View Full Version : TR/Crypt.XPACK.Gen2 found
I have recently installed Avira on my computer and it found TR/Crypt.XPACK.Gen2 trojan among a few other things (like ADSPY, etc.). It quarantined it the first time it found it and I thought that would be the end of it. But... Avira is still finding it during scans. There is obviously more I need to do to get rid of it, but I don't know what that is! Any ideas???
Thanks!!!
DDS log below (I had not yet diabled the TeaTimer when I ran DDS so maybe I need to rerun?):
DDS (Ver_10-12-12.02) - NTFSx86
Run by Compaq_Owner at 8:19:12.01 on Wed 02/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.103 [GMT -6:00]
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-21 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-21 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-21 61960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2007-6-29 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2007-7-10 28928]
=============== Created Last 30 ================
2011-02-21 22:10:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-21 22:10:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-21 20:29:06 -------- d-----w- c:\docume~1\compaq~1\applic~1\Avira
2011-02-21 19:53:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-21 19:42:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-21 19:42:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-21 19:32:49 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-21 19:04:24 -------- d-----w- c:\windows\system32\scripting
2011-02-21 19:04:23 -------- d-----w- c:\windows\l2schemas
2011-02-21 18:59:44 -------- d-----w- c:\windows\network diagnostic
2011-02-21 17:32:56 -------- d-----w- c:\windows\system32\NtmsData
2011-02-21 17:19:32 -------- d-----w- c:\program files\Avira
2011-02-21 17:19:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-02-21 17:08:33 -------- d-----w- c:\program files\COMODO
2011-02-21 17:07:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-02-21 16:29:07 -------- d-----w- c:\program files\SpywareBlaster
2011-02-21 14:36:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-21 14:36:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-21 09:01:27 -------- d-----w- c:\windows\ie8updates
2011-02-21 04:19:16 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-02-21 04:19:16 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
2011-02-21 03:46:02 -------- d-sh--w- c:\documents and settings\compaq_owner\IECompatCache
2011-02-21 03:45:40 -------- d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
2011-02-21 02:07:07 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-21 02:07:07 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-21 02:07:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-02-21 02:07:05 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-21 02:07:05 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-21 02:07:05 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-02-21 02:07:02 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-02-21 02:05:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-02-21 02:05:09 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-02-21 02:04:49 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-02-21 02:04:49 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-21 01:57:59 -------- d-sh--w- c:\documents and settings\compaq_owner\IETldCache
2011-02-18 21:03:38 -------- dc-h--w- c:\windows\ie8
2011-02-13 22:16:19 -------- d-----w- c:\windows\Options
==================== Find3M ====================
2011-02-21 19:08:04 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\localcontent\attachments\devcon.exe
2011-02-21 19:08:02 307200 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchnotify.exe
2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
============= FINISH: 8:21:03.93 ===============
Hi and welcome to Safer Networking Forums, sorry for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.
Before we start please note the following important guidelines.
The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process.
Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic READ this Procedure BEFORE Requesting Assistance (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP (http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx)
How to backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://support.microsoft.com/kb/971759)
RSIT (Random's System Information Tool)
Please download RSIT (http://images.malwareremoval.com/random/RSIT.exe) by random/random... and save it to your desktop.
Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", << will be maximized
The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
Thanks for your help Cypher! I must step out for a couple of hours, but I will complete your requests later this afternoon and post the logs then.
FYI - we have another computer at our house that is not infected according to my antivirus (AVG). I will use the clean one to respond to posts, etc.
Thanks again!
Hi Gigihns.
Thanks for your help Cypher!
You're most welcome.
If possible carry out all my instructions on the infected computer.
If you have any problems doing so just let me know, post the requested logs when ready.
Here is the first log file:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Compaq_Owner at 2011-02-26 21:38:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 130 GB (88%) free of 147 GB
Total RAM: 383 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:34 PM, on 2/26/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8063 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\HP Usg Daily.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-21 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-21 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-02-15 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-14 278528]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2003-12-05 49152]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2004-05-04 176128]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-02-15 98304]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-01-10 281768]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-01-17 2548552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
======List of files/folders created in the last 1 months======
2011-02-26 21:38:59 ----D---- C:\Program Files\trend micro
2011-02-26 21:38:57 ----D---- C:\rsit
2011-02-23 08:14:21 ----D---- C:\WINDOWS\ERDNT
2011-02-23 07:39:07 ----D---- C:\Program Files\ERUNT
2011-02-21 16:10:29 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\javaws.exe
2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\javaw.exe
2011-02-21 16:10:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-02-21 16:10:03 ----A---- C:\WINDOWS\system32\java.exe
2011-02-21 14:48:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-02-21 14:29:06 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Avira
2011-02-21 14:27:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-02-21 13:53:46 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-02-21 13:53:30 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-02-21 13:53:29 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-02-21 13:45:26 ----D---- C:\WINDOWS\Prefetch
2011-02-21 13:45:03 ----ASH---- C:\hiberfil.sys
2011-02-21 13:32:49 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-02-21 13:18:24 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-21 13:11:10 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
2011-02-21 13:11:01 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2011-02-21 13:10:53 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2011-02-21 13:10:47 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2011-02-21 13:10:36 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2011-02-21 13:10:30 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
2011-02-21 13:10:20 ----DC---- C:\WINDOWS\$NtUninstallKB923561$(2)
2011-02-21 13:10:11 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$(2)
2011-02-21 13:04:24 ----D---- C:\WINDOWS\system32\scripting
2011-02-21 13:04:23 ----D---- C:\WINDOWS\l2schemas
2011-02-21 12:59:44 ----D---- C:\WINDOWS\network diagnostic
2011-02-21 12:54:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-02-21 11:32:56 ----D---- C:\WINDOWS\system32\NtmsData
2011-02-21 11:19:32 ----D---- C:\Program Files\Avira
2011-02-21 11:19:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2011-02-21 11:08:33 ----D---- C:\Program Files\COMODO
2011-02-21 11:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2011-02-21 10:52:39 ----A---- C:\WINDOWS\system32\LuResult.txt
2011-02-21 10:29:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-02-21 10:29:07 ----D---- C:\Program Files\SpywareBlaster
2011-02-21 09:12:42 ----A---- C:\WINDOWS\wininit.ini
2011-02-21 08:36:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-02-21 08:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-21 03:01:27 ----D---- C:\WINDOWS\ie8updates
2011-02-20 22:19:16 ----A---- C:\WINDOWS\system32\drivers\usbser.sys
2011-02-20 20:05:09 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-02-20 20:04:49 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2011-02-18 15:06:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-18 15:06:05 ----D---- C:\WINDOWS\WBEM
2011-02-18 15:03:38 ----HDC---- C:\WINDOWS\ie8
2011-02-18 15:03:38 ----D---- C:\WINDOWS\system32\en-US
2011-02-13 16:16:19 ----D---- C:\WINDOWS\Options
2011-02-13 15:46:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
======List of files/folders modified in the last 1 months======
2011-02-26 21:38:59 ----D---- C:\Program Files
2011-02-26 20:36:34 ----D---- C:\WINDOWS\Temp
2011-02-26 19:41:41 ----D---- C:\WINDOWS
2011-02-26 18:55:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-26 18:53:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-25 19:56:37 ----D---- C:\WINDOWS\system32\FxsTmp
2011-02-23 08:56:11 ----A---- C:\WINDOWS\win.ini
2011-02-21 21:28:04 ----SHD---- C:\Config.Msi
2011-02-21 16:10:29 ----SHD---- C:\WINDOWS\Installer
2011-02-21 16:10:28 ----D---- C:\Program Files\Common Files\Java
2011-02-21 16:10:05 ----D---- C:\WINDOWS\system32
2011-02-21 16:09:32 ----D---- C:\Program Files\Java
2011-02-21 15:54:58 ----D---- C:\Program Files\Magical Gatherings
2011-02-21 15:54:58 ----D---- C:\Program Files\AOL Toolbar
2011-02-21 15:46:47 ----SHD---- C:\System Volume Information
2011-02-21 14:48:02 ----HD---- C:\WINDOWS\inf
2011-02-21 14:46:01 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-21 14:30:40 ----D---- C:\WINDOWS\repair
2011-02-21 14:30:36 ----D---- C:\WINDOWS\Registration
2011-02-21 14:28:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2011-02-21 14:18:08 ----D---- C:\Program Files\Adobe
2011-02-21 14:03:52 ----D---- C:\WINDOWS\system32\drivers
2011-02-21 13:50:17 ----D---- C:\WINDOWS\WinSxS
2011-02-21 13:50:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-21 13:44:55 ----RSD---- C:\WINDOWS\Fonts
2011-02-21 13:44:55 ----D---- C:\WINDOWS\system32\wbem
2011-02-21 13:44:55 ----D---- C:\WINDOWS\AppPatch
2011-02-21 13:44:04 ----D---- C:\WINDOWS\system32\config
2011-02-21 13:40:14 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-02-21 13:34:47 ----D---- C:\WINDOWS\system32\usmt
2011-02-21 13:34:47 ----D---- C:\WINDOWS\system
2011-02-21 13:34:45 ----D---- C:\WINDOWS\system32\oobe
2011-02-21 13:34:42 ----D---- C:\WINDOWS\system32\Setup
2011-02-21 13:34:31 ----D---- C:\WINDOWS\Help
2011-02-21 13:34:31 ----D---- C:\Program Files\Common Files\System
2011-02-21 13:34:30 ----D---- C:\Program Files\Outlook Express
2011-02-21 13:34:27 ----D---- C:\Program Files\Windows NT
2011-02-21 13:34:26 ----D---- C:\Program Files\Windows Media Player
2011-02-21 13:34:25 ----D---- C:\WINDOWS\system32\Com
2011-02-21 13:34:24 ----D---- C:\Program Files\NetMeeting
2011-02-21 13:34:22 ----D---- C:\WINDOWS\ime
2011-02-21 13:34:21 ----D---- C:\WINDOWS\srchasst
2011-02-21 13:34:19 ----D---- C:\WINDOWS\msagent
2011-02-21 13:34:17 ----D---- C:\WINDOWS\system32\Restore
2011-02-21 13:34:17 ----D---- C:\WINDOWS\system32\npp
2011-02-21 13:33:34 ----D---- C:\Program Files\Movie Maker
2011-02-21 13:33:30 ----D---- C:\WINDOWS\PeerNet
2011-02-21 13:33:28 ----D---- C:\Program Files\Internet Explorer
2011-02-21 13:33:09 ----D---- C:\Program Files\Messenger
2011-02-21 13:27:22 ----D---- C:\Documents and Settings
2011-02-21 13:18:41 ----A---- C:\WINDOWS\setuplog.txt
2011-02-21 13:09:31 ----D---- C:\WINDOWS\security
2011-02-21 13:01:56 ----D---- C:\WINDOWS\ServicePackFiles
2011-02-21 12:57:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-21 11:06:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-02-21 11:06:24 ----SD---- C:\WINDOWS\Tasks
2011-02-21 11:04:44 ----D---- C:\Program Files\Common Files
2011-02-21 10:59:04 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2011-02-21 10:57:08 ----D---- C:\Program Files\WildTangent
2011-02-21 09:12:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-21 08:45:03 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-21 03:04:37 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-20 22:19:19 ----D---- C:\Program Files\CONEXANT
2011-02-18 15:06:55 ----D---- C:\WINDOWS\Debug
2011-02-18 15:05:49 ----D---- C:\WINDOWS\Media
2011-02-13 16:29:41 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2004-08-04 46464]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-01-06 94784]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-02-15 20576]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-02-21 43672]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-01-10 135096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-01-06 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-01-06 27576]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-04-12 11904]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-01-10 61960]
R2 mdmxsdk;Modem SDK Driver; C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys [2007-03-15 12672]
R3 acfva;acfva; C:\WINDOWS\system32\DRIVERS\ACFVA32.sys [2007-06-29 86656]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 dgcfltr;DGC Filter Driver; C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys [2007-07-10 28928]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-04-12 247296]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-17 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-17 21744]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys []
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-01-10 267944]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-01-17 1803224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-21 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-14 327680]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Here is the 2nd log file:
info.txt logfile of random's system information tool 1.08 2011-02-26 21:39:38
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI Soft Modem-->agrsmdel
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}
Compaq Connections-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
HP Software Update-->MsiExec.exe /X{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
USB Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_USB_ACF\UIU32c.exe -U -I*.INF
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop (outdated)
FW: COMODO Firewall
======System event log======
Computer Name: YOUR-4F1261A8E5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
Record Number: 9613
Source Name: Service Control Manager
Time Written: 20101201052228.000000-360
Event Type: error
User:
Computer Name: YOUR-4F1261A8E5
Event Code: 12
Message: The device 'LITE-ON DVDRW SOHW-1633S' (IDE\CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____\5&36942936&0&0.0.0) disappeared from the system without first being prepared for removal.
Record Number: 9608
Source Name: PlugPlayManager
Time Written: 20101201050703.000000-360
Event Type: error
User:
Computer Name: YOUR-4F1261A8E5
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 9605
Source Name: Service Control Manager
Time Written: 20101201050659.000000-360
Event Type: error
User:
Computer Name: YOUR-4F1261A8E5
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
Record Number: 9604
Source Name: Service Control Manager
Time Written: 20101201050659.000000-360
Event Type: error
User:
Computer Name: YOUR-4F1261A8E5
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
Record Number: 9603
Source Name: Service Control Manager
Time Written: 20101201050659.000000-360
Event Type: error
User:
=====Application event log=====
Computer Name: YOUR-4F1261A8E5
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 33
Source Name: MsiInstaller
Time Written: 20090221231950.000000-360
Event Type: warning
User: YOUR-4F1261A8E5\Compaq_Owner
Computer Name: YOUR-4F1261A8E5
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 31
Source Name: MsiInstaller
Time Written: 20090221231926.000000-360
Event Type: warning
User: YOUR-4F1261A8E5\Compaq_Owner
Computer Name: YOUR-4F1261A8E5
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 29
Source Name: MsiInstaller
Time Written: 20090221231827.000000-360
Event Type: warning
User: YOUR-4F1261A8E5\Compaq_Owner
Computer Name: YOUR-4F1261A8E5
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 27
Source Name: MsiInstaller
Time Written: 20090221231557.000000-360
Event Type: warning
User: YOUR-4F1261A8E5\Compaq_Owner
Computer Name: YOUR-4F1261A8E5
Event Code: 1002
Message: Hanging application nda.exe, version 1.0.0.212, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21
Source Name: Application Hang
Time Written: 20090221084529.000000-360
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Hi Gigihns.
Continue with the instructions below please.
Disable Avira anti-virus
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir.png )
right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir_disabled.png )
Note: Don't forget to re-enable it after the fix.
Next.
Download and Run ComboFix
Please download ComboFix from one of the following links.
Link 1. (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2. (http://www.infospyware.net/antimalware/combofix/)
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Logs/Information to Post in your Next Reply
ComboFix.txt.
Please give me an update on your computers performance.
I don't know if this is a problem, but when combofix restarted my computer, Avira and Comodo became enabled (they were both disabled while combofix was working.) I disabled them again while combofix was creating the log and re-enabled them when the log was complete.
Here is the combo fix log:
ComboFix 11-02-26.02 - Compaq_Owner 02/27/2011 12:56:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.106 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\explorer(2).exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-23 13:39 . 2011-02-23 14:12 -------- d-----w- c:\program files\ERUNT
2011-02-21 22:10 . 2011-02-21 22:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-21 22:10 . 2011-02-21 22:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-21 20:29 . 2011-02-21 20:29 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
2011-02-21 19:53 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-21 19:53 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-21 19:53 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-02-21 19:53 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-02-21 19:42 . 2011-02-21 19:42 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-21 19:32 . 2011-02-21 20:46 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-21 19:27 . 2011-02-21 19:31 -------- d-s---w- c:\documents and settings\Administrator
2011-02-21 19:04 . 2011-02-21 19:04 -------- d-----w- c:\windows\system32\scripting
2011-02-21 19:04 . 2011-02-21 19:04 -------- d-----w- c:\windows\l2schemas
2011-02-21 17:32 . 2011-02-21 21:45 -------- d-----w- c:\windows\system32\NtmsData
2011-02-21 17:19 . 2011-02-21 17:19 -------- d-----w- c:\program files\Avira
2011-02-21 17:19 . 2011-02-21 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-02-21 17:12 . 2011-02-21 17:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-21 17:08 . 2011-02-21 17:08 -------- d-----w- c:\program files\COMODO
2011-02-21 17:07 . 2011-02-21 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-02-21 16:29 . 2011-02-27 18:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-02-21 16:29 . 2011-02-23 03:13 -------- d-----w- c:\program files\SpywareBlaster
2011-02-21 14:36 . 2011-02-21 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-21 14:36 . 2011-02-21 14:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-21 04:19 . 2004-08-04 05:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-02-21 04:19 . 2004-08-04 05:08 25600 ----a-w- c:\windows\system32\dllcache\usbser.sys
2011-02-21 03:46 . 2011-02-21 03:46 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IECompatCache
2011-02-21 03:45 . 2011-02-21 03:45 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2011-02-21 02:07 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-02-21 02:07 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-21 02:07 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-21 02:07 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-21 02:07 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-02-21 02:07 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-21 02:07 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-02-21 02:05 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-02-21 02:05 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-02-21 02:05 . 2011-02-21 02:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-21 02:04 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-02-21 02:04 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-02-21 01:57 . 2011-02-21 01:57 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2011-02-18 21:03 . 2011-02-18 21:05 -------- dc-h--w- c:\windows\ie8
2011-02-13 22:16 . 2011-02-13 22:16 -------- d-----w- c:\windows\Options
2011-02-13 21:56 . 2004-08-04 18:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-02-13 21:46 . 2011-02-13 21:46 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 19:08 . 2011-02-21 19:08 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
2011-02-21 19:08 . 2011-02-21 19:08 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2011-02-21 19:07 . 2011-02-21 19:07 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
2011-02-21 19:07 . 2011-02-21 19:07 159744 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
2011-02-21 19:07 . 2011-02-21 19:07 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\FDIWrapper.dll
2011-02-21 19:07 . 2011-02-21 19:07 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\INV16.dll
2011-02-21 19:07 . 2011-02-21 19:07 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\msxmlwrapper.dll
2011-02-21 19:07 . 2011-02-21 19:07 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ScDmi.dll
2011-02-21 19:07 . 2011-02-21 19:07 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCHI18N.dll
2011-02-21 19:07 . 2011-02-21 19:07 139264 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\ContentUpdater.exe
2011-02-21 19:07 . 2011-02-21 19:07 110592 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\DSAPI4.dll
2011-02-21 19:07 . 2011-02-21 19:07 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PluginCtrl.dll
2011-02-21 19:07 . 2011-02-21 19:07 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\HPBasicDetection.dll
2011-02-21 19:07 . 2011-02-21 19:07 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\msxmlwrapper.dll
2011-02-21 19:07 . 2011-02-21 19:07 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\GUI.dll
2011-02-21 19:07 . 2011-02-21 19:07 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\ZipLib.dll
2011-02-21 19:07 . 2011-02-21 19:07 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchapi.dll
2011-02-21 19:07 . 2011-02-21 19:07 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\motivede.dll
2011-02-21 19:07 . 2011-02-21 19:07 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchmsxml.dll
2011-02-21 19:07 . 2011-02-21 19:07 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
2011-02-21 19:07 . 2011-02-21 19:07 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\api.dll
2011-02-21 19:07 . 2011-02-21 19:07 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pcdapi.dll
2011-02-21 19:07 . 2011-02-21 19:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\util.dll
2011-02-21 19:07 . 2011-02-21 19:07 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\client_motkt.dll
2011-02-21 19:07 . 2011-02-21 19:07 28672 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\InetWrap.dll
2011-02-21 19:07 . 2011-02-21 19:07 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\clientutil52.dll
2011-02-21 19:07 . 2011-02-21 19:07 102400 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\PCDrAccess.dll
2011-02-21 19:07 . 2011-02-21 19:07 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\hwinv.dll
2011-02-21 19:07 . 2011-02-21 19:07 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchmsxml.dll
2011-02-21 19:07 . 2011-02-21 19:07 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\asst_ui.dll
2011-02-21 19:07 . 2011-02-21 19:07 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\gnu.dll
2011-02-21 19:07 . 2011-02-21 19:07 126976 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\SearchCtrl.dll
2011-02-21 19:07 . 2011-02-21 19:07 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\winverifytrustwrapper.dll
2011-02-21 19:07 . 2011-02-21 19:07 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\jsharpinterp.dll
2011-02-21 19:07 . 2011-02-21 19:07 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll
2011-01-06 23:37 . 2011-01-06 23:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 23:37 . 2011-01-06 23:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 23:37 . 2011-01-06 23:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 23:37 . 2011-01-06 23:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-29 07:42 . 2010-12-29 07:42 285480 ----a-w- c:\windows\system32\guard32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-16 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"HPHUPD05"="c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-16 98304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-2-15 45056]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-5-10 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/21/2011 1:53 PM 135336]
R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [6/29/2007 3:54 PM 86656]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [7/10/2007 1:29 PM 28928]
.
Contents of the 'Scheduled Tasks' folder
2011-02-27 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://shop.trendmicro.com/tmasy/eol.html?X=300&Y=300&WIDTH=690&HEIGHT=480
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 13:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ALCXMNTR.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Completion time: 2011-02-27 13:13:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-27 19:13
Pre-Run: 136,717,635,584 bytes free
Post-Run: 136,824,524,800 bytes free
- - End Of File - - 497983499E8FC153F220AC953F1A9EBE
Hi Gigihns.
I don't know if this is a problem
No thats ok don't worry about it.
Are you still getting alerts from Avira? let me know in your next reply.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Next.
Disable Avira anti-virus
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir.png )
right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/antivir_disabled.png )
Note: Don't forget to re-enable it after the below scan.
Next.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/onlinescan/)
Then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Logs/Information to Post in your Next Reply
ESET log.
Please give me an update on your computers performance.
I have not received any more virus alerts from Avira. After running the ATF Cleaner, I noticed that the icon for Avira was missing from the system tray.
It could have been missing before that point, but I noticed it when the next step was to "disable Avira anti-virus" by right-clicking the icon in the tray. I could open Avira from my desktop, and it looked like it was running but I could not find a way to disable it. I finally restarted my computer and the icon returned in the tray and I then disabled Avira and ran the ESET scanner without any trouble.
Here's the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=9fbfc3588dc6ee4d9f5b3a1780060181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-28 12:35:51
# local_time=2011-02-27 06:35:51 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775145 100 93 0 34439429 0 0
# compatibility_mode=3073 16777213 80 75 448128 14907292 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97245
# found=33
# cleaned=0
# scan_time=3672
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036612.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036613.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036614.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036615.DLL Win32/Toolbar.MyWebSearch.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036616.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036617.DLL Win32/FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036618.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036619.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036620.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036621.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036622.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036623.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036624.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036625.DLL Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036626.SCR Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036627.DLL Win32/Toolbar.MyWebSearch.D application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036628.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036629.EXE Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036630.DLL Win32/FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036632.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036633.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036634.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036635.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036637.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036638.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036639.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036640.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036641.DLL Win32/Toolbar.MyWebSearch.K application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036642.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036643.DLL Win32/Toolbar.MyWebSearch.J application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036644.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036645.EXE Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP112\A0036646.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
Avira is telling me to update...should I wait until we're through?
Hi Gigihns.
I have not received any more virus alerts from Avira.
Excellent good work well done.
Avira is telling me to update...should I wait until we're through?
Yes you can go ahead and let it update.
What the ESET scan detected were infected system restore points, the instructions below will clean those up.
your latest set of logs appear to be clean!, if you are having no further problems you're good to go.
This is my general post for when your logs show no more signs of malware.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Time for some housekeeping
Click on Start >> Run...
Now type in ComboFix /Uninstall into the box and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.
Next.
OTC
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.
Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You can now delete any tools we used if they remain on your Desktop.
Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer
You can do that HERE (http://www.update.microsoft.com)
Read some information HERE (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) On how to prevent Malware
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Safe surfing!
WooHoo!!! I can't thank you enough. I can't believe you fixed it that quickly! You're a hero!!!
So was it the virus that prevented the SP3 update from working? When I tried to update to SP3 last week, my computer would only work in safe mode and I eventually had to go to the last restore point to get it to work.
I will continue with all of the instructions.
Just to be sure I'd doing this right...I typed in combofix /uninstall and a box pops up asking to run combofix. I click okay, and another box pops up telling me that antivir needs to be disabled before continuing. I can disable it, but I just want to be sure I'm not running the combofix tool we used instead of uninstalling the combofix tool.
Is this uninstall procedure supposed to look just like the first time we ran combofix?
Hi Gigihns.
I can't thank you enough.
You're most welcome :)
So was it the virus that prevented the SP3 update from working?
Quite possibly are you able to install the update now?
Use the following to uninstall ComboFix.
I will also give you instructions to clear the infected restore points just to be sure they are cleaned up.
let me know if you have any other problems or questions.
Download .... CF_Uninstall.exe (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE)
Alternate Download (http://compendiate.net/sUBs/Beta/CF_UNINST.EXE)
Double click it to uninstall Combofix.
Next.
Create a new, clean System Restore point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start >> All Programs >> Accessories >>System Tools >> System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start >> Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm
I tried to close the box that is still on the screen regarding combofix and antivir so I could use the link you just sent. A new box popped up that says:
Warning!!
antivirus: AntiVir Desktop
The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk
How do I get out of the combofix that wants to run so I can use the link you just sent?
Hi.
Just close the boxes on the screen and delete ComboFix the old fashioned way :)
Delete Combofix Qoobox folders and Combofix.txt file from C:
Delete Combofix from your desktop.
Let me know if that works.
Shall I use the X to close the box or click "okay"? I'm sure these are ridiculous questions, but these warnings about damaging my computer scare me! If I click "ok" won't the combofix tool begin to run?
Yes just use the X to close the box.
If the box appears again delete the ComboFix folders as instructed in my last post first then try closing the box.
This is embarrasing..I just X'd the box to close it and it says ComboFix is uninstalled. Sorry for the trouble! I thought it was going to run the fix again! Avira was still running and hopefully that won't cause any trouble. Shall I follow the instructions for OTC, etc. or the post regarding creating a new, clean restore point?
This is embarrasing..I just X'd the box to close it and it says ComboFix is uninstalled. Sorry for the trouble!
Don't worry it's not a problem :D:
Shall I follow the instructions for OTC, etc. or the post regarding creating a new, clean restore point?
Run OTC first then create the new restore point, any other problems just let me know :)
I didn't seem to have any problems with uninstalling combofix, running OTC, or creating a new restore point and deleting the old restore point. I did have a problem when updating to SP3. I installed the SP3 update and could only open in safe mode. I restored to the "all clean" restore point and everything appears to be okay. Any ideas on what I can do to get the SP3 update to work?
Hi Gigihns.
Any ideas on what I can do to get the SP3 update to work?
The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere..
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:
Tech Support Forums (http://www.techsupportforum.com/)
What the Tech (http://forums.whatthetech.com/forums.html)
Tech Support Guy (http://forums.techguy.org/)
The Elder Geek on Windows (http://www.theeldergeek.com/forum/index.php?act=idx)
So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.
Any other questions?
That's all I can think of. Thanks for all of your help! I really do appreciate it!!!
You're most welcome.
Good luck and stay safe.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me a private message (pm). A valid, working link to the closed topic is required.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)