspersky log
Did you run the Norton removal tool?
Did any problems occur while following the instructions?
I was unsure which version of Norton i have and my searches on my pc to try and find out have been unsuccessful, but i think it may have come with my pc when i bought it.
My AVG has expired so all the components are off, i assumed that it would revert to the free components but it has not, my attempts to download the free version hit a snag in that they take forever to download, as in the download hardly works.
With regards to using ComboFix do i need to turn my firewall each time?
Hey Victor
Here is the second ComboFix log
A bit of concern, even though i saved the "CFScript.txt" as .txt following the instructions you gave it appeared on my desktop without the .txt when i dropped it on ComboFix (i only noticed this after i dropped it on ComboFix).
Is this a problem? Everything went as normal (ComboFix did start updating, then ran as it did yesterday, re-starting my pc etc).
Now the file is gone is that to be expected?
--------------------------------------------------------------------
ComboFix 10-07-12.06 - OWNER 13/07/2010 18:12:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT 1:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
FILE ::
"c:\windows\Mnefecofezip.dat"
"c:\windows\system32\drivers\kmiwifwu.sys"
"c:\windows\Uyuhupavidif.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome.manifest
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome\content\_cfg.js
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\chrome\content\overlay.xul
c:\documents and settings\OWNER\Local Settings\Application Data\{C6522C19-A3D6-4D24-9C2A-4A06721B4FEB}\install.rdf
c:\documents and settings\NetworkService\Local Settings\Application Data\acuxlstaf
c:\windows\Mnefecofezip.dat
c:\windows\Uyuhupavidif.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_fary
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.
2010-07-12 02:15 . 2010-07-12 02:15 -------- d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-04 10:11 . 2010-07-04 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-06-26 06:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:36 . 2010-07-12 01:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35 . 2010-06-26 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-26 05:35 . 2010-06-26 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24 . 2010-06-26 03:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-26 01:27 . 2010-06-26 01:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-26 00:04 . 2010-06-26 00:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 23:58 . 2010-06-25 23:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-25 23:57 . 2010-07-02 16:02 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-06-25 23:56 . 2010-06-26 00:00 -------- d-----w- c:\program files\Google
2010-06-25 23:55 . 2010-07-08 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 02:53 . 2010-06-25 02:53 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04 . 2010-06-24 03:04 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 03:04 . 2010-06-24 03:04 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2010-06-23 23:04 . 2010-06-23 23:04 -------- d-----w- c:\program files\Bonjour
2010-06-23 22:57 . 2010-06-23 22:58 -------- d-----w- c:\program files\Safari
2010-06-23 22:37 . 2010-06-24 00:42 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 22:32 . 2010-06-23 22:34 -------- d-----w- c:\program files\QuickTime
2010-06-23 22:32 . 2010-06-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-21 19:10 . 2010-06-26 05:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-21 16:25 . 2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-18 04:49 . 2010-06-18 04:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 17:03 . 2004-08-30 00:55 27048271 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-08 16:52 . 2003-12-02 09:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 16:48 . 2006-05-01 20:06 -------- d-----w- c:\documents and settings\OWNER\Application Data\Lavasoft
2010-07-04 03:30 . 2006-05-01 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 03:09 . 2006-05-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 03:07 . 2003-12-02 09:13 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 08:29 . 2010-06-29 08:29 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 22:40 . 2009-06-07 14:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-25 12:15 . 2004-08-29 20:44 69976 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 22:53 . 2010-06-23 22:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-23 04:53 . 2010-05-20 03:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 16:27 . 2010-06-21 16:27 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-21 16:27 . 2010-06-21 16:27 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-21 16:27 . 2010-06-21 16:27 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-21 16:27 . 2010-06-21 16:27 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-21 16:27 . 2010-06-21 16:27 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-21 16:27 . 2010-06-21 16:27 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-21 16:27 . 2010-06-21 16:27 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-21 16:26 . 2009-04-10 14:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24 . 2010-06-05 04:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20 . 2009-04-10 14:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 16:18 . 2010-06-21 16:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-21 16:18 . 2010-06-21 16:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-21 16:18 . 2010-06-21 16:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-20 04:25 . 2010-06-05 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-20 04:22 . 2010-01-25 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Biiv
2010-06-20 04:22 . 2007-04-10 08:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\Beilr
2010-06-07 14:59 . 2010-06-07 14:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVG9
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-06 00:09 . 2003-12-23 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 00:06 . 2010-06-06 00:06 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-05 05:18 . 2010-06-05 05:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-05 05:17 . 2006-11-25 18:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-05 04:58 . 2010-06-05 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-05 04:55 . 2010-06-05 04:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51 . 2010-06-05 04:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51 . 2010-06-05 04:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-05 04:49 . 2009-04-10 14:28 -------- d-----w- c:\program files\AVG
2010-06-04 22:47 . 2007-08-23 13:25 -------- d-----w- c:\documents and settings\OWNER\Application Data\Fehiz
2010-06-04 22:47 . 2005-02-04 21:18 -------- d-----w- c:\documents and settings\OWNER\Application Data\Ufuhi
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-29 13:37 . 2006-11-14 00:31 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dyqios
2010-05-24 16:49 . 2010-05-24 16:49 503808 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcp71.dll
2010-05-24 16:49 . 2010-05-24 16:49 499712 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\jmc.dll
2010-05-24 16:49 . 2010-05-24 16:49 348160 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcr71.dll
2010-05-24 16:49 . 2010-05-24 16:49 61440 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-sse.dll
2010-05-24 16:49 . 2010-05-24 16:49 12800 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-d3d.dll
2010-05-24 16:49 . 2003-12-02 09:13 -------- d-----w- c:\program files\Java
2010-05-24 14:47 . 2007-02-07 14:33 -------- d-----w- c:\documents and settings\OWNER\Application Data\Loyb
2010-05-21 22:35 . 2010-05-21 22:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 12:14 . 2010-05-17 12:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Thunderbird
2010-05-06 10:41 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-12-01 15:30 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-12-01 15:29 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 09:25 . 2010-06-05 04:58 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\Local Settings\Application Data\Temp ----
---- Directory of c:\documents and settings\OWNER\Local Settings\Application Data\Temp ----
---- Directory of c:\documents and settings\OWNER\UserData ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-22 71280]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-13 100056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\OWNER\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-23 113664]
Firewall Engine.lnk - c:\windows\system32\net.exe [2003-12-1 42496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\half-life\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\counter-strike source\\hl2.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [05/06/2010 05:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [05/06/2010 05:55 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 15:29 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 15:29 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 10:21 72624]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/06/2010 17:25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/06/2010 17:20 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [05/06/2010 05:52 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [05/06/2010 05:52 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [05/06/2010 05:52 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/06/2010 17:24 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 00:57 135664]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2010 05:54 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
.
Contents of the 'Scheduled Tasks' folder
2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 18:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\sony\vaio media music server\SSSvr.exe
c:\program files\sony\photo server\appsrv\PhotoAppSrv.exe
c:\program files\sony\giga pocket\GPVSvr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
c:\program files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
c:\program files\sony\giga pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\ICO.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2010-07-13 19:03:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-13 18:03
ComboFix2.txt 2010-07-12 22:13
Pre-Run: 9,976,500,224 bytes free
Post-Run: 9,966,338,048 bytes free
- - End Of File - - 099F41936C4B612B76BC4C536EF055A6
Qoobox Add-Remove Programs log:
---------------------------------------------------------------
Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
ccCommon
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
Norton Internet Security
Norton Internet Security (Symantec Corporation)
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Symantec Network Drivers Update
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997
A bit of concern, even though i saved the "CFScript.txt" as .txt following the instructions you gave it appeared on my desktop without the .txt when i dropped it on ComboFix (i only noticed this after i dropped it on ComboFix).
Is this a problem? Everything went as normal (ComboFix did start updating, then ran as it did yesterday, re-starting my pc etc).
Now the file is gone is that to be expected?
Hi
All of this is normal and I can see from the log that Combofix used the script.
However the result of the CFScript was not quite as I would expect. Please confirm that the following line is not your username and that you have edited the logs to remove your real username:
OWNER
You don't need to worry, I just need to know if you edited your username.
Norton removal
Click Start -> Run, type appwiz.cpl and click OK
Uninstall these programs (in the order listed):
Symantec Network Drivers Update
ccCommon
Norton Internet Security (Symantec Corporation)
Don't worry if you can't find some of the entries or if a uninstall fails, just move on to the next entry and eventually to the removal tool described below.
Please download the Norton removal tool from the following link:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Then start the program and follow any prompts. Please reboot the computer when the removal tool has finished.
RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
When ready, please post (you can use more than one post):
did you edit your username in the logs?
the RSIT logs
an update to the performance of your computer. Are you still experiencing popups? Are there any problems remaining?
Hey Victor,
Yes i did edit my username and put "OWNER".
Andy is sort of my nick name, not my real name.
My username appeared 27 times in the log.
However owner appears 29 times in the log.
There were two "owners" already present.
Erm do you want me to re-publish it?
The two "owners" which were already present (not my username) where at this section:
---------------------------------------------------------
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\Local Settings\Application Data\Temp ----
---- Directory of c:\documents and settings\OWNER\Local Settings\Application Data\Temp ----
---- Directory of c:\documents and settings\OWNER\UserData ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
The Kaspersky Online Scan does not work either.
I spent all of yesturday trying it.
I tried it again this morning (before coming here).
However the window just freezes and says its not responding.
There's no need to re-publish.
Please go ahead with my latest instructions.
Here are the RSIT logs, i only did it for "the last 1 month", however i feel my computer has been/had been infected longer.
----------------------------------------------
Log.txt:
Logfile of random's system information tool 1.08 (written by random/random)
Run by OWNER at 2010-07-14 12:37:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (33%) free of 29 GB
Total RAM: 511 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:15, on 14/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\OWNER\Desktop\RSIT.exe
C:\Program Files\trend micro\OWNER.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lefigaro.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Firewall Engine.lnk = C:\WINDOWS\system32\net.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
--
End of file - 10790 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-21 1615200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-03 321312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-15 335872]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2001-08-23 45056]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-21 2065760]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\OWNER\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Firewall Engine.lnk - C:\WINDOWS\system32\net.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-21 12536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Games\Steam\SteamApps\common\empire total war demo\Empire.exe"="D:\Games\Steam\SteamApps\common\empire total war demo\Empire.exe:*:Enabled:Empire: Total War Demo"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Games\Steam\SteamApps\romulansnitch\half-life\hl.exe"="D:\Games\Steam\SteamApps\romulansnitch\half-life\hl.exe:*:Enabled:Half-Life"
"D:\Games\Steam\SteamApps\romulansnitch\counter-strike source\hl2.exe"="D:\Games\Steam\SteamApps\romulansnitch\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2010-07-14 12:37:55 ----D---- C:\Program Files\trend micro
2010-07-14 12:37:54 ----D---- C:\rsit
2010-07-13 19:03:19 ----A---- C:\ComboFix.txt
2010-07-13 18:22:48 ----D---- C:\WINDOWS\temp
2010-07-12 22:38:01 ----A---- C:\Boot.bak
2010-07-12 22:37:54 ----RASHD---- C:\cmdcons
2010-07-12 22:33:48 ----A---- C:\WINDOWS\zip.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWSC.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\SWREG.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\sed.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\PEV.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\MBR.exe
2010-07-12 22:33:48 ----A---- C:\WINDOWS\grep.exe
2010-07-12 22:33:27 ----D---- C:\WINDOWS\ERDNT
2010-07-12 22:33:10 ----D---- C:\Qoobox
2010-07-12 02:21:07 ----RAD---- C:\autorun.inf
2010-07-08 17:47:10 ----D---- C:\Config.Msi
2010-07-04 21:34:09 ----ASH---- C:\hiberfil.sys
2010-07-04 16:12:02 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-26 18:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-26 18:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-26 18:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-26 18:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-26 18:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-26 18:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-26 18:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-26 06:36:18 ----A---- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-06-26 06:35:59 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-06-26 06:35:51 ----D---- C:\Program Files\Hitman Pro 3.5
2010-06-26 04:24:36 ----D---- C:\WINDOWS\system32\NtmsData
2010-06-26 01:04:39 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-06-26 00:56:45 ----D---- C:\Program Files\Google
2010-06-26 00:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-25 03:53:05 ----D---- C:\Documents and Settings\OWNER\Application Data\Malwarebytes
2010-06-25 03:52:46 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-06-25 03:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-25 03:52:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-06-25 03:52:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-24 04:04:01 ----D---- C:\Documents and Settings\OWNER\Application Data\Apple Computer
2010-06-24 00:04:42 ----D---- C:\Program Files\Bonjour
2010-06-23 23:57:29 ----D---- C:\Program Files\Safari
2010-06-23 23:37:18 ----D---- C:\Program Files\Common Files\Apple
2010-06-23 23:32:42 ----D---- C:\Program Files\QuickTime
2010-06-23 23:32:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-21 20:10:16 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-21 17:25:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
======List of files/folders modified in the last 1 months======
2010-07-14 12:37:55 ----RD---- C:\Program Files
2010-07-14 12:33:48 ----D---- C:\WINDOWS\Prefetch
2010-07-14 12:27:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-14 12:26:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 12:24:40 ----D---- C:\Program Files\Norton Internet Security
2010-07-14 12:24:35 ----D---- C:\WINDOWS\system32\drivers
2010-07-14 12:24:35 ----D---- C:\WINDOWS\system32
2010-07-14 12:23:55 ----SHD---- C:\WINDOWS\Installer
2010-07-13 19:53:23 ----D---- C:\Program Files\Common Files
2010-07-13 18:55:51 ----D---- C:\WINDOWS
2010-07-13 18:55:51 ----A---- C:\WINDOWS\system.ini
2010-07-13 18:55:26 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-13 18:23:23 ----D---- C:\WINDOWS\system32\config
2010-07-13 18:18:17 ----D---- C:\WINDOWS\AppPatch
2010-07-12 23:11:20 ----SD---- C:\WINDOWS\Tasks
2010-07-12 22:38:01 ----RASH---- C:\boot.ini
2010-07-12 02:35:23 ----HD---- C:\WINDOWS\inf
2010-07-08 17:55:07 ----D---- C:\WINDOWS\SxsCaPendDel
2010-07-08 17:49:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-08 17:48:37 ----D---- C:\Documents and Settings\OWNER\Application Data\Lavasoft
2010-07-08 17:46:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-05 05:41:52 ----D---- C:\WINDOWS\Minidump
2010-07-04 21:40:33 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-07-04 04:30:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-04 04:09:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 04:07:43 ----D---- C:\Program Files\Common Files\Java
2010-06-27 23:40:39 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-26 18:58:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-26 18:58:13 ----RSD---- C:\WINDOWS\assembly
2010-06-26 18:34:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-26 18:33:41 ----A---- C:\WINDOWS\imsins.BAK
2010-06-26 18:33:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-26 18:29:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-26 18:29:25 ----D---- C:\WINDOWS\WinSxS
2010-06-26 18:25:26 ----D---- C:\Program Files\Internet Explorer
2010-06-26 18:25:11 ----D---- C:\WINDOWS\ie8updates
2010-06-26 07:40:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-26 00:44:19 ----D---- C:\WINDOWS\network diagnostic
2010-06-21 20:10:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-20 05:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-06-20 05:22:56 ----D---- C:\Documents and Settings\OWNER\Application Data\Biiv
2010-06-20 05:22:26 ----D---- C:\Documents and Settings\OWNER\Application Data\Beilr
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSErHrxpx;AVG9IDSErHr; C:\WINDOWS\System32\Drivers\AVGIDSxx.sys [2010-06-21 25168]
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-06-05 52872]
R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2008-07-23 43528]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-05 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-21 243024]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-07-22 1268234]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-22 701440]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-05 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\System32\DRIVERS\smrt.sys [2003-10-30 766848]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-01 594048]
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-06-05 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-21 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-06-21 2331032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 VAIOMediaPlatform-MusicServer-AppServer;VAIO Media Music Server; C:\Program Files\sony\vaio media music server\SSSvr.exe [2003-09-19 540749]
R2 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP); C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP); C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 VAIOMediaPlatform-PhotoServer-AppServer;VAIO Media Photo Server; C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe [2003-06-24 860160]
R2 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP); C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP); C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\sony\giga pocket\GPVSvr.exe [2003-11-14 966656]
R2 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP); C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe [2003-06-23 57344]
R2 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe [2003-10-21 679936]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 Sony TV Tuner Manager;Sony TV Tuner Manager; C:\Program Files\sony\giga pocket\RM_SV.exe [2003-11-14 90112]
S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-06-21 5897808]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-06-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Sony TV Tuner Controller;Sony TV Tuner Controller; C:\Program Files\sony\giga pocket\halsv.exe [2003-11-14 118784]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2003-07-28 65536]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Here are the RSIT log for info.txt
------------------------------------------
info.txt logfile of random's system information tool 1.08 2010-07-14 12:38:20
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat Elements 6.0-->MsiExec.exe /I{E5E6E687-1033-BA7E-6000-000000000001}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Premiere 6 LE-->C:\Program Files\Adobe\Premiere 6 LE\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6 LE\Uninst.dll"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems AC'97 Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Click to DVD 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Empire: Total War Demo-->"D:\Games\Steam\steam.exe" steam://uninstall/10620
Giga Pocket 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A90BFA-C75E-420A-BB00-D54C82A5A245}\Setup.exe" -l0x9
Giga Pocket Demo Movie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F2CE2DD-5119-4860-9E46-6A0129A34FF1}\setup.exe"
Giga Pocket Hardware Library 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F898AB3C-792E-4351-B3E8-4958BAA8E101}\setup.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.86\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life 2: Deathmatch-->"D:\Games\Steam\steam.exe" steam://uninstall/320
Half-Life 2-->"D:\Games\Steam\steam.exe" steam://uninstall/220
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ISP Selector (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0E3F1A40-3104-4C76-8A2D-2CC2ED414BD1} /l2057
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Natural Selection 3.2-->d:\games\steam\steamapps\romulansnitch\half-life\unins000.exe
OpenMG Secure Module 3.3.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\setup.exe" -l0x9 UNINSTALL
PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Portal-->"D:\Games\Steam\steam.exe" steam://uninstall/400
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rome - Total War(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Rotor-Gene 6000 1.7.87-->"C:\Program Files\Rotor-Gene 6000 Software\unins000.exe"
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SonicStage 1.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Sony USB Mouse-->Pmuninst.exe MouseSuite98
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SPSS 16.0 for Windows-->MsiExec.exe /X{621025AE-3510-478E-BC27-1A647150976F}
Steam-->D:\Games\Steam\UNWISE.EXE D:\Games\Steam\INSTALL.LOG
Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Sven Co-op 4.0B-->C:\WINDOWS\unvise32.exe d:\games\steam\steamapps\romulansnitch\half-life\SvenCoop\uninstal.log
Team Fortress 2-->"D:\Games\Steam\steam.exe" steam://uninstall/440
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\Setup.exe" -l0x9
VAIO Clock Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\Setup.exe" -l0x9
VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\Setup.exe" -l0x9
VAIO Edit Components-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Media 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6587A1E-A87D-4CF9-9BA6-CE2CEB58950E}\Setup.exe" -l0x9
VAIO Media Platform 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D9D1CE4-8C3D-469A-9894-0857B6C9F426}\Setup.exe" -l0x9
VAIO Media Video Server 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63C6BABD-0BF7-488B-9AB5-B989E23CC581}\Setup.exe"
VAIO Online Registration (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l2057
VAIO Product Survey (English)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9080C5D2-82FA-452A-87FA-CBB4B05D67A5} /l2057
VAIO Remote Commander Utility 6.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}\Setup.exe" -l0x9
VAIO System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World Book Multimedia Encyclopedia 1997-->C:\WINDOWS\uninst.exe -f"c:\program files\WorldBookME\DeIsL1.isu"
======Security center information======
AV: AVG Internet Security (disabled)
FW: AVG Firewall (disabled)
FW: Sunbelt Personal Firewall
======System event log======
Computer Name: OWNER2
Event Code: 1073
Message: The attempt to reboot OWNER2 failed
Record Number: 8
Source Name: USER32
Time Written: 20100615110619.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: OWNER2
Event Code: 1073
Message: The attempt to reboot OWNER2 failed
Record Number: 7
Source Name: USER32
Time Written: 20100615110504.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: OWNER2
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
Record Number: 5
Source Name: Ftdisk
Time Written: 20100615054116.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.
Record Number: 4
Source Name: Ftdisk
Time Written: 20100615054116.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 4
Message: Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
Record Number: 3
Source Name: E100B
Time Written: 20100615054116.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally
Record Number: 1296
Source Name: crypt32
Time Written: 20100602024113.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Record Number: 1295
Source Name: crypt32
Time Written: 20100602004033.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally
Record Number: 1294
Source Name: crypt32
Time Written: 20100602004033.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Record Number: 1293
Source Name: crypt32
Time Written: 20100601224007.000000+060
Event Type: error
User:
Computer Name: OWNER2
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally
Record Number: 1292
Source Name: crypt32
Time Written: 20100601224007.000000+060
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
By popups do you mean random browser windows opening and me being directed to some dodgy site? In which case they have stopped thank goodness.
My PC does feel a faster. Before, after a reboot it would be extremely sluggish and take forever to fully load and to even open a browser, freezing at times.
I have had other issues such as if a browser window crashes/not responds and I use the task manager to close it it takes all the other windows with it and if I copy text from a site into MS Word, word freezes for a while, a good 20 minutes or so, until the text is copied properly and I am unable to use any word documents till then.
But it has been like this for a while, long before the recent barrage of problems erupted.
By popups do you mean random browser windows opening and me being directed to some dodgy site? In which case they have stopped thank goodness.Good.
Download and run OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer and save it to your Desktop.
Double click on OTL.exe to run it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:files
%userprofile%\Application Data\Loyb
%userprofile%\Application Data\Dyqios
%userprofile%\Application Data\Ufuhi
%userprofile%\Application Data\Fehiz
%userprofile%\Application Data\Beilr
%userprofile%\Application Data\Biiv
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad. Copy and Paste that report in your next reply.
Run Eset online scanner.
Please go to ESET Online Scanner (http://www.eset.com/onlinescan/) - © ESET All Rights Reserved... to run an online scan.
Press the "ESET Online Scanner" button.
Check the box next to "YES, I accept the Terms of Use."
Click "Start"... a window will open... it may appear nothing is happening... please be patient.
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is checked
Leave the "default" settings under Advanced as they are, if not set , please check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click "Start"... ESET scanner will begin to download the virus signatures database.
When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste the contents of log.txt in your next reply.
OTL OldTimer log:
========== FILES ==========
C:\Documents and Settings\OWNER\Application Data\Loyb folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Dyqios folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Ufuhi folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Fehiz folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Beilr folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Biiv folder moved successfully.
OTL by OldTimer - Version 3.2.9.0 log created on 07162010_135238
Log ONE for ESET Online Scan:
--------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=858b95a541cbe842a8454104058faa85
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-16 01:56:31
# local_time=2010-07-16 02:56:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 98573233 98573233 0 0
# compatibility_mode=512 16777215 100 0 177784 177784 0 0
# compatibility_mode=1031 16777189 100 92 982855 3571751 0 0
# compatibility_mode=8192 67108863 100 0 193 193 0 0
# scanned=120822
# found=1
# cleaned=1
# scan_time=3316
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Hi
Is your computer still free from symptoms of malware?
Please also post a fresh set of DDS logs.
Hello...
It has been 2 days since my last post to you.
Do you still need help with this problem?
After 24 hrs., if you have not replied to this thread... it will be closed!
It has been two days? Sorry, I did not know that (normally your replies have been at a different time!).
I have a concern with regards to this:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Was this malware present on my pc, hidden in Spybot or detected by Spybot and stored in it? And has it been removed by ESET?
DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 13:52:01.50 on 18/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.349 [GMT 1:00]
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\OWNER\startm~1\programs\startup\firewa~1.lnk - c:\windows\system32\net.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093807566890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-6-5 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-5 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-4-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-4-26 72624]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-21 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-5 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-5 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-5 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-21 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\kpf4ss.exe [2007-4-26 1234480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-5 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-6-5 30104]
=============== Created Last 30 ================
2010-07-16 12:58:06 0 d-----w- c:\program files\ESET
2010-07-16 12:52:38 0 d-----w- C:\_OTL
2010-07-14 11:37:55 0 d-----w- c:\program files\trend micro
2010-07-14 04:50:09 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 21:37:54 0 d-sha-r- C:\cmdcons
2010-07-12 21:33:48 98816 ----a-w- c:\windows\sed.exe
2010-07-12 21:33:48 77312 ----a-w- c:\windows\MBR.exe
2010-07-12 21:33:48 256512 ----a-w- c:\windows\PEV.exe
2010-07-12 21:33:48 161792 ----a-w- c:\windows\SWREG.exe
2010-07-12 02:15:16 0 d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-12 01:21:07 0 d---a-r- C:\autorun.inf
2010-06-26 06:41:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:43:50 378 ----a-w- c:\windows\system32\.crusader
2010-06-26 05:36:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-26 05:35:51 0 d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24:36 0 d-----w- c:\windows\system32\NtmsData
2010-06-26 00:04:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 02:53:05 0 d-----w- c:\docume~1\OWNER\applic~1\Malwarebytes
2010-06-25 02:52:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-25 02:52:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04:36 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-23 23:04:42 0 d-----w- c:\program files\Bonjour
2010-06-21 16:25:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
==================== Find3M ====================
2010-07-18 11:21:27 27053585 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-21 16:26:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:24:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-05 04:55:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 13:53:37.60 ===============
Attach log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/08/2004 20:52:53
System Uptime: 16/07/2010 13:26:20 (48 hours ago)
Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 9.524 GiB free.
D: is FIXED (NTFS) - 158 GiB total, 127.147 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP2108: 21/06/2010 17:27:01 - Avg Update
RP2109: 21/06/2010 22:55:22 - Cleaned registry with Windows Live OneCare safety scanner
RP2110: 23/06/2010 06:36:17 - System Checkpoint
RP2111: 24/06/2010 09:00:51 - System Checkpoint
RP2112: 25/06/2010 09:06:20 - System Checkpoint
RP2113: 25/06/2010 13:14:21 - Installed Windows Defender
RP2114: 26/06/2010 13:27:24 - System Checkpoint
RP2115: 26/06/2010 16:58:31 - Cleaned registry with Windows Live OneCare safety scanner
RP2116: 26/06/2010 18:11:22 - Software Distribution Service 3.0
RP2117: 27/06/2010 21:22:04 - System Checkpoint
RP2118: 28/06/2010 22:18:04 - System Checkpoint
RP2119: 29/06/2010 09:29:43 - Avg Update
RP2120: 29/06/2010 09:32:29 - Avg Update
RP2121: 30/06/2010 09:32:45 - System Checkpoint
RP2122: 01/07/2010 09:56:45 - System Checkpoint
RP2123: 02/07/2010 10:20:47 - System Checkpoint
RP2124: 03/07/2010 10:56:44 - System Checkpoint
RP2125: 04/07/2010 04:04:44 - Removed Java 2 Runtime Environment, SE v1.4.2_01
RP2126: 04/07/2010 04:06:25 - Removed Java(TM) 6 Update 3
RP2127: 04/07/2010 04:07:27 - Removed Java(TM) 6 Update 5
RP2128: 05/07/2010 05:57:12 - System Checkpoint
RP2129: 06/07/2010 15:20:13 - System Checkpoint
RP2130: 07/07/2010 15:58:50 - System Checkpoint
RP2131: 08/07/2010 17:49:24 - Removed Windows Defender
RP2132: 08/07/2010 17:52:13 - Removed Norton WMI Update
RP2133: 09/07/2010 23:45:42 - System Checkpoint
RP2134: 11/07/2010 00:36:27 - System Checkpoint
RP2135: 12/07/2010 01:00:35 - System Checkpoint
RP2136: 13/07/2010 02:27:08 - System Checkpoint
RP2137: 14/07/2010 03:37:10 - System Checkpoint
RP2138: 15/07/2010 03:00:26 - Software Distribution Service 3.0
RP2139: 16/07/2010 03:18:44 - System Checkpoint
RP2140: 17/07/2010 03:31:07 - System Checkpoint
RP2141: 18/07/2010 03:43:07 - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat Elements 6.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AVG 9.0
Bonjour
Click to DVD 1.3
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Empire: Total War Demo
ESET Online Scanner v3
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (English)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
Mozilla Thunderbird (2.0.0.21)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Natural Selection 3.2
OpenMG Secure Module 3.3.01
PictureGear Studio 2.0
Portal
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rome - Total War(TM)
Rotor-Gene 6000 1.7.87
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SonicStage 1.6.00
Sony Ericsson PC Suite
Sony USB Mouse
Sony Video Shared Library
SPSS 16.0 for Windows
Steam
Sunbelt Personal Firewall
Sven Co-op 4.0B
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO Remote Commander Utility 6.2
VAIO System Information
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
World Book Multimedia Encyclopedia 1997
==== End Of File ===========================
It has been two days? Sorry, I did not know that (normally your replies have been at a different time!).
It seems it was only one day. This was 2 AM for me so concentration might not have been the best. :rolleyes:
I'll get back to your question in my next post, but please give me an answer to this:
Is your computer still free from symptoms of malware?
I'll get back to your question in my next post, but please give me an answer to this:
Yeah the malware problems i had seems to have gone.
Things to note:
1) Imbedded youtube videos on various sites now appear. I assumed this was due to me upgrading my browser and something up with that, after running all the fixes they now appear.
2) My desktop does not resort to windows classic hybrid thing
3) Connection works properly and my PC does not randomly re-start.
3) After a re-boot my PC loads much faster, do not need to sit tight for 5 minutes waiting till everything is "go".
Thanks for all the help and time Victor.
One concern though is my firewall (sunbelet) does not load on start up.
Was this malware present on my pc, hidden in Spybot or detected by Spybot and stored in it? And has it been removed by ESET?This malware was once detected by Spybot and quarantined, then quarantined by ESET.
Random Access Memory Advice
Total RAM: 511 MB
Though Microsoft claims XP will run with this amount of system memory installed, it will run far better far better with 1-2 GB which are pretty cheap nowadays.
If you wish to upgrade the installed memory in your system, Crucial (http://www.crucial.com) have a small scanner (Crucial System Scanner tool) which is perfectly safe to download and run. It will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.
This may solve the problem you reported when copying webpages into MS Office.
AVG
AVG Anti Virus with 512 MB memory or less might be a problem. You can try the more lightweight Avast (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737) or Avira (http://www.freeav.com/) if you experience any problems.
Note: Never run more than one anti virus on a computer, it will seriously impact system performance and can lead to conflicts between the programs.
Removing AVG may solve the problem with your Sunbelt Firewall as there are report of compatibility issues between these.
To safely change the installed anti virus software, I recommend that you follow this procedure:
Download the installer for the new anti virus
Download and save AVG Removal Tool (http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe) to your desktop
Disconnect the computer from the internet/network.
Uninstall the existing AV from Add/Remove programs, then run the removal tool and reboot your computer.
Then install the new AV, reboot your computer and immediately update the newly installed software (connect to the internet).
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
RDPCDD.sys
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
Combofix
Disable your anti virus.
Open notepad and copy/paste the text in the codebox below into it:
SkipFix::
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe.
If Combofix prompts you to upgrade, please allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt.
You can now enable your anti virus.
To post:
the SystemLook log
the Combofix log
Did any problems occur while following the instructions?
System look log:
-----------------------------------------------
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 04:02 on 22/07/2010 by OWNER (Administrator - Elevation successful)
========== filefind ==========
Searching for "RDPCDD.sys"
C:\WINDOWS\system32\dllcache\rdpcdd.sys --a--c 4224 bytes [15:30 01/12/2003] [12:00 31/03/2003] 4912D5B403614CE99C28420F75353332
C:\WINDOWS\system32\drivers\rdpcdd.sys --a--- 4224 bytes [15:30 01/12/2003] [12:00 31/03/2003] 4912D5B403614CE99C28420F75353332
-=End Of File=-
ComboFix log:
------------------------------------------------------------
ComboFix 10-07-21.01 - OWNER 22/07/2010 4:14.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.256 [GMT 1:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Personal Firewall *disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-16 12:58 . 2010-07-16 12:58 -------- d-----w- c:\program files\ESET
2010-07-16 12:52 . 2010-07-16 12:52 -------- d-----w- C:\_OTL
2010-07-14 11:37 . 2010-07-14 11:38 -------- d-----w- c:\program files\trend micro
2010-07-14 11:37 . 2010-07-14 11:38 -------- d-----w- C:\rsit
2010-07-14 04:50 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 02:15 . 2010-07-12 02:15 -------- d-sh--w- c:\documents and settings\OWNER\UserData
2010-07-04 10:11 . 2010-07-04 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-06-29 08:29 . 2010-06-29 08:29 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-26 06:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-26 05:36 . 2010-07-12 01:29 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-26 05:35 . 2010-06-26 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-26 05:35 . 2010-06-26 05:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-26 03:24 . 2010-06-26 03:24 -------- d-----w- c:\windows\system32\NtmsData
2010-06-26 01:37 . 2010-06-26 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-26 01:27 . 2010-06-26 01:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-26 00:04 . 2010-06-26 00:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 23:58 . 2010-06-25 23:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-25 23:57 . 2010-07-02 16:02 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Temp
2010-06-25 23:56 . 2010-06-26 00:00 -------- d-----w- c:\program files\Google
2010-06-25 23:55 . 2010-07-08 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 02:53 . 2010-06-25 02:53 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-25 02:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 02:52 . 2010-06-25 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 03:04 . 2010-06-24 03:04 52864 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-24 03:04 . 2010-06-24 03:04 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2010-06-23 23:04 . 2010-06-23 23:04 -------- d-----w- c:\program files\Bonjour
2010-06-23 22:57 . 2010-06-23 22:58 -------- d-----w- c:\program files\Safari
2010-06-23 22:53 . 2010-06-23 22:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-23 22:37 . 2010-06-24 00:42 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 22:32 . 2010-06-23 22:34 -------- d-----w- c:\program files\QuickTime
2010-06-23 22:32 . 2010-06-23 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 22:42 . 2004-08-30 00:55 27081490 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-07-14 11:24 . 2003-12-02 09:23 -------- d-----w- c:\program files\Norton Internet Security
2010-07-08 16:48 . 2006-05-01 20:06 -------- d-----w- c:\documents and settings\OWNER\Application Data\Lavasoft
2010-07-04 03:30 . 2006-05-01 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-04 03:09 . 2006-05-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-04 03:07 . 2003-12-02 09:13 -------- d-----w- c:\program files\Common Files\Java
2010-06-27 22:40 . 2009-06-07 14:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-26 05:59 . 2010-06-21 19:10 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-25 12:15 . 2004-08-29 20:44 69976 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 04:53 . 2010-05-20 03:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 16:27 . 2010-06-21 16:27 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-21 16:27 . 2010-06-21 16:27 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-21 16:27 . 2010-06-21 16:27 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-21 16:27 . 2010-06-21 16:27 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-21 16:27 . 2010-06-21 16:27 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-21 16:27 . 2010-06-21 16:27 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-21 16:27 . 2010-06-21 16:27 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-21 16:26 . 2009-04-10 14:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 16:25 . 2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-21 16:24 . 2010-06-05 04:55 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-21 16:20 . 2009-04-10 14:29 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 16:18 . 2010-06-21 16:18 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-21 16:18 . 2010-06-21 16:18 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-21 16:18 . 2010-06-21 16:18 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-20 04:25 . 2010-06-05 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-14 14:31 . 2003-12-01 16:43 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-07 14:59 . 2010-06-07 14:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVG9
2010-06-06 00:17 . 2010-06-06 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-06-06 00:09 . 2003-12-23 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 00:06 . 2010-06-06 00:06 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-06-05 05:18 . 2010-06-05 05:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-05 05:17 . 2006-11-25 18:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-05 04:58 . 2010-06-05 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-05 04:55 . 2010-06-05 04:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-05 04:51 . 2010-06-05 04:51 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-05 04:51 . 2010-06-05 04:51 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-05 04:49 . 2009-04-10 14:28 -------- d-----w- c:\program files\AVG
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-06-04 21:39 . 2010-06-04 21:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-05-24 16:49 . 2010-05-24 16:49 503808 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcp71.dll
2010-05-24 16:49 . 2010-05-24 16:49 499712 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\jmc.dll
2010-05-24 16:49 . 2010-05-24 16:49 348160 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3a6380-n\msvcr71.dll
2010-05-24 16:49 . 2010-05-24 16:49 61440 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-sse.dll
2010-05-24 16:49 . 2010-05-24 16:49 12800 ----a-w- c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64651902-n\decora-d3d.dll
2010-05-24 16:49 . 2003-12-02 09:13 -------- d-----w- c:\program files\Java
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2003-12-01 15:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-12-01 15:30 1851264 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Mouse Suite 98 Daemon"="ICO.EXE" [2001-08-23 45056]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\OWNER\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-23 113664]
Firewall Engine.lnk - c:\windows\system32\net.exe [2003-12-1 42496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 16:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\half-life\\hl.exe"=
"d:\\Games\\Steam\\SteamApps\\romulansnitch\\counter-strike source\\hl2.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [05/06/2010 05:55 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [05/06/2010 05:55 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2009 15:29 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2009 15:29 243024]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 10:21 72624]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/06/2010 17:25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [21/06/2010 17:20 2331032]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [05/06/2010 05:52 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [05/06/2010 05:52 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [05/06/2010 05:52 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [21/06/2010 17:24 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 00:57 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [05/06/2010 05:54 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [05/06/2010 05:51 30104]
.
Contents of the 'Scheduled Tasks' folder
2010-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lefigaro.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/
uInternet Settings,ProxyOverride = <local>
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 04:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-22 04:23:39
ComboFix-quarantined-files.txt 2010-07-22 03:23
ComboFix2.txt 2010-07-13 18:03
ComboFix3.txt 2010-07-12 22:13
Pre-Run: 10,218,803,200 bytes free
Post-Run: 10,388,586,496 bytes free
- - End Of File - - 724086A887193BD7684C071433A6A4A4
Please post back one more time to confirm that you have read this post or if you have got any malware related questions.
Update Windows and Internet Explorer
Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates. Repeat this update process until no further important updates are offered.
Uninstall ComboFix
Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall".
OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Double click on OTL.exe to run it.
Press the CleanUp button.
When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
Delete tools
TFC is a great tool for you to keep and use on a regular basis. Please delete the following tools:
DDS
Norton Removal Tool
SystemLook
You can just delete the files (if still present).
Your computer now appears to be malware free. The logs are clean. Good job!
Please follow these simple steps in order to keep your computer clean and secure.
Keep your system updated:
Make sure automatic updates for Windows XP is enabled to get the latest patches from Microsoft to fix bugs and security holes:
Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Keep your non-Microsoft applications updated as well:
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it and install the suggested updates at least once a week.
Secure your computer further:
Consider using the following programs to secure your computer further:
Hosts File
Please use the following for the added protection: MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm), you will find more information regarding hosts files there. A simple explanation of what a Hosts file does is here (http://forum.malwareremoval.com/viewtopic.php?t=22187) (includes a description on how to use HostsXpert to easily download and manage your hosts file).
Malwarebytes Anti-Malware
Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week.
WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE (http://www.winpatrol.com/).
It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.
Read these articles to learn more about how to protect yourself while on the internet:
How Can I Reduce my risk to malware? (http://virusvault.us/prevention.html)
Is it real or is it Scareware? (http://virusvault.us/scareware.html)
Safe surfing! :)
Hey Victor,
This is to confirm i have read the above post.
I have some quick questions though.
1) Is the Win32/Zbot malware threat now removed from my computer? This was the most terrifiying.
2) I have had difficulty in trying to download AVG free. Is this due to the problems you mentioned below with regards to RAM, and are Avast or Avira just as good as AVG?
Other than that my pc is competently clean?
Thank you so much for all your time and assistance. It is greatly appreciated!
Hey Victor,
This is to confirm i have read the above post.
I have some quick questions though.
1) Is the Win32/Zbot malware threat now removed from my computer? This was the most terrifiying.
2) I have had difficulty in trying to download AVG free. Is this due to the problems you mentioned below with regards to RAM, and are Avast or Avira just as good as AVG?
3) Do need to re-download spybot?
Other than that my pc is competently clean?
Thank you so much for you time and assistance. It is greatly appreciated!
The logs from the tools that are available and used to fix your computer now show that Win32/Zbot is removed and that your computer was malware free when the final log was generated. However I want to direct your attention to this post: http://forums.spybot.info/showpost.php?p=376516&postcount=11 where I advise a reformat/reinstall and write there's no guarantee that your computer will be secure after the fix. This is due to the functionality of this type of infection. There's no way to tell if the backdoor has been used to make changes to the security settings on your computer and left it vulnerable of reinfection. This can happen within a few days, week(s) or more. Unfortunately there is no way to reset these settings other than a fresh install.
Downloading AVG free should now work (not related to RAM). The free versions of Avast, Avira and AVG are all good anti virus software.
If you are not experiencing any problems with Spybot then there should not be any need to re-download it. Update and re-immunize to verify.
There is no way to block the backdoors (or find if such still exist) other than reformatting?
Did Malwarebytes delete the altered keys/backdoors?
During google searches about Win32/Zbot and backdoors in general, i found some tools/programs claiming to delete it/block the Win32back doors -is this just some crap? I have no intention of touching any of these but am just curious whether it can be done, or is it due to the nature of the backdoors being different per computer it is impossible?
I just have to ask as the potential effects of Win32/Zbot infection are extremely worrying.
I have earlier had difficulty in downloading the free AVG, is this because i need to remove the 30 day trial version?
During the clean up process, you requested i uninstall Spybot, my concern was whether i still needed it?
I still have GMER and RSIT, should i keep them?
I have earlier had difficulty in downloading the free AVG, is this because i need to remove the 30 day trial versionNo, the download was not blocked because of this. It was probably blocked by the infection.
During the clean up process, you requested i uninstall Spybot, my concern was whether i still needed it?Ok, please re-download and re-install Spybot S&D, then update and immunize. If you use Teatimer (part of Spybot), then please do not use Winpatrol. They do not work well together.
I still have GMER and RSIT, should i keep them?These should have been removed by the OTL cleanup. If not please delete them.
Hey Victor
My final question is is there anyway to block/detect the WIn32/Zbot backdoor?
Apart from that, thank you greatly for all your time and help!
Your're welcome, I'm happy to help. :)
My final question is is there anyway to block/detect the WIn32/Zbot backdoor?Spybot S&D and Malwarebytes Anti Malware is good at detecting it.
The best way to avoid getting your computer infected with any malware is to keep everything updated (Windows, Java, Adobe, any security software and any other installed application) as described in my post here: http://forums.spybot.info/showpost.php?p=378256&postcount=54
+ Update and run scans with your anti virus and Malwarebytes regularly.
It is also wise to avoid "destructive" behavior while using the computer online. Please read the following post and, if applicable, learn from it
http://forums.spybot.info/showpost.php?p=22806&postcount=4
Install and use Spybot Search & Destroy for the added protection
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html). Make sure you update, reimmunize & scan regularly.
Enable Teatimer option in Spybot Search & Destroy (if you forgot to enable it during the install)
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go To the bottom of the Vertical Panel on the Left, Click Tools.
then, also in left panel, click Resident (shows a red/white shield).
If your firewall raises a question, say OK.
In the Resident protection status frame, check the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Click Mode, choose Default Mode.
Use File, Exit to terminate Spybot.
Reboot your machine for the changes to take effect.
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
Run Spybot Search & Destroy.
Click on Mode, and then place a tick next to Advanced mode.
Click Yes.
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
Click on Add Spybot-S&D hosts list.
Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services window.
For a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187).
Please do not use MVPS Hosts or any other hosts file if you use Spybot's hosts file. Do not use Winpatrol if you use Teatimer.
I will now ask for this thread to be archived.
Safe Surfing! :)
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me a private message (pm). A valid, working link to the closed topic is required.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)