JB699
2011-09-28, 11:33
Hi Guys,
Got this the other day, backed up files and formatted C & external D (now the I drive) drives, reinstalled windows xp but the malware keeps regenerating from various places. AVG finds and removes the threats, only to find them again a few hours later. It's currently 'clean' so I'm not entirely sure whether the log is any help at this particular instance, and whether I need to wait until AVG finds the next instance, and run the log before removing the threats?
Latest DDS below, ERUNT procedure has also been done. Many thanks in advance to whomever takes this one up :thanks:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by xxxxxxxx at 10:28:12 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2700 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F7D4101\V1\PBN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 208.98.19.104:53269
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C6A3579-BE27-4D4B-8203-6D31A33A0060} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-9-27 845184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-28 07:41:45 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-28 07:03:28 -------- d-----w- c:\program files\MSXML 4.0
2011-09-28 05:21:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-28 05:21:19 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-09-28 05:21:09 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-28 05:21:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-09-28 05:19:57 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-09-28 05:19:57 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-09-28 05:18:18 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-09-28 05:18:12 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-09-28 05:18:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-09-28 05:18:09 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2011-09-28 05:18:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-09-28 05:18:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2011-09-28 02:00:14 -------- d-----w- c:\windows\system32\PreInstall
2011-09-28 02:00:13 -------- d--h--w- c:\windows\$hf_mig$
2011-09-27 17:01:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-27 13:45:00 -------- d--h--w- C:\$AVG
2011-09-27 13:38:02 -------- d-----w- c:\documents and settings\jel boy\application data\AVG2012
2011-09-27 13:36:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-27 13:36:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-27 13:36:25 -------- d-----w- c:\program files\AVG
2011-09-27 13:32:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-27 13:32:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-27 13:31:02 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\SENukeX
2011-09-27 13:17:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-09-27 13:17:35 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-27 13:17:08 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Deployment
2011-09-27 13:15:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-27 13:10:40 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 13:09:36 19569 ----a-w- c:\windows\002552_.tmp
2011-09-27 13:08:44 -------- d-----w- c:\windows\EHome
2011-09-27 12:58:22 -------- d-----w- c:\documents and settings\jel boy\application data\CoreFTP
2011-09-27 12:57:44 -------- d-----w- c:\program files\CoreFTP
2011-09-27 12:45:15 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2011-09-27 12:31:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 12:24:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-27 12:24:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 12:22:22 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Mozilla
2011-09-27 11:51:12 -------- d-s---w- c:\documents and settings\jel boy\UserData
2011-09-27 11:48:36 -------- d--h--w- c:\windows\PIF
2011-09-27 11:10:13 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Identities
2011-09-27 11:09:29 -------- d-----w- c:\program files\Sun
2011-09-27 11:09:07 -------- d-----w- c:\program files\StatsRemote
2011-09-27 10:17:15 -------- d-----w- C:\Jel Documents
2011-09-27 10:02:18 -------- d-----w- c:\documents and settings\jel boy\statsremotedata
.
==================== Find3M ====================
.
2011-07-11 00:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 00:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 00:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 00:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 00:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 00:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 00:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 10:28:33.29 ===============
A reply because as usual I forgot to subscribe to the thread...
ok new log with it on my system, AVG detected zbot in systemrestore:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Jel Boy at 11:57:49 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2348 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F7D4101\V1\PBN.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 208.98.19.104:53269
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C6A3579-BE27-4D4B-8203-6D31A33A0060} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-9-27 845184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-28 07:41:45 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-28 07:09:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-28 07:09:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-09-28 07:08:34 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-28 07:07:25 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 07:07:24 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 07:03:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-28 07:03:28 -------- d-----w- c:\program files\MSXML 4.0
2011-09-28 07:03:27 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-09-28 05:21:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-28 05:21:19 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-09-28 05:21:09 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-28 05:21:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-09-28 05:19:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-28 05:19:57 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-09-28 05:18:18 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-09-28 05:18:12 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-09-28 05:18:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-09-28 05:18:09 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2011-09-28 05:18:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-09-28 05:18:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2011-09-28 02:00:14 -------- d-----w- c:\windows\system32\PreInstall
2011-09-28 02:00:13 -------- d--h--w- c:\windows\$hf_mig$
2011-09-27 17:01:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-27 13:45:00 -------- d--h--w- C:\$AVG
2011-09-27 13:38:02 -------- d-----w- c:\documents and settings\jel boy\application data\AVG2012
2011-09-27 13:36:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-27 13:36:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-27 13:36:25 -------- d-----w- c:\program files\AVG
2011-09-27 13:32:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-27 13:32:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-27 13:31:02 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\SENukeX
2011-09-27 13:17:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-09-27 13:17:35 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-27 13:17:08 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Deployment
2011-09-27 13:15:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-27 13:10:40 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 13:09:36 19569 ----a-w- c:\windows\002552_.tmp
2011-09-27 13:08:44 -------- d-----w- c:\windows\EHome
2011-09-27 12:58:22 -------- d-----w- c:\documents and settings\jel boy\application data\CoreFTP
2011-09-27 12:57:44 -------- d-----w- c:\program files\CoreFTP
2011-09-27 12:45:15 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2011-09-27 12:31:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 12:24:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-27 12:24:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 12:22:22 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Mozilla
2011-09-27 11:51:12 -------- d-s---w- c:\documents and settings\jel boy\UserData
2011-09-27 11:48:36 -------- d--h--w- c:\windows\PIF
2011-09-27 11:10:13 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Identities
2011-09-27 11:09:29 -------- d-----w- c:\program files\Sun
2011-09-27 11:09:07 -------- d-----w- c:\program files\StatsRemote
2011-09-27 10:17:15 -------- d-----w- C:\Jel Documents
2011-09-27 10:02:18 -------- d-----w- c:\documents and settings\jel boy\statsremotedata
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 00:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 00:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 00:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 00:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 00:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 00:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 00:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 11:58:04.45 ===============
Got this the other day, backed up files and formatted C & external D (now the I drive) drives, reinstalled windows xp but the malware keeps regenerating from various places. AVG finds and removes the threats, only to find them again a few hours later. It's currently 'clean' so I'm not entirely sure whether the log is any help at this particular instance, and whether I need to wait until AVG finds the next instance, and run the log before removing the threats?
Latest DDS below, ERUNT procedure has also been done. Many thanks in advance to whomever takes this one up :thanks:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by xxxxxxxx at 10:28:12 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2700 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F7D4101\V1\PBN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 208.98.19.104:53269
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C6A3579-BE27-4D4B-8203-6D31A33A0060} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-9-27 845184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-28 07:41:45 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-28 07:03:28 -------- d-----w- c:\program files\MSXML 4.0
2011-09-28 05:21:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-28 05:21:19 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-09-28 05:21:09 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-28 05:21:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-09-28 05:19:57 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-09-28 05:19:57 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-09-28 05:18:18 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-09-28 05:18:12 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-09-28 05:18:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-09-28 05:18:09 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2011-09-28 05:18:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-09-28 05:18:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2011-09-28 02:00:14 -------- d-----w- c:\windows\system32\PreInstall
2011-09-28 02:00:13 -------- d--h--w- c:\windows\$hf_mig$
2011-09-27 17:01:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-27 13:45:00 -------- d--h--w- C:\$AVG
2011-09-27 13:38:02 -------- d-----w- c:\documents and settings\jel boy\application data\AVG2012
2011-09-27 13:36:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-27 13:36:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-27 13:36:25 -------- d-----w- c:\program files\AVG
2011-09-27 13:32:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-27 13:32:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-27 13:31:02 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\SENukeX
2011-09-27 13:17:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-09-27 13:17:35 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-27 13:17:08 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Deployment
2011-09-27 13:15:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-27 13:10:40 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 13:09:36 19569 ----a-w- c:\windows\002552_.tmp
2011-09-27 13:08:44 -------- d-----w- c:\windows\EHome
2011-09-27 12:58:22 -------- d-----w- c:\documents and settings\jel boy\application data\CoreFTP
2011-09-27 12:57:44 -------- d-----w- c:\program files\CoreFTP
2011-09-27 12:45:15 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2011-09-27 12:31:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 12:24:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-27 12:24:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 12:22:22 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Mozilla
2011-09-27 11:51:12 -------- d-s---w- c:\documents and settings\jel boy\UserData
2011-09-27 11:48:36 -------- d--h--w- c:\windows\PIF
2011-09-27 11:10:13 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Identities
2011-09-27 11:09:29 -------- d-----w- c:\program files\Sun
2011-09-27 11:09:07 -------- d-----w- c:\program files\StatsRemote
2011-09-27 10:17:15 -------- d-----w- C:\Jel Documents
2011-09-27 10:02:18 -------- d-----w- c:\documents and settings\jel boy\statsremotedata
.
==================== Find3M ====================
.
2011-07-11 00:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 00:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 00:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 00:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 00:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 00:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 00:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 10:28:33.29 ===============
A reply because as usual I forgot to subscribe to the thread...
ok new log with it on my system, AVG detected zbot in systemrestore:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Jel Boy at 11:57:49 on 2011-09-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2348 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\F7D4101\V1\PBN.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 208.98.19.104:53269
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jelboy~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7C6A3579-BE27-4D4B-8203-6D31A33A0060} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-11-6 642432]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-9-27 845184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-28 07:41:45 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-28 07:09:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-28 07:09:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-09-28 07:08:34 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-28 07:07:25 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-28 07:07:24 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-28 07:03:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-28 07:03:28 -------- d-----w- c:\program files\MSXML 4.0
2011-09-28 07:03:27 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-09-28 05:21:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-28 05:21:19 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-09-28 05:21:09 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-28 05:21:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-09-28 05:19:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-28 05:19:57 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-09-28 05:18:18 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-09-28 05:18:12 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-09-28 05:18:09 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2011-09-28 05:18:09 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2011-09-28 05:18:09 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2011-09-28 05:18:09 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2011-09-28 02:00:14 -------- d-----w- c:\windows\system32\PreInstall
2011-09-28 02:00:13 -------- d--h--w- c:\windows\$hf_mig$
2011-09-27 17:01:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-27 13:45:00 -------- d--h--w- C:\$AVG
2011-09-27 13:38:02 -------- d-----w- c:\documents and settings\jel boy\application data\AVG2012
2011-09-27 13:36:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-27 13:36:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-27 13:36:25 -------- d-----w- c:\program files\AVG
2011-09-27 13:32:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-27 13:32:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-27 13:31:02 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\SENukeX
2011-09-27 13:17:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-09-27 13:17:35 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-27 13:17:08 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Deployment
2011-09-27 13:15:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-27 13:10:40 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 13:09:36 19569 ----a-w- c:\windows\002552_.tmp
2011-09-27 13:08:44 -------- d-----w- c:\windows\EHome
2011-09-27 12:58:22 -------- d-----w- c:\documents and settings\jel boy\application data\CoreFTP
2011-09-27 12:57:44 -------- d-----w- c:\program files\CoreFTP
2011-09-27 12:45:15 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2011-09-27 12:31:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-27 12:24:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-27 12:24:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 12:22:22 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Mozilla
2011-09-27 11:51:12 -------- d-s---w- c:\documents and settings\jel boy\UserData
2011-09-27 11:48:36 -------- d--h--w- c:\windows\PIF
2011-09-27 11:10:13 -------- d-----w- c:\documents and settings\jel boy\local settings\application data\Identities
2011-09-27 11:09:29 -------- d-----w- c:\program files\Sun
2011-09-27 11:09:07 -------- d-----w- c:\program files\StatsRemote
2011-09-27 10:17:15 -------- d-----w- C:\Jel Documents
2011-09-27 10:02:18 -------- d-----w- c:\documents and settings\jel boy\statsremotedata
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-11 00:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 00:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 00:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 00:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 00:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 00:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 00:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 11:58:04.45 ===============