Hi, I'm having problems with my laptop since yesterday every time I start the computer I get errors and have several problems.
(Warning: I'm still learning english, I'm sorry if you find my post hard to understand.:red
At the moment the problems are: very slow internet speed, errors that when I close them pop up again and again. Some of my programs that usually starts when windows is loading like Messenger and other do not start.
At the beggining every time I started the computer when my desktop was loading I was getting a message saying that the computer was going to restart and a 1minute countdown began. After searching on the internet these errors and reading a lot I downloaded ''Microsoft Windows Malicious Software Removal Tool'' but things were not a lot better after that.
So I found these forum and for the first time ever I decided to ask for help instead of using the solutions for other people problems.
I read the stickys so here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:30 p.m., on 08/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\swveoks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\lsass.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=pa&l=es&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [22167] C:\swveoks.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Start WebEx MeetMeNow.LNK = C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmpad.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.oracle.com
O15 - Trusted Zone: *.oracleads.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-AR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://h35.e-tmm.com/bin/tol9inst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://oracleapp-test.ecb.local:8000/jinitiator/oajinit.exe
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://test.dicarina.com:8000/OA_HTML/oaj2se.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9c3962808ac1c) (gupdate1c9c3962808ac1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 11286 bytes
----------------------------------------------------------------------------
The errors and problems that I was searching when I found this forum were very similar to http://forums.spybot.info/showthread.php?t=48747
So I downloaded Combofix and this is the log I got.
ComboFix 09-08-10.06 - ALBA RODRIGUEZ 08/15/2009 22:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.647 [GMT -5:00]
Running from: c:\documents and settings\ALBA RODRIGUEZ\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\gcdppgxd.exe
C:\jnvcbaox.exe
C:\kakv.exe
C:\lsass.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077
c:\recycler\S-1-5-21-1255473585-4039173906-540244808-6763
c:\recycler\S-1-5-21-2028910969-1329170728-957000054-2510
c:\recycler\S-1-5-21-3028035508-3259013217-600375532-4802
c:\recycler\S-1-5-21-3256722686-8830066983-297609259-6200
c:\recycler\S-1-5-21-3270354334-6947708999-654141051-7867
c:\recycler\S-1-5-21-3971665655-2589549331-997902405-4420
c:\recycler\S-1-5-21-4764804922-6607202198-106772242-5989
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735\Desktop.ini
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735\sysdate.exe
c:\recycler\S-1-5-21-6467061666-2656453958-348116565-1694
c:\recycler\S-1-5-21-6753735123-7404124187-450654712-0092
C:\test.txt
c:\tutor\Author\Doc Types\_desktop.ini
c:\tutor\Author\Doc Types\Danish\_desktop.ini
c:\tutor\Author\Doc Types\Dutch\_desktop.ini
c:\tutor\Author\Doc Types\English (US)\_desktop.ini
c:\tutor\Author\Doc Types\Finnish\_desktop.ini
c:\tutor\Author\Doc Types\French Canadian\_desktop.ini
c:\tutor\Author\Doc Types\French\_desktop.ini
c:\tutor\Author\Doc Types\German\_desktop.ini
c:\tutor\Author\Doc Types\Italian\_desktop.ini
c:\tutor\Author\Doc Types\Japanese\_desktop.ini
c:\tutor\Author\Doc Types\Korean\_desktop.ini
c:\tutor\Author\Doc Types\Portuguese\_desktop.ini
c:\tutor\Author\Doc Types\Simplified Chinese\_desktop.ini
c:\tutor\Author\Doc Types\Spanish\_desktop.ini
c:\tutor\Author\Doc Types\Traditional Chinese\_desktop.ini
c:\tutor\Author\HeaderFooter\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Danish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Dutch\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\English (US)\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Finnish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\French Canadian\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\French\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\German\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Italian\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Japanese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Korean\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Portuguese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Simplified Chinese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Spanish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Traditional Chinese\_desktop.ini
c:\tutor\Tutor\Author\HeaderFooter\_desktop.ini
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmie.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmim.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmoi.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmpad.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres1.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
c:\windows\Installer\1c2e4c5.msp
c:\windows\Installer\1eaae90.msp
c:\windows\Installer\36b4b82.msp
c:\windows\Installer\6936e0.msp
c:\windows\Installer\ce480b.msp
c:\windows\system32\drivers\18f922fc.sys
c:\windows\system32\drivers\857e0889.sys
c:\windows\system32\drivers\9204a8fb.sys
c:\windows\system32\drivers\dcf92a.sys
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\Uk2de32.exe
C:\yfkouhh.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_18f922fc
-------\Service_9204a8fb
-------\Service_glaide32
-------\Service_dcf92a
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 03:25 . 2009-08-16 03:26 17920 ----a-w- C:\lsass.exe
2009-08-16 03:01 . 2009-08-16 03:01 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-16 03:01 . 2009-08-16 03:01 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-16 03:01 . 2009-08-16 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-16 02:18 . 2009-08-16 02:18 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\AVG8
2009-08-16 02:15 . 2009-08-16 02:51 40960 ----a-w- C:\nayojmty.exe
2009-08-16 02:14 . 2009-08-16 02:17 45916 ----a-w- C:\erjjsk.exe
2009-08-16 01:46 . 2009-08-16 01:47 -------- d-----w- c:\windows\system32\NtmsData
2009-08-16 01:25 . 2009-08-16 01:55 20480 ----a-w- C:\hmicb.exe
2009-08-16 01:20 . 2009-08-16 03:23 17920 ----a-w- C:\swveoks.exe
2009-08-15 05:23 . 2009-08-16 02:15 91648 ----a-w- C:\yaewfl.exe
2009-08-15 05:22 . 2009-08-16 02:14 204635 ----a-w- C:\lyusoqm.exe
2009-08-15 05:21 . 2009-08-16 01:23 75264 --sh--r- c:\windows\mscth32.exe
2009-08-15 05:20 . 2009-08-16 02:14 91648 ----a-w- C:\jfhsanka.exe
2009-08-15 05:20 . 2009-08-16 02:14 204635 ----a-w- C:\hflqw.exe
2009-08-14 02:15 . 2009-08-14 02:15 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\teamspeak2
2009-08-14 02:14 . 2009-08-14 02:15 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-12 15:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 02:32 . 2009-08-05 02:32 272384 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-08-05 02:32 . 2009-08-05 02:32 192512 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-08-05 02:31 . 2009-08-05 02:31 258048 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-08-05 02:30 . 2009-08-05 02:30 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon
2009-08-05 02:29 . 2009-08-15 13:53 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Local Settings\Application Data\._Revolution_
2009-08-02 02:41 . 2009-08-02 02:41 -------- d-----w- c:\windows\system32\x64
2009-08-02 02:37 . 2008-12-12 15:34 57344 ----a-w- c:\windows\system32\igxprd32.dll
2009-08-02 02:37 . 2008-12-12 15:34 2026604 ----a-w- c:\windows\system32\igkrng500.bin
2009-08-02 02:37 . 2008-12-12 15:33 6048768 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2009-08-02 02:37 . 2008-12-12 15:40 147456 ----a-w- c:\windows\system32\igfxCoIn_v5016.dll
2009-08-02 02:37 . 2008-12-12 15:35 3398656 ----a-w- c:\windows\system32\igxpdx32.dll
2009-08-02 02:37 . 2008-12-12 15:34 2350368 ----a-w- c:\windows\system32\igxpdv32.dll
2009-08-02 02:37 . 2008-12-12 15:34 442964 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-08-02 02:37 . 2008-12-12 15:34 181760 ----a-w- c:\windows\system32\igxpgd32.dll
2009-08-02 02:37 . 2008-12-12 15:24 2281472 ----a-w- c:\windows\system32\ig4dev32.dll
2009-08-02 02:37 . 2008-12-12 15:17 3895296 ----a-w- c:\windows\system32\ig4icd32.dll
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Local Settings\Application Data\Innovative Solutions
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\program files\Innovative Solutions
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-08-02 01:49 . 2009-08-02 01:49 -------- d-----w- C:\Intel
2009-07-20 16:48 . 2009-08-07 06:28 -------- d-----w- c:\program files\World of Warcraft
2009-07-19 05:45 . 2009-07-19 05:45 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Reallusion
2009-07-17 23:26 . 2009-07-17 23:26 -------- d-----w- c:\program files\Common Files\Reallusion
2009-07-17 23:26 . 2008-09-20 05:41 37560 ----a-w- c:\windows\system32\drivers\CamSuiteVAC.sys
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:53 . 2009-04-22 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:40 . 2006-12-13 01:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 01:58 . 2008-09-10 03:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-02 01:52 . 2009-04-06 04:55 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab
2009-07-20 16:25 . 2008-09-25 04:15 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:05 . 2009-06-25 13:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 04:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 14:03 . 2009-07-05 17:04 -------- d-----w- c:\program files\Winferno
2009-07-06 06:24 . 2009-07-06 06:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-05 17:41 . 2009-05-29 20:48 -------- d-----w- c:\program files\PartyGaming
2009-07-05 17:13 . 2009-07-05 17:12 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Digsby
2009-07-05 17:09 . 2009-07-05 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-06-26 16:50 . 2004-08-11 23:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 04:40 . 2009-06-26 04:38 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-26 04:39 . 2009-06-26 04:39 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-26 04:39 . 2009-06-26 04:39 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-26 04:39 . 2009-06-26 04:39 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\TuneUp Software
2009-06-26 04:38 . 2009-06-26 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-26 04:38 . 2009-06-26 04:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-25 22:14 . 2009-06-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-25 19:57 . 2009-06-25 05:02 -------- d-----w- c:\program files\Starcraft
2009-06-25 00:39 . 2008-08-22 22:20 -------- d-----w- c:\program files\Google
2009-06-24 19:02 . 2009-06-24 19:02 -------- d-----w- c:\program files\Microsoft
2009-06-24 19:02 . 2009-06-24 19:01 -------- d-----w- c:\program files\Windows Live
2009-06-19 23:06 . 2009-06-19 18:17 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 23:06 . 2009-06-19 18:17 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\NCH Swift Sound
2009-06-19 19:41 . 2009-06-19 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-06-19 19:10 . 2008-08-29 05:09 -------- d-----w- c:\program files\Microsoft Games
2009-06-19 18:19 . 2009-06-19 18:19 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Recordpad
2009-06-19 18:17 . 2009-06-19 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-19 18:17 . 2009-06-19 18:17 -------- d-----w- c:\program files\NCH Software
2009-06-16 14:36 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-11 23:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 23:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-11 23:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-11 23:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-11 23:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-11 23:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 14:20 . 2009-05-31 14:20 390664 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2008-11-25 16:14 . 2008-11-25 16:14 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-25 16:14 . 2008-11-25 16:14 125840 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-25 16:14 . 2008-11-25 16:14 98704 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-11-25 16:14 . 2008-11-25 16:14 107848 ----a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"32100"="C:\swveoks.exe" [2009-08-16 17920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-8-22 49254]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Start WebEx MeetMeNow.LNK - c:\program files\Mozilla Firefox\plugins\MyWebEx\419\mwmpad.exe [2008-11-25 435528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-04-01 22:48 24668 ----a-w- c:\windows\system32\ckpNotify.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\BPA Symbol Editor.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\BPAAdm.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jsl\\simusrv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\olite\\msql.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\appletviewer.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\extcheck.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\HtmlConverter.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\idlj.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jar.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jarsigner.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javac.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javadoc.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javah.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javap.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jdb.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\keytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\kinit.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\klist.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\ktab.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\native2ascii.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\orbd.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\packager.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\policytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmic.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmid.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\serialver.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\servertool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\tnameserv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jpicpl32.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jucheck.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jusched.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\keytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\kinit.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\klist.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\ktab.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\orbd.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\policytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\rmid.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\servertool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\tnameserv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\javaws\\javaws.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\orabprserverw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\Oracle Business Process Architect.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\swveoks.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16050:TCP"= 16050:TCP:aris70_name_public
"16051:TCP"= 16051:TCP:aris70_name_private
"16052:TCP"= 16052:TCP:aris70_admin
"16053:TCP"= 16053:TCP:aris70_admin_agent
"16054:TCP"= 16054:TCP:aris70_Sybase
"16055:TCP"= 16055:TCP:aris70_local_public
"16056:TCP"= 16056:TCP:aris70_local_Sybasev
"16057:TCP"= 16057:TCP:aris70_local_private
"16058:TCP"= 16058:TCP:aris70_local_admin
"16059:TCP"= 16059:TCP:aris70_bp_service
"4500:UDP"= 4500:UDP:200.46.56.50/255.255.255.255:Enabled:IKE Keep-Alive Messages-1
"500:UDP"= 500:UDP:IKE Keep-Alive Messages-2
"3724:TCP"= 3724:TCP:*
isabled:Blizzard Downloader: 3724
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [11/10/2008 10:07 p.m. 17424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [06/25/2009 11:39 p.m. 604416]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [11/10/2008 10:07 p.m. 670128]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [07/17/2009 06:26 p.m. 37560]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [11/10/2008 10:07 p.m. 2041744]
S2 gupdate1c9c3962808ac1c;Google Update Service (gupdate1c9c3962808ac1c);c:\program files\Google\Update\GoogleUpdate.exe [04/22/2009 05:03 p.m. 133104]
S2 wowsystemcode123;Remote TCP/IP;c:\windows\System32\svchost.exe -k netsvcs [08/11/2004 06:00 p.m. 14336]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [08/15/2009 10:01 p.m. 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [08/15/2009 10:01 p.m. 29208]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [11/10/2008 10:07 p.m. 14924]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
wowsystemcode123
.
Contents of the 'Scheduled Tasks' folder
2009-08-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 20:37]
2009-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 21:53]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:03]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:03]
2009-08-16 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-24 13:53]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=pa&l=es&s=gen
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: oracle.com
Trusted Zone: oracleads.com
FF - ProfilePath - c:\documents and settings\ALBA RODRIGUEZ\Application Data\Mozilla\Firefox\Profiles\fsphyfa6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 22:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
c:\windows\system32\dwwin.exe
C:\lsass.exe
.
**************************************************************************
.
Completion time: 2009-08-16 22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 03:30
Pre-Run: 15,858,831,360 bytes free
Post-Run: 16,865,198,080 bytes free
419 --- E O F --- 2009-08-13 08:08
Thank you
By the way I used Combofix before HJT.
----------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Do NOT run 'FIXES' before helpers have analyzed the HJT log
(Warning: I'm still learning english, I'm sorry if you find my post hard to understand.:red
At the moment the problems are: very slow internet speed, errors that when I close them pop up again and again. Some of my programs that usually starts when windows is loading like Messenger and other do not start.
At the beggining every time I started the computer when my desktop was loading I was getting a message saying that the computer was going to restart and a 1minute countdown began. After searching on the internet these errors and reading a lot I downloaded ''Microsoft Windows Malicious Software Removal Tool'' but things were not a lot better after that.
So I found these forum and for the first time ever I decided to ask for help instead of using the solutions for other people problems.
I read the stickys so here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:30 p.m., on 08/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\swveoks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\lsass.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.aspx?c=pa&l=es&s=gen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [22167] C:\swveoks.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Start WebEx MeetMeNow.LNK = C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmpad.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\Program Files\Mozilla Firefox\plugins\MyWebEx\419\mwmie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.oracle.com
O15 - Trusted Zone: *.oracleads.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-AR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://h35.e-tmm.com/bin/tol9inst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://oracleapp-test.ecb.local:8000/jinitiator/oajinit.exe
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) - http://test.dicarina.com:8000/OA_HTML/oaj2se.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/mwmus/tool/systemcheck/ieatgpc.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9c3962808ac1c) (gupdate1c9c3962808ac1c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 11286 bytes
----------------------------------------------------------------------------
The errors and problems that I was searching when I found this forum were very similar to http://forums.spybot.info/showthread.php?t=48747
So I downloaded Combofix and this is the log I got.
ComboFix 09-08-10.06 - ALBA RODRIGUEZ 08/15/2009 22:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.647 [GMT -5:00]
Running from: c:\documents and settings\ALBA RODRIGUEZ\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\gcdppgxd.exe
C:\jnvcbaox.exe
C:\kakv.exe
C:\lsass.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077
c:\recycler\S-1-5-21-1255473585-4039173906-540244808-6763
c:\recycler\S-1-5-21-2028910969-1329170728-957000054-2510
c:\recycler\S-1-5-21-3028035508-3259013217-600375532-4802
c:\recycler\S-1-5-21-3256722686-8830066983-297609259-6200
c:\recycler\S-1-5-21-3270354334-6947708999-654141051-7867
c:\recycler\S-1-5-21-3971665655-2589549331-997902405-4420
c:\recycler\S-1-5-21-4764804922-6607202198-106772242-5989
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735\Desktop.ini
c:\recycler\S-1-5-21-6229093691-3327376383-454318993-7735\sysdate.exe
c:\recycler\S-1-5-21-6467061666-2656453958-348116565-1694
c:\recycler\S-1-5-21-6753735123-7404124187-450654712-0092
C:\test.txt
c:\tutor\Author\Doc Types\_desktop.ini
c:\tutor\Author\Doc Types\Danish\_desktop.ini
c:\tutor\Author\Doc Types\Dutch\_desktop.ini
c:\tutor\Author\Doc Types\English (US)\_desktop.ini
c:\tutor\Author\Doc Types\Finnish\_desktop.ini
c:\tutor\Author\Doc Types\French Canadian\_desktop.ini
c:\tutor\Author\Doc Types\French\_desktop.ini
c:\tutor\Author\Doc Types\German\_desktop.ini
c:\tutor\Author\Doc Types\Italian\_desktop.ini
c:\tutor\Author\Doc Types\Japanese\_desktop.ini
c:\tutor\Author\Doc Types\Korean\_desktop.ini
c:\tutor\Author\Doc Types\Portuguese\_desktop.ini
c:\tutor\Author\Doc Types\Simplified Chinese\_desktop.ini
c:\tutor\Author\Doc Types\Spanish\_desktop.ini
c:\tutor\Author\Doc Types\Traditional Chinese\_desktop.ini
c:\tutor\Author\HeaderFooter\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Danish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Dutch\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\English (US)\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Finnish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\French Canadian\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\French\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\German\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Italian\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Japanese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Korean\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Portuguese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Simplified Chinese\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Spanish\_desktop.ini
c:\tutor\Tutor\Author\Doc Types\Traditional Chinese\_desktop.ini
c:\tutor\Tutor\Author\HeaderFooter\_desktop.ini
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmie.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmim.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmoi.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmpad.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres1.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
c:\windows\Installer\1c2e4c5.msp
c:\windows\Installer\1eaae90.msp
c:\windows\Installer\36b4b82.msp
c:\windows\Installer\6936e0.msp
c:\windows\Installer\ce480b.msp
c:\windows\system32\drivers\18f922fc.sys
c:\windows\system32\drivers\857e0889.sys
c:\windows\system32\drivers\9204a8fb.sys
c:\windows\system32\drivers\dcf92a.sys
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\Uk2de32.exe
C:\yfkouhh.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_18f922fc
-------\Service_9204a8fb
-------\Service_glaide32
-------\Service_dcf92a
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 03:25 . 2009-08-16 03:26 17920 ----a-w- C:\lsass.exe
2009-08-16 03:01 . 2009-08-16 03:01 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-16 03:01 . 2009-08-16 03:01 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-16 03:01 . 2009-08-16 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-16 02:18 . 2009-08-16 02:18 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\AVG8
2009-08-16 02:15 . 2009-08-16 02:51 40960 ----a-w- C:\nayojmty.exe
2009-08-16 02:14 . 2009-08-16 02:17 45916 ----a-w- C:\erjjsk.exe
2009-08-16 01:46 . 2009-08-16 01:47 -------- d-----w- c:\windows\system32\NtmsData
2009-08-16 01:25 . 2009-08-16 01:55 20480 ----a-w- C:\hmicb.exe
2009-08-16 01:20 . 2009-08-16 03:23 17920 ----a-w- C:\swveoks.exe
2009-08-15 05:23 . 2009-08-16 02:15 91648 ----a-w- C:\yaewfl.exe
2009-08-15 05:22 . 2009-08-16 02:14 204635 ----a-w- C:\lyusoqm.exe
2009-08-15 05:21 . 2009-08-16 01:23 75264 --sh--r- c:\windows\mscth32.exe
2009-08-15 05:20 . 2009-08-16 02:14 91648 ----a-w- C:\jfhsanka.exe
2009-08-15 05:20 . 2009-08-16 02:14 204635 ----a-w- C:\hflqw.exe
2009-08-14 02:15 . 2009-08-14 02:15 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\teamspeak2
2009-08-14 02:14 . 2009-08-14 02:15 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-12 15:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 02:32 . 2009-08-05 02:32 272384 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-08-05 02:32 . 2009-08-05 02:32 192512 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-08-05 02:31 . 2009-08-05 02:31 258048 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-08-05 02:30 . 2009-08-05 02:30 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Acreon
2009-08-05 02:29 . 2009-08-15 13:53 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Local Settings\Application Data\._Revolution_
2009-08-02 02:41 . 2009-08-02 02:41 -------- d-----w- c:\windows\system32\x64
2009-08-02 02:37 . 2008-12-12 15:34 57344 ----a-w- c:\windows\system32\igxprd32.dll
2009-08-02 02:37 . 2008-12-12 15:34 2026604 ----a-w- c:\windows\system32\igkrng500.bin
2009-08-02 02:37 . 2008-12-12 15:33 6048768 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2009-08-02 02:37 . 2008-12-12 15:40 147456 ----a-w- c:\windows\system32\igfxCoIn_v5016.dll
2009-08-02 02:37 . 2008-12-12 15:35 3398656 ----a-w- c:\windows\system32\igxpdx32.dll
2009-08-02 02:37 . 2008-12-12 15:34 2350368 ----a-w- c:\windows\system32\igxpdv32.dll
2009-08-02 02:37 . 2008-12-12 15:34 442964 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-08-02 02:37 . 2008-12-12 15:34 181760 ----a-w- c:\windows\system32\igxpgd32.dll
2009-08-02 02:37 . 2008-12-12 15:24 2281472 ----a-w- c:\windows\system32\ig4dev32.dll
2009-08-02 02:37 . 2008-12-12 15:17 3895296 ----a-w- c:\windows\system32\ig4icd32.dll
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Local Settings\Application Data\Innovative Solutions
2009-08-02 02:16 . 2009-08-02 02:16 -------- d-----w- c:\program files\Innovative Solutions
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-08-02 01:52 . 2009-08-02 01:52 207872 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-08-02 01:49 . 2009-08-02 01:49 -------- d-----w- C:\Intel
2009-07-20 16:48 . 2009-08-07 06:28 -------- d-----w- c:\program files\World of Warcraft
2009-07-19 05:45 . 2009-07-19 05:45 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Reallusion
2009-07-17 23:26 . 2009-07-17 23:26 -------- d-----w- c:\program files\Common Files\Reallusion
2009-07-17 23:26 . 2008-09-20 05:41 37560 ----a-w- c:\windows\system32\drivers\CamSuiteVAC.sys
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:53 . 2009-04-22 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:40 . 2006-12-13 01:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 01:58 . 2008-09-10 03:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-02 01:52 . 2009-04-06 04:55 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\SystemRequirementsLab
2009-07-20 16:25 . 2008-09-25 04:15 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:05 . 2009-06-25 13:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 04:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 14:03 . 2009-07-05 17:04 -------- d-----w- c:\program files\Winferno
2009-07-06 06:24 . 2009-07-06 06:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-05 17:41 . 2009-05-29 20:48 -------- d-----w- c:\program files\PartyGaming
2009-07-05 17:13 . 2009-07-05 17:12 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Digsby
2009-07-05 17:09 . 2009-07-05 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-06-26 16:50 . 2004-08-11 23:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 04:40 . 2009-06-26 04:38 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-26 04:39 . 2009-06-26 04:39 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-26 04:39 . 2009-06-26 04:39 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-26 04:39 . 2009-06-26 04:39 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\TuneUp Software
2009-06-26 04:38 . 2009-06-26 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-26 04:38 . 2009-06-26 04:38 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-25 22:14 . 2009-06-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-25 19:57 . 2009-06-25 05:02 -------- d-----w- c:\program files\Starcraft
2009-06-25 00:39 . 2008-08-22 22:20 -------- d-----w- c:\program files\Google
2009-06-24 19:02 . 2009-06-24 19:02 -------- d-----w- c:\program files\Microsoft
2009-06-24 19:02 . 2009-06-24 19:01 -------- d-----w- c:\program files\Windows Live
2009-06-19 23:06 . 2009-06-19 18:17 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 23:06 . 2009-06-19 18:17 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\NCH Swift Sound
2009-06-19 19:41 . 2009-06-19 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-06-19 19:10 . 2008-08-29 05:09 -------- d-----w- c:\program files\Microsoft Games
2009-06-19 18:19 . 2009-06-19 18:19 -------- d-----w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Recordpad
2009-06-19 18:17 . 2009-06-19 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-19 18:17 . 2009-06-19 18:17 -------- d-----w- c:\program files\NCH Software
2009-06-16 14:36 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-11 23:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-11 23:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-11 23:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-11 23:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-11 23:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-11 23:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 14:20 . 2009-05-31 14:20 390664 ----a-w- c:\documents and settings\ALBA RODRIGUEZ\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2008-11-25 16:14 . 2008-11-25 16:14 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-25 16:14 . 2008-11-25 16:14 125840 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-11-25 16:14 . 2008-11-25 16:14 98704 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-11-25 16:14 . 2008-11-25 16:14 107848 ----a-w- c:\program files\mozilla firefox\plugins\mwmcli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"32100"="C:\swveoks.exe" [2009-08-16 17920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-8-22 49254]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Start WebEx MeetMeNow.LNK - c:\program files\Mozilla Firefox\plugins\MyWebEx\419\mwmpad.exe [2008-11-25 435528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2004-04-01 22:48 24668 ----a-w- c:\windows\system32\ckpNotify.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\BPA Symbol Editor.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\BPAAdm.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jsl\\simusrv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\olite\\msql.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\appletviewer.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\extcheck.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\HtmlConverter.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\idlj.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jar.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jarsigner.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javac.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javadoc.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javah.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javap.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\jdb.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\keytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\kinit.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\klist.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\ktab.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\native2ascii.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\orbd.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\packager.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\policytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmic.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmid.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\serialver.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\servertool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\bin\\tnameserv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jpicpl32.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jucheck.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\jusched.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\keytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\kinit.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\klist.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\ktab.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\orbd.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\policytool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\rmid.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\servertool.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\bin\\tnameserv.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\LocalServer\\jdk\\jre\\javaws\\javaws.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\orabprserverw.exe"=
"c:\\Program Files\\Oracle BPA Suite10.1.3.4\\JavaClient\\Oracle Business Process Architect.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\swveoks.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16050:TCP"= 16050:TCP:aris70_name_public
"16051:TCP"= 16051:TCP:aris70_name_private
"16052:TCP"= 16052:TCP:aris70_admin
"16053:TCP"= 16053:TCP:aris70_admin_agent
"16054:TCP"= 16054:TCP:aris70_Sybase
"16055:TCP"= 16055:TCP:aris70_local_public
"16056:TCP"= 16056:TCP:aris70_local_Sybasev
"16057:TCP"= 16057:TCP:aris70_local_private
"16058:TCP"= 16058:TCP:aris70_local_admin
"16059:TCP"= 16059:TCP:aris70_bp_service
"4500:UDP"= 4500:UDP:200.46.56.50/255.255.255.255:Enabled:IKE Keep-Alive Messages-1
"500:UDP"= 500:UDP:IKE Keep-Alive Messages-2
"3724:TCP"= 3724:TCP:*
isabled:Blizzard Downloader: 3724R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [11/10/2008 10:07 p.m. 17424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [06/25/2009 11:39 p.m. 604416]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [11/10/2008 10:07 p.m. 670128]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [07/17/2009 06:26 p.m. 37560]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [11/10/2008 10:07 p.m. 2041744]
S2 gupdate1c9c3962808ac1c;Google Update Service (gupdate1c9c3962808ac1c);c:\program files\Google\Update\GoogleUpdate.exe [04/22/2009 05:03 p.m. 133104]
S2 wowsystemcode123;Remote TCP/IP;c:\windows\System32\svchost.exe -k netsvcs [08/11/2004 06:00 p.m. 14336]
S3 avgfwdx;avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [08/15/2009 10:01 p.m. 29208]
S3 avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [08/15/2009 10:01 p.m. 29208]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [11/10/2008 10:07 p.m. 14924]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
wowsystemcode123
.
Contents of the 'Scheduled Tasks' folder
2009-08-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 20:37]
2009-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 21:53]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:03]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 22:03]
2009-08-16 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-24 13:53]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=pa&l=es&s=gen
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: oracle.com
Trusted Zone: oracleads.com
FF - ProfilePath - c:\documents and settings\ALBA RODRIGUEZ\Application Data\Mozilla\Firefox\Profiles\fsphyfa6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 22:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe
c:\windows\system32\dwwin.exe
C:\lsass.exe
.
**************************************************************************
.
Completion time: 2009-08-16 22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 03:30
Pre-Run: 15,858,831,360 bytes free
Post-Run: 16,865,198,080 bytes free
419 --- E O F --- 2009-08-13 08:08
Thank you
By the way I used Combofix before HJT.
----------------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
Do NOT run 'FIXES' before helpers have analyzed the HJT log
Last edited by a moderator:
