Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: "Antivirus Soft" prevents various applications from running.

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    21

    Default "Antivirus Soft" prevents various applications from running.

    I have two user accounts on my laptop. On one of them, a "Windows Security Notice" balloon keeps popping up and informing me that my computer's been infiltrated/infected/please purchase this anti-virus program to make things all better.

    A program called "Antivirus Soft" then pops up and start to scan my stuff. I don't recall ever getting this program, and it seems a little shady. Internet (Firefox, not IE) and My Documents still work, if I can live with the balloons popping up in the corner every few minutes, but programs such as Spybot, ERUNT, and Control Panel can't run and a window that says 'Application somethingorother.exe cannot be excecuted.'

    On the other hand, weirdly enough, my other user account works just fine. So I'm using it to do all the ERUNT and HJT stuff. I hope it doesn't make a difference.

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 8:33:26 PM, on 16/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ualberta.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ateywsqo] C:\Documents and Settings\Rachel\Local Settings\Application Data\tioigk\oxibsftav.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=64&bd=pavilion&pf=laptop
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171605677359
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    --
    End of file - 10820 bytes


    If someone can take a look, and let me know what's going on, I'd really appreciate it!

    Thanks!

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    You told in the Waiting Room topic that issue may be resolved. Let's have a look at the current situation.

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    21

    Default

    Here are the requested logs:


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by School at 11:41:55.93 on 23/02/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2408 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    svchost.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\School\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.ualberta.ca/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [gelfbprd] c:\documents and settings\school\local settings\application data\mgvqap\drqmsftav.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [ateywsqo] c:\documents and settings\rachel\local settings\application data\tioigk\oxibsftav.exe
    mRun: [gelfbprd] c:\documents and settings\school\local settings\application data\mgvqap\drqmsftav.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\school\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171605677359
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\school\applic~1\mozilla\firefox\profiles\ph7vy5nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ualberta.ca/
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\school\application data\mozilla\firefox\profiles\ph7vy5nn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-16 28424]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2010-1-6 83584]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2010-1-6 14976]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2010-1-6 110464]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2010-1-6 104448]
    S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2010-1-6 25344]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2010-1-6 100480]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2010-1-6 109952]

    =============== Created Last 30 ================

    2010-02-17 03:32:53 0 d-----w- c:\program files\TrendMicro
    2010-02-16 04:53:39 0 d-----w- c:\windows\system32\wbem\Repository.001
    2010-02-16 04:53:05 0 d-----w- c:\windows\system32\scripting
    2010-02-16 04:53:04 0 d-----w- c:\windows\l2schemas
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\en
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\bits
    2010-02-16 04:06:43 0 d-sh--w- c:\documents and settings\school\PrivacIE
    2010-02-15 06:47:08 0 d-sh--w- c:\documents and settings\school\IETldCache
    2010-02-15 06:07:47 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 06:07:30 0 d-----w- c:\windows\ie8updates
    2010-02-15 06:06:54 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 06:06:54 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 06:06:04 0 dc-h--w- c:\windows\ie8

    ==================== Find3M ====================

    2010-01-05 10:00:21 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
    2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
    2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
    2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
    2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
    2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
    2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\quartz.dll
    2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
    2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
    2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
    2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
    2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
    2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
    2006-11-16 21:12:46 22 --sha-w- c:\windows\sminst\HPCD.sys
    2009-08-17 22:15:16 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 11:43:08.85 ===============






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/11/2006 11:59:37 AM
    System Uptime: 23/02/2010 11:34:01 AM (0 hours ago)

    Motherboard: Quanta | | 30BB
    Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U2E1 | 1729/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 100 GiB total, 30.197 GiB free.
    D: is FIXED (FAT32) - 11 GiB total, 1.194 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP166: 29/01/2010 11:31:19 PM - System Checkpoint
    RP167: 31/01/2010 6:06:58 PM - System Checkpoint
    RP168: 02/02/2010 4:32:06 PM - System Checkpoint
    RP169: 03/02/2010 4:44:38 PM - System Checkpoint
    RP170: 04/02/2010 11:05:43 PM - System Checkpoint
    RP171: 08/02/2010 11:50:56 PM - System Checkpoint
    RP172: 10/02/2010 3:00:30 AM - Software Distribution Service 3.0
    RP173: 11/02/2010 4:24:29 PM - System Checkpoint
    RP174: 13/02/2010 3:59:26 PM - System Checkpoint
    RP175: 14/02/2010 11:00:17 PM - Software Distribution Service 3.0
    RP176: 14/02/2010 11:37:31 PM - Removed Windows Live Messenger
    RP177: 14/02/2010 11:39:25 PM - Removed Apple Mobile Device Support
    RP178: 14/02/2010 11:41:58 PM - Removed Apple Software Update
    RP179: 14/02/2010 11:53:45 PM - Removed EA Download Manager UI
    RP180: 15/02/2010 12:42:54 AM - Software Distribution Service 3.0
    RP181: 15/02/2010 3:00:29 AM - Software Distribution Service 3.0
    RP182: 15/02/2010 9:42:58 PM - Software Distribution Service 3.0
    RP183: 16/02/2010 2:53:12 PM - Software Distribution Service 3.0
    RP184: 16/02/2010 8:32:53 PM - Installed HiJackThis
    RP185: 22/02/2010 10:35:58 PM - System Checkpoint

    ==== Installed Programs ======================


    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    Adobe Reader 9.1.2
    Adobe Shockwave Player
    AVG Free 9.0
    Bonjour
    BufferChm
    Conexant HD Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Creative MediaSource 5
    CueTour
    Destinations
    DeviceManagementQFolder
    EA Download Manager
    Easy Internet Sign-up
    ERUNT 1.1j
    FullDPAppQFolder
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Pavilion Webcam
    HP Pavilion Webcam Demo
    HP Photosmart Premier Software 6.0
    HP Quick Launch Buttons 6.10 A2
    HP QuickPlay 2.3
    HP Update
    HP User Guides 0035
    HP Wireless Assistant 2.00 G2
    HpSdpAppCoreApp
    InstantShareDevices
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Java(TM) 6 Update 11
    LG Bluetooth Drivers
    LG MC USB Modem driver
    LG USB Modem Drivers
    LightScribe 1.4.97.1
    LimeWire 5.4.6
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.5.8)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    muvee autoProducer 5.0
    My HP Games
    Netscape Browser (remove only)
    NetWaiting
    Office 2003 Trial Assistant
    OptionalContentQFolder
    Otto
    PhotoGallery
    QuickTime
    RandMap
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SkinsHP1
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    SonicAC3Encoder
    SonicMPEGEncoder
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    TourSetup
    Uninstall LG PC Suite III
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB895316
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB915381
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless Home Network Setup
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    18/02/2010 1:36:38 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DE481703. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    16/02/2010 5:30:36 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    16/02/2010 12:38:58 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================


    Thanks.

    -Rachel

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


    LimeWire


    I'd like you to read this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


    After that:

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    21

    Default

    Hi,

    Just a few inquiries before the logs, if you don't mind. Not that it's a problem removing Limewire or anything, but I was wondering, specifically, where my malware came from. Doing a surface google search of "Antivirus Soft," I figured that it most likely came from failing to keep up with updates to Adobe Reader.

    Basically, I'm just wondering if you had me remove Limewire because of the potential to attract malware, or if Limewire is where it originated from. Or is it actually because I clicked the "remind me later" button a few too many times when asked to update random programs.

    So if it's not too much trouble, if you can let me know specifically where my current malware came from, then I'd really appreciate it. Rather than just a blanket "make sure you update frequently to avoid future problems" solution.

    In summation: is my current issues due to P2P File Sharing Programs (Limewire), infrequent updating of suchandsuch programs, or is it from visting/downloading from shady websites?

    Thanks so much!

    Onward to the logs:

    ComboFix:

    ComboFix 10-02-27.04 - School 27/02/2010 16:52:59.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2538 [GMT -7:00]
    Running from: c:\documents and settings\School\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\EventSystem.log
    c:\windows\run.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
    .

    2010-02-17 09:13 . 2010-02-19 08:11 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\mgvqap
    2010-02-17 03:32 . 2010-02-17 03:32 388096 ----a-r- c:\documents and settings\School\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-17 03:32 . 2010-02-17 03:32 -------- d-----w- c:\program files\TrendMicro
    2010-02-17 03:24 . 2010-02-17 03:25 -------- d-----w- c:\program files\ERUNT
    2010-02-16 05:17 . 2010-02-16 05:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
    2010-02-16 05:14 . 2010-02-16 05:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-02-16 04:53 . 2010-02-16 05:13 -------- d-----w- c:\windows\system32\wbem\Repository.001
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\scripting
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\l2schemas
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\en
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\bits
    2010-02-16 04:06 . 2010-02-16 04:06 -------- d-sh--w- c:\documents and settings\School\PrivacIE
    2010-02-15 06:50 . 2010-02-15 06:51 38784 ----a-w- c:\documents and settings\School\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-02-15 06:49 . 2010-02-15 06:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-02-15 06:47 . 2010-02-15 06:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-02-15 06:47 . 2010-02-15 06:47 -------- d-sh--w- c:\documents and settings\School\IETldCache
    2010-02-15 06:07 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 06:07 . 2010-02-15 10:01 -------- d-----w- c:\windows\ie8updates
    2010-02-15 06:06 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 06:06 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 06:06 . 2010-02-15 06:06 -------- dc-h--w- c:\windows\ie8
    2010-02-03 00:20 . 2010-02-03 00:20 -------- d-----w- c:\documents and settings\School\Application Data\DivX
    2010-02-01 08:54 . 2010-02-01 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-02-01 08:49 . 2010-02-01 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-27 23:28 . 2009-07-31 07:42 -------- d-----w- c:\program files\LimeWire
    2010-02-27 23:09 . 2010-01-19 05:23 0 ----a-w- c:\documents and settings\School\Local Settings\Application Data\prvlcl.dat
    2010-02-16 19:39 . 2006-09-14 06:33 97608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-16 05:18 . 2006-11-23 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-02-16 04:57 . 2006-06-29 18:43 92447 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-02-15 06:50 . 2009-08-18 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2010-02-15 06:46 . 2009-07-30 03:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-15 06:42 . 2006-09-14 06:53 -------- d-----w- c:\program files\GemMaster
    2010-02-15 06:36 . 2009-08-13 02:10 -------- d-----w- c:\documents and settings\School\Application Data\uTorrent
    2010-02-10 04:43 . 2007-01-23 06:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-01 08:49 . 2006-11-16 19:15 -------- d-----w- c:\program files\Google
    2010-01-26 22:11 . 2009-11-23 21:26 79488 ----a-w- c:\documents and settings\School\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-01-07 02:06 . 2010-01-07 02:05 -------- d-----w- c:\program files\LG Electronics
    2010-01-07 02:06 . 2006-09-14 05:27 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-07 02:05 . 2010-01-07 02:05 -------- d--h--w- c:\documents and settings\School\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
    2010-01-07 02:05 . 2010-01-07 02:05 -------- d-----w- c:\documents and settings\School\Application Data\LG Electronics
    2009-12-31 16:50 . 2005-05-10 08:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2006-03-16 04:00 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2006-03-16 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2006-03-16 04:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2006-03-16 04:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-04 18:22 . 2005-01-19 12:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2006-11-16 21:12 . 2006-11-16 21:12 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2009-08-17 22:15 . 2009-08-17 22:15 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\School\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-16 102400]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-02 22:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/03/2009 5:00 PM 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/03/2009 5:00 PM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [02/11/2009 3:06 PM 285392]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 12:33 PM 721904]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 1:49 AM 135664]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 6:19 PM 13592]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [06/06/2006 1:39 PM 61952]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [06/01/2010 7:06 PM 83584]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [06/01/2010 7:06 PM 14976]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [06/01/2010 7:06 PM 110464]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [06/01/2010 7:06 PM 104448]
    S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [06/01/2010 7:06 PM 25344]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [06/01/2010 7:06 PM 100480]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [06/01/2010 7:06 PM 109952]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 08:49]

    2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 08:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.ualberta.ca/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\ph7vy5nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ualberta.ca/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\ph7vy5nn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKCU-Run-gelfbprd - c:\documents and settings\School\Local Settings\Application Data\mgvqap\drqmsftav.exe
    HKLM-Run-ateywsqo - c:\documents and settings\Rachel\Local Settings\Application Data\tioigk\oxibsftav.exe
    HKLM-Run-gelfbprd - c:\documents and settings\School\Local Settings\Application Data\mgvqap\drqmsftav.exe
    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???xc??????`?@?????L?@

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Completion time: 2010-02-27 17:00:42
    ComboFix-quarantined-files.txt 2010-02-28 00:00
    ComboFix2.txt 2009-07-19 04:55

    Pre-Run: 32,748,351,488 bytes free
    Post-Run: 32,746,582,016 bytes free

    - - End Of File - - 23C411AAE14BCADC17FA4F19079116C5



    New DDS:


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by School at 17:03:20.67 on 27/02/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2432 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\ComboFix\CF5905.cfxxe
    C:\ComboFix\mbr.cfxxe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\School\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.ualberta.ca/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\school\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171605677359
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\school\applic~1\mozilla\firefox\profiles\ph7vy5nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ualberta.ca/
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\school\application data\mozilla\firefox\profiles\ph7vy5nn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-16 28424]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2010-1-6 83584]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2010-1-6 14976]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2010-1-6 110464]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2010-1-6 104448]
    S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2010-1-6 25344]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2010-1-6 100480]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2010-1-6 109952]

    =============== Created Last 30 ================

    2010-02-27 23:51:58 98816 ----a-w- c:\windows\sed.exe
    2010-02-27 23:51:58 77312 ----a-w- c:\windows\MBR.exe
    2010-02-27 23:51:58 261632 ----a-w- c:\windows\PEV.exe
    2010-02-27 23:51:58 161792 ----a-w- c:\windows\SWREG.exe
    2010-02-27 23:50:11 0 d-----w- C:\ComboFix
    2010-02-17 03:32:53 0 d-----w- c:\program files\TrendMicro
    2010-02-16 04:53:39 0 d-----w- c:\windows\system32\wbem\Repository.001
    2010-02-16 04:53:05 0 d-----w- c:\windows\system32\scripting
    2010-02-16 04:53:04 0 d-----w- c:\windows\l2schemas
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\en
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\bits
    2010-02-16 04:06:43 0 d-sh--w- c:\documents and settings\school\PrivacIE
    2010-02-15 06:47:08 0 d-sh--w- c:\documents and settings\school\IETldCache
    2010-02-15 06:07:47 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 06:07:30 0 d-----w- c:\windows\ie8updates
    2010-02-15 06:06:54 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 06:06:54 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 06:06:04 0 dc-h--w- c:\windows\ie8

    ==================== Find3M ====================

    2010-01-05 10:00:21 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
    2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
    2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
    2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
    2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
    2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
    2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2006-11-16 21:12:46 22 --sha-w- c:\windows\sminst\HPCD.sys
    2009-08-17 22:15:16 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 17:03:41.62 ===============


    Thanks again!

    - Rachel.

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi Rachel,

    In summation: is my current issues due to P2P File Sharing Programs (Limewire), infrequent updating of suchandsuch programs, or is it from visting/downloading from shady websites?
    It's not possible to say exact origin for the infection but any of those can be the culprit.

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Jun 2009
    Posts
    21

    Default

    Hi,

    Thanks for the answer!

    Here's the log:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3816
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/03/2010 5:42:46 PM
    mbam-log-2010-03-02 (17-42-46).txt

    Scan type: Quick Scan
    Objects scanned: 135639
    Time elapsed: 12 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\adivx.alphadivx (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{3b236bee-8200-421d-919d-ca17d5739d8f} (Rogue.Installer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Thanks!

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Folder::
    c:\documents and settings\School\Local Settings\Application Data\mgvqap
    c:\program files\LimeWire
    c:\documents and settings\School\Application Data\uTorrent
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.

    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


    Uninstall also these:
    Macromedia Flash Player 8
    Macromedia Shockwave Player



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Jun 2009
    Posts
    21

    Default

    Hi!

    Just one quick question before the logs, since I don't use Internet Explorer, can I just remove it?

    Here are the logs:

    ComboFix:

    ComboFix 10-03-07.02 - School 07/03/2010 14:02:53.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2432 [GMT -7:00]
    Running from: c:\documents and settings\School\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\School\Desktop\CFScript.txt.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\School\Application Data\uTorrent
    c:\documents and settings\School\Application Data\uTorrent\daemon4303-lite.exe.torrent
    c:\documents and settings\School\Application Data\uTorrent\dht.dat
    c:\documents and settings\School\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\School\Application Data\uTorrent\Psychology Themes and Variations 7th Edition by Wayne Weiten.pdf.torrent
    c:\documents and settings\School\Application Data\uTorrent\resume.dat
    c:\documents and settings\School\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\School\Application Data\uTorrent\rss.dat
    c:\documents and settings\School\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\School\Application Data\uTorrent\settings.dat
    c:\documents and settings\School\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\School\Application Data\uTorrent\The Sims 3 - Razor1911 Final MAXSPEED +vetsoljers patch to 1.3.24.torrent
    c:\documents and settings\School\Application Data\uTorrent\The Sims 3 - Razor1911 Final MAXSPEED.torrent
    c:\documents and settings\School\Application Data\uTorrent\The Sims 3 Addons[2009]-LW.torrent
    c:\documents and settings\School\Application Data\uTorrent\The.Sims.3.Download.Content.Addon-FASDOX.torrent
    c:\documents and settings\School\Local Settings\Application Data\mgvqap
    c:\program files\LimeWire
    c:\program files\LimeWire\lib\swingx-1.0.jar
    c:\program files\LimeWire\lib\UnpackedJars.7z
    c:\program files\LimeWire\LimeWire.jar.tmp
    c:\program files\LimeWire\LimeWire.pack
    c:\program files\LimeWire\msvcr71.dll
    c:\program files\LimeWire\unpack200.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
    .

    2010-03-03 00:21 . 2010-03-03 00:21 -------- d-----w- c:\documents and settings\School\Application Data\Malwarebytes
    2010-03-03 00:21 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-03 00:21 . 2010-03-03 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-03 00:21 . 2010-03-03 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-03 00:21 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-17 03:32 . 2010-02-17 03:32 388096 ----a-r- c:\documents and settings\School\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-17 03:32 . 2010-02-17 03:32 -------- d-----w- c:\program files\TrendMicro
    2010-02-17 03:24 . 2010-02-17 03:25 -------- d-----w- c:\program files\ERUNT
    2010-02-16 05:17 . 2010-02-16 05:17 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
    2010-02-16 05:14 . 2010-02-16 05:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-02-16 04:53 . 2010-02-16 05:13 -------- d-----w- c:\windows\system32\wbem\Repository.001
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\scripting
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\l2schemas
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\en
    2010-02-16 04:53 . 2010-02-16 04:53 -------- d-----w- c:\windows\system32\bits
    2010-02-16 04:06 . 2010-02-16 04:06 -------- d-sh--w- c:\documents and settings\School\PrivacIE
    2010-02-15 06:50 . 2010-02-15 06:51 38784 ----a-w- c:\documents and settings\School\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-02-15 06:49 . 2010-02-15 06:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-02-15 06:47 . 2010-02-15 06:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-02-15 06:47 . 2010-02-15 06:47 -------- d-sh--w- c:\documents and settings\School\IETldCache
    2010-02-15 06:07 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 06:07 . 2010-02-15 10:01 -------- d-----w- c:\windows\ie8updates
    2010-02-15 06:06 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 06:06 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 06:06 . 2010-02-15 06:06 -------- dc-h--w- c:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-06 08:09 . 2010-01-19 05:23 0 ----a-w- c:\documents and settings\School\Local Settings\Application Data\prvlcl.dat
    2010-02-16 19:39 . 2006-09-14 06:33 97608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-16 05:18 . 2006-11-23 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-02-16 04:57 . 2006-06-29 18:43 92447 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-02-15 06:50 . 2009-08-18 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2010-02-15 06:46 . 2009-07-30 03:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-02-15 06:42 . 2006-09-14 06:53 -------- d-----w- c:\program files\GemMaster
    2010-02-10 04:43 . 2007-01-23 06:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-03 00:20 . 2010-02-03 00:20 -------- d-----w- c:\documents and settings\School\Application Data\DivX
    2010-02-01 08:49 . 2006-11-16 19:15 -------- d-----w- c:\program files\Google
    2010-01-26 22:11 . 2009-11-23 21:26 79488 ----a-w- c:\documents and settings\School\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-01-07 02:06 . 2010-01-07 02:05 -------- d-----w- c:\program files\LG Electronics
    2010-01-07 02:06 . 2006-09-14 05:27 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-07 02:05 . 2010-01-07 02:05 -------- d--h--w- c:\documents and settings\School\Application Data\{D94BA408-F110-488B-A65E-3AE7945F79E6}
    2010-01-07 02:05 . 2010-01-07 02:05 -------- d-----w- c:\documents and settings\School\Application Data\LG Electronics
    2009-12-31 16:50 . 2005-05-10 08:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2006-03-16 04:00 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 2006-03-16 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2006-03-16 04:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2006-03-16 04:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2006-11-16 21:12 . 2006-11-16 21:12 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2009-08-17 22:15 . 2009-08-17 22:15 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-02-27_23.59.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-03-07 20:49 . 2010-03-07 20:49 16384 c:\windows\temp\Perflib_Perfdata_104.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    c:\documents and settings\School\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-16 102400]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-02 22:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/03/2009 5:00 PM 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/03/2009 5:00 PM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [02/11/2009 3:06 PM 285392]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 12:33 PM 721904]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 1:49 AM 135664]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 6:19 PM 13592]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [06/06/2006 1:39 PM 61952]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [06/01/2010 7:06 PM 83584]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [06/01/2010 7:06 PM 14976]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [06/01/2010 7:06 PM 110464]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [06/01/2010 7:06 PM 104448]
    S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [06/01/2010 7:06 PM 25344]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [06/01/2010 7:06 PM 100480]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [06/01/2010 7:06 PM 109952]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 08:49]

    2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 08:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.ualberta.ca/
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\ph7vy5nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ualberta.ca/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\ph7vy5nn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-07 14:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???xc??????`?@?????L?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-03-07 14:14:48
    ComboFix-quarantined-files.txt 2010-03-07 21:14
    ComboFix2.txt 2010-02-28 00:00
    ComboFix3.txt 2009-07-19 04:55

    Pre-Run: 32,513,753,088 bytes free
    Post-Run: 32,481,140,736 bytes free

    - - End Of File - - D0544A09478032A6D96A416F2D27FD57

    KAS:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, March 7, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Sunday, March 07, 2010 17:06:29
    Records in database: 3730576
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 124235
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 02:37:16


    File name / Threat / Threats count
    C:\Documents and Settings\School\My Documents\My Music\gwen stefani - crash-xcd.wma Infected: Trojan-Downloader.WMA.Wimad.t 1
    C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP183\A0061553.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

    Selected area has been scanned.

    DDS:


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by School at 21:24:35.54 on 07/03/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2237 [GMT -7:00]

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    svchost.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\School\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.ualberta.ca/
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\school\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171605677359
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\school\applic~1\mozilla\firefox\profiles\ph7vy5nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ualberta.ca/
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\school\application data\mozilla\firefox\profiles\ph7vy5nn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-16 28424]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
    S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2010-1-6 83584]
    S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2010-1-6 14976]
    S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2010-1-6 110464]
    S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2010-1-6 104448]
    S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2010-1-6 25344]
    S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2010-1-6 100480]
    S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2010-1-6 109952]

    =============== Created Last 30 ================

    2010-03-08 01:02:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-03-03 00:21:33 0 d-----w- c:\docume~1\school\applic~1\Malwarebytes
    2010-03-03 00:21:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-03 00:21:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-03-03 00:21:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-03 00:21:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-27 23:51:58 98816 ----a-w- c:\windows\sed.exe
    2010-02-27 23:51:58 77312 ----a-w- c:\windows\MBR.exe
    2010-02-27 23:51:58 261632 ----a-w- c:\windows\PEV.exe
    2010-02-27 23:51:58 161792 ----a-w- c:\windows\SWREG.exe
    2010-02-17 03:32:53 0 d-----w- c:\program files\TrendMicro
    2010-02-16 04:53:39 0 d-----w- c:\windows\system32\wbem\Repository.001
    2010-02-16 04:53:05 0 d-----w- c:\windows\system32\scripting
    2010-02-16 04:53:04 0 d-----w- c:\windows\l2schemas
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\en
    2010-02-16 04:53:03 0 d-----w- c:\windows\system32\bits
    2010-02-16 04:06:43 0 d-sh--w- c:\documents and settings\school\PrivacIE
    2010-02-15 06:47:08 0 d-sh--w- c:\documents and settings\school\IETldCache
    2010-02-15 06:07:47 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-15 06:07:30 0 d-----w- c:\windows\ie8updates
    2010-02-15 06:06:54 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-15 06:06:54 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-15 06:06:04 0 dc-h--w- c:\windows\ie8

    ==================== Find3M ====================

    2010-03-08 01:02:03 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-01-05 10:00:21 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
    2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
    2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
    2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
    2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
    2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
    2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
    2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
    2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
    2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
    2006-11-16 21:12:46 22 --sha-w- c:\windows\sminst\HPCD.sys
    2009-08-17 22:15:16 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 21:25:18.34 ===============

    Thanks!

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Just one quick question before the logs, since I don't use Internet Explorer, can I just remove it?
    Internet Explorer is also handling stuff that are not related to browsing. To keep issues away I recommend to leave it installed.


    Delete C:\Documents and Settings\School\My Documents\My Music\gwen stefani - crash-xcd.wma file.

    How's the system running now?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •