Computer Hope
Software => Computer viruses and spyware => Topic started by: bhouse01 on April 23, 2009, 09:35:38 PM
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/23/2009 at 04:11 PM
Application Version : 4.26.1000
Core Rules Database Version : 3860
Trace Rules Database Version: 1812
Scan type : Complete Scan
Total Scan Time : 01:06:34
Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 5775
Registry threats detected : 2
File items scanned : 61808
File threats detected : 11
Rogue.AntiSpywareXP2009
HKLM\Software\AntiSpywareXP2009
HKLM\Software\AntiSpywareXP2009#info
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Trojan.Fake-Drop/Gen
C:\WINDOWS\SYSTEM32\HXIWLGPM.DAT
C:\WINDOWS\SYSTEM32\TAACK.DAT
....................................... ............
Malwarebytes' Anti-Malware 1.36
Database version: 2035
Windows 5.1.2600 Service Pack 2
4/23/2009 11:20:18 PM
mbam-log-2009-04-23 (23-20-18).txt
Scan type: Quick Scan
Objects scanned: 88809
Time elapsed: 11 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
....................................... .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:33 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240543486865&h=5bc89190bb5ae47c4e97786b81c19e8c/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5283/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {c0f077eb-ad21-435a-9193-ed2d81e3b8c0} - (no file)
O20 - AppInit_DLLs: karna.dat?�
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: McAfee Application Installer Cleanup (0064151240469698) (0064151240469698mcinstcleanup) - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\006415~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9647 bytes
-
bhouse01 - what are you wanting us to look at? Do you have a specific question about the log?
-
paulb , dont waste his time , if you knew what it was and how to fix it you would tell him
i can see a lot of bad things taken out but an expert will put him through a lot more to help him clear the pc
bhouse01 wait for and expert to advise you
-
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware (http://en.wikipedia.org/wiki/Foistware) instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
More information: - ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
- Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.- Viewpoint
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar
- Viewpoint Experience Technology
.
----------
Download DDS by sUBs (http://www.forospyware.com/sUBs/dds) and save it to your desktop. Alternate DDS download link (http://download.bleepingcomputer.com/sUBs/dds.scr)
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2006 3:59:43 PM
System Uptime: 4/26/2009 2:10:45 PM (1 hours ago)
Motherboard: Intel Corporation | | D101GGC
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | | 3333/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 130.347 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.383 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP819: 4/3/2009 3:00:49 AM - Software Distribution Service 3.0
RP820: 4/4/2009 3:01:08 AM - Software Distribution Service 3.0
RP821: 4/5/2009 3:01:46 AM - Software Distribution Service 3.0
RP822: 4/6/2009 12:25:10 PM - Software Distribution Service 3.0
RP823: 4/7/2009 7:16:15 AM - Software Distribution Service 3.0
RP824: 4/8/2009 3:00:59 AM - Software Distribution Service 3.0
RP825: 4/9/2009 12:40:33 AM - Software Distribution Service 3.0
RP826: 4/9/2009 3:00:49 AM - Software Distribution Service 3.0
RP827: 4/10/2009 3:00:52 AM - Software Distribution Service 3.0
RP828: 4/11/2009 9:25:47 AM - Software Distribution Service 3.0
RP829: 4/12/2009 3:03:19 AM - Software Distribution Service 3.0
RP830: 4/13/2009 3:03:01 AM - Software Distribution Service 3.0
RP831: 4/14/2009 3:01:00 AM - Software Distribution Service 3.0
RP832: 4/15/2009 3:01:11 AM - Software Distribution Service 3.0
RP833: 4/16/2009 3:01:07 AM - Software Distribution Service 3.0
RP834: 4/17/2009 3:32:49 AM - Software Distribution Service 3.0
RP835: 4/17/2009 3:37:32 AM - Restore Operation
RP836: 4/18/2009 11:55:19 AM - Software Distribution Service 3.0
RP837: 4/19/2009 12:31:47 PM - Software Distribution Service 3.0
RP838: 4/20/2009 3:04:41 AM - Software Distribution Service 3.0
RP839: 4/21/2009 3:00:52 AM - Software Distribution Service 3.0
RP840: 4/22/2009 6:46:27 AM - Software Distribution Service 3.0
RP841: 4/23/2009 1:58:43 AM - Removed Google Earth.
RP842: 4/23/2009 2:10:58 AM - 4/23/09
RP843: 4/23/2009 2:54:04 AM - Installed ParetoLogic Anti-Virus PLUS.
RP844: 4/23/2009 3:00:50 AM - Software Distribution Service 3.0
RP845: 4/23/2009 3:41:21 AM - Installed AVG Free 8.5
RP846: 4/23/2009 3:44:42 AM - Removed ParetoLogic Anti-Virus PLUS.
RP847: 4/23/2009 8:20:31 AM - Avg8 Update
RP848: 4/23/2009 2:58:56 PM - Installed SUPERAntiSpyware Free Edition
RP849: 4/23/2009 11:26:08 PM - Installed Java(TM) 6 Update 13
RP850: 4/24/2009 3:00:49 AM - Software Distribution Service 3.0
RP851: 4/25/2009 3:00:45 AM - Software Distribution Service 3.0
RP852: 4/26/2009 2:06:46 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player
AIM 6
AiO_Scan_CDA
AiOSoftwareNPI
Anti-Spyware
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Authentium
AVG 8.5
Browser Address Error Redirector
BufferChm
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Diablo II
Digital Media Reader
DVD Solution
EA Network Play System
eSupportQFolder
F300
F300_Help
Fax_CDA
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Photosmart Essential
HP Software Update
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 13
LimeWire 5.1.1
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Office 97, Professional Edition
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
msxml4
NewCopy_CDA
PokerStars
ProductContextNPI
QuickTime
Readme
Recovery Software Suite eMachines
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Encoders
Sony USB Driver
Status
SUPERAntiSpyware Free Edition
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon High Speed Internet
Verizon Online DSL
Verizon PC Security Checkup
Warcraft III: All Products
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
Yahoo! Install Manager
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
4/24/2009 11:32:37 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
4/24/2009 1:44:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
4/23/2009 4:29:58 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
4/23/2009 4:29:53 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/23/2009 4:29:52 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/23/2009 2:10:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
4/22/2009 6:48:47 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB951535).
4/22/2009 6:48:42 AM, error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The system cannot find the path specified.
4/22/2009 6:48:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB959995).
4/21/2009 3:04:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB962870).
4/21/2009 3:02:19 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2003 (KB956357).
4/20/2009 4:51:42 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
==== End Of File ===========================
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:51:45.37 on Sun 04/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.48 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1SVYFJL0\dds[1].pif
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = yahoo.com
uSearch Page = yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = yahoo.com
mStart Page = yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: E&xport to Microsoft Excel
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\windows\installer\$patchcache$\managed\9040211900063d11c8ef10054038389c\11.0.5614\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240543486865&h=5bc89190bb5ae47c4e97786b81c19e8c/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5283/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: karna.dat?�
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-23 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-23 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-23 108552]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-16 213640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-23 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S2 0064151240469698mcinstcleanup;McAfee Application Installer Cleanup (0064151240469698);c:\docume~1\owner\locals~1\temp\006415~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\owner\locals~1\temp\006415~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-22 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-22 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-22 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
=============== Created Last 30 ================
==================== Find3M ====================
2009-04-23 16:27 52,220 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-23 16:27 3,818,784 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-23 16:06 262,144 a------- c:\windows\system32\wrap_oal.dll
2009-03-23 16:06 86,016 a------- c:\windows\system32\OpenAL32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-04 18:34 27,512 a------- c:\windows\DIIUnin.dat
2009-03-04 18:33 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-03-04 18:33 17,212 a------t c:\windows\system32\SIntf32.dll
2009-03-04 18:33 12,067 a------t c:\windows\system32\SIntf16.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-01 14:20 94,208 a------- c:\windows\DIIUnin.exe
2009-03-01 14:20 2,829 a------- c:\windows\DIIUnin.pif
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 06:32 2,186,112 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 05:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:49 2,062,976 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:08 55,808 a------- c:\windows\system32\secur32.dll
2008-10-22 23:01 13,123 a------- c:\docume~1\owner\applic~1\fyfacyz.bin
2008-10-22 23:01 18,576 a------- c:\docume~1\alluse~1\applic~1\paqopit.bin
2008-10-22 23:01 16,588 a------- c:\docume~1\owner\applic~1\tykidi.reg
2008-10-22 23:01 10,889 a------- c:\docume~1\owner\applic~1\epyduhuva.scr
2008-10-22 23:01 10,522 a------- c:\docume~1\alluse~1\applic~1\ozaqehiwi.sys
2008-10-22 19:48 16,301 a------- c:\docume~1\alluse~1\applic~1\adiwisosaw.com
2008-10-22 19:48 11,416 a------- c:\docume~1\alluse~1\applic~1\dakahupuh.dll
2008-10-22 19:48 11,159 a------- c:\docume~1\alluse~1\applic~1\losono.com
2008-10-22 19:45 14,463 a------- c:\docume~1\owner\applic~1\geqidira.bat
2008-10-22 19:45 14,098 a------- c:\docume~1\owner\applic~1\ojytigexa.vbs
2008-10-22 19:45 18,861 a------- c:\docume~1\alluse~1\applic~1\pihamymezy.dat
2008-10-01 21:13 4,668 a------- c:\docume~1\owner\applic~1\wklnhst.dat
============= FINISH: 15:52:51.56 ===============
-
Go to Add or Remove Programs and uninstall:
- Anti-Spyware
- Browser Address Error Redirector
- J2SE Runtime Environment 5.0 Update 2
- LiveReg (Symantec Corporation)
- LiveUpdate 1.7 (Symantec Corporation)
.
----------
Download the Norton Removal Tool (SymNRT) (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039) to your Desktop.
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
- Go to your desktop and double click on the removal tool and then click Setup.
- Once open Click Next
- Accept the license agreement and click Next
- Type in the letters/numbers that you see into the text box then click Next.
- Then click Next and the tool will start running.
- Once finished restart the PC.
- Delete Nortonremoval tool from your Desktop.
.
----------
Download the McAfee Consumer Product Removal Tool (http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html) to your Desktop.
Using McAfee Consumer Product Removal tool:
- Double click the MCPR.exe
- A Command Line window will be displayed, and then close automatically.
- Wait for a second Command Line window to be displayed.
- Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
- After the second window appears, the program will begin the cleanup.
- Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
- Press Y on the keyboard.
- Wait for the computer to restart.
- All McAfee products are now removed from your computer.
.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
McAfee Application Installer Cleanup (0064151240469698)
DDS::
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [Alcmtr] ALCMTR.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
AppInit_DLLs: karna.dat?�
Folder::
C:\Program Files\Viewpoint\Viewpoint Manager
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
ComboFix 09-04-25.A3 - Owner 04/26/2009 17:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.129 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint\Viewpoint Manager
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 20:25 . 2009-04-26 20:25 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-24 03:50 . 2001-08-17 18:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-24 03:50 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-24 03:28 . 2009-04-24 03:31 -------- d-----w c:\program files\Trend Micro
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 03:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 18:59 . 2009-04-23 18:59 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:59 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-23 18:53 . 2009-04-23 18:53 -------- d-----w c:\program files\CCleaner
2009-04-23 07:50 . 2009-04-25 08:14 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 07:41 . 2009-04-23 07:41 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 07:41 . 2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 07:41 . 2009-04-23 07:41 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 07:41 . 2009-04-26 18:09 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\program files\AVG
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-23 07:06 . 2009-04-23 20:27 3092 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-23 07:06 . 2009-04-23 20:27 21536 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-23 07:05 . 2009-04-23 07:05 3729 ----a-w C:\rollback.ini
2009-04-23 06:54 . 2009-04-23 07:45 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-23 06:54 . 2009-04-23 07:45 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-23 05:50 . 2009-04-26 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-17 07:48 . 2009-04-17 07:48 -------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2009-04-17 07:46 . 2009-04-17 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-17 07:46 . 2009-04-17 07:46 -------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-04-17 07:45 . 2009-04-17 07:47 -------- d-----w c:\program files\Yahoo!
2009-04-17 07:37 . 2009-04-17 07:37 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\TomTom
2009-04-17 06:47 . 2009-04-17 06:47 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-17 04:59 . 2009-04-17 07:38 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-16 22:28 . 2009-04-16 22:28 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Citrix
2009-04-14 19:29 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 19:29 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 19:29 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 19:29 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\documents and settings\Owner\Application Data\TomTom
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:17 . 2006-06-10 09:30 -------- d-----w c:\program files\Viewpoint
2009-04-26 19:50 . 2006-06-10 09:30 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-24 03:26 . 2006-06-10 09:25 -------- d-----w c:\program files\Java
2009-04-23 20:27 . 2008-04-21 01:28 52220 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 20:27 . 2008-04-21 01:28 3818784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 05:59 . 2006-06-10 09:21 -------- d-----w c:\program files\Google
2009-04-23 04:00 . 2008-10-24 00:04 -------- d-----w c:\program files\PokerStars
2009-04-17 07:38 . 2008-08-28 18:57 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-25 19:09 . 2009-01-13 06:40 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 12:50 . 2009-03-25 12:50 -------- d-----w c:\program files\TomTom DesktopSuite
2009-03-23 20:06 . 2009-03-23 20:06 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-23 20:06 . 2009-03-23 20:06 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-21 12:46 . 2009-03-21 12:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-17 06:10 . 2006-11-18 18:12 -------- d-----w c:\program files\Verizon
2009-03-12 03:37 . 2006-11-18 19:14 -------- d-----w c:\program files\Common Files\PestPatrol
2009-03-10 02:44 . 2006-11-23 23:39 -------- d-----w c:\program files\LimeWire
2009-03-09 09:19 . 2008-10-23 22:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2005-01-09 23:48 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 22:34 . 2009-03-01 18:20 27512 ----a-w c:\windows\DIIUnin.dat
2009-03-04 22:33 . 2008-03-19 19:29 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-04 22:33 . 2008-03-19 19:29 17212 ----atw c:\windows\system32\SIntf32.dll
2009-03-04 22:33 . 2008-03-19 19:29 12067 ----atw c:\windows\system32\SIntf16.dll
2009-03-03 00:18 . 2005-01-09 23:48 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 18:20 . 2009-03-01 18:20 2829 ----a-w c:\windows\DIIUnin.pif
2009-03-01 18:20 . 2009-03-01 18:20 94208 ----a-w c:\windows\DIIUnin.exe
2009-03-01 17:50 . 2009-01-01 02:36 -------- d-----w c:\program files\Starcraft
2009-02-20 18:09 . 2005-01-09 23:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-01-09 23:48 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-01-09 23:48 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-01-09 23:48 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-01-09 23:47 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-01-09 23:48 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2005-01-09 23:48 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-01-09 23:48 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-01-09 23:48 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 05:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-01-09 23:48 55808 ----a-w c:\windows\system32\secur32.dll
2008-10-30 23:55 . 2005-01-10 01:26 35456 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-23 03:01 . 2008-10-23 03:01 13123 ----a-w c:\documents and settings\Owner\Application Data\fyfacyz.bin
2008-10-23 03:01 . 2008-10-23 03:01 18576 ----a-w c:\documents and settings\All Users\Application Data\paqopit.bin
2008-10-23 03:01 . 2008-10-23 03:01 16588 ----a-w c:\documents and settings\Owner\Application Data\tykidi.reg
2008-10-23 03:01 . 2008-10-23 03:01 16366 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fagovazus.dll
2008-10-23 03:01 . 2008-10-23 03:01 10889 ----a-w c:\documents and settings\Owner\Application Data\epyduhuva.scr
2008-10-23 03:01 . 2008-10-23 03:01 10522 ----a-w c:\documents and settings\All Users\Application Data\ozaqehiwi.sys
2008-10-22 23:48 . 2008-10-22 23:48 16301 ----a-w c:\documents and settings\All Users\Application Data\adiwisosaw.com
2008-10-22 23:48 . 2008-10-22 23:48 12505 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\ozyvitama.dll
2008-10-22 23:48 . 2008-10-22 23:48 11416 ----a-w c:\documents and settings\All Users\Application Data\dakahupuh.dll
2008-10-22 23:48 . 2008-10-22 23:48 11159 ----a-w c:\documents and settings\All Users\Application Data\losono.com
2008-10-22 23:45 . 2008-10-22 23:45 14463 ----a-w c:\documents and settings\Owner\Application Data\geqidira.bat
2008-10-22 23:45 . 2008-10-22 23:45 14098 ----a-w c:\documents and settings\Owner\Application Data\ojytigexa.vbs
2008-10-22 23:45 . 2008-10-22 23:45 18861 ----a-w c:\documents and settings\All Users\Application Data\pihamymezy.dat
2008-10-22 23:45 . 2008-10-22 23:45 15908 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\caxyfim.sys
2008-10-02 01:13 . 2006-09-06 12:52 4668 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-04-22 05:35 . 2007-04-22 05:35 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2005-01-10 01:26 . 2006-08-31 20:00 13104 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-23 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R2 0064151240469698mcinstcleanup;McAfee Application Installer Cleanup (0064151240469698);
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-23 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262ac29a-5653-11dd-bde4-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be611e29-1937-11de-be42-00038a000015}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b20aa1-f860-11da-b187-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 05:50]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 17:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1662786125-2231174955-3555815908-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,23,b0,6f,2c,28,
ba,bc,da,e2,63,26,f1,3f,c8,ff,68,a1,a5,53,f5,cd,93,b9,84,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,29,1a,5a,8e,
9f,4e,3d,6a,9c,d6,61,af,45,84,18,49,70,8e,7f,58,97,e5,f0,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,48,f3,c6,a6,
3b,2e,63,ff,7c,85,e0,43,d4,0e,fe,c0,5f,e8,22,f4,06,ea,e8,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,01,40,f4,81,fd,
c7,53,f7,86,8c,21,01,be,91,eb,e7,e1,49,7b,83,fa,25,51,19,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,6f,3a,68,e7,6f,
56,5b,eb,f5,1d,4d,73,a8,13,5c,05,5e,e5,82,51,8a,3f,19,1f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f0,df,7a,6a,63,
d8,b3,b6,df,20,58,62,78,6b,cf,c8,0c,92,d1,70,c5,18,a4,21,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,01,66,11,04,e6,
cf,b1,4e,fb,a7,78,e6,12,2f,9a,ea,11,6f,9b,7c,d5,c5,a8,01,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f4,9c,19,1b,e0,
f4,8b,38,01,3a,48,fc,e8,04,4a,f1,2e,67,38,8a,a5,58,e0,77,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c4,9d,50,79,5e,
11,54,a5,f6,0f,4e,58,98,5b,89,c9,8d,7e,f3,4e,c3,63,a1,10,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a0,18,4e,0f,59,
5f,1f,65,3d,ce,ea,26,2d,45,aa,78,9c,3e,b1,1d,42,b9,63,95,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,58,a1,57,e9,a2,
9f,3d,b2,2a,b7,cc,b5,b9,7f,41,e7,0e,56,11,9a,1c,8a,c3,92,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,87,42,28,80,69,
30,b7,fa,6c,43,2d,1e,aa,22,2f,9c,2f,a7,58,24,4f,cd,34,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-04-26 17:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 21:26
Pre-Run: 139,824,803,840 bytes free
Post-Run: 140,016,504,832 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
305 --- E O F --- 2009-04-25 07:03
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
0064151240469698mcinstcleanup
McAfee Application Installer Cleanup (0064151240469698)
DDS::
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
Folder::
c:\program files\Common Files\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic
RegLockDel::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
ComboFix 09-04-25.A3 - Owner 04/26/2009 18:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.127 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\program files\Common Files\ParetoLogic
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_0064151240469698MCINSTCLEANUP
-------\Service_0064151240469698mcinstcleanup
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 20:25 . 2009-04-26 20:25 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-24 03:50 . 2001-08-17 18:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-24 03:50 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-24 03:28 . 2009-04-24 03:31 -------- d-----w c:\program files\Trend Micro
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 03:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 18:59 . 2009-04-23 18:59 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:59 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-23 18:53 . 2009-04-23 18:53 -------- d-----w c:\program files\CCleaner
2009-04-23 07:50 . 2009-04-25 08:14 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 07:41 . 2009-04-23 07:41 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 07:41 . 2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 07:41 . 2009-04-23 07:41 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 07:41 . 2009-04-26 18:09 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\program files\AVG
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-23 07:06 . 2009-04-23 20:27 3092 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-23 07:06 . 2009-04-23 20:27 21536 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-23 07:05 . 2009-04-23 07:05 3729 ----a-w C:\rollback.ini
2009-04-23 05:50 . 2009-04-26 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-17 07:48 . 2009-04-17 07:48 -------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2009-04-17 07:46 . 2009-04-17 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-17 07:46 . 2009-04-17 07:46 -------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-04-17 07:45 . 2009-04-17 07:47 -------- d-----w c:\program files\Yahoo!
2009-04-17 07:37 . 2009-04-17 07:37 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\TomTom
2009-04-17 06:47 . 2009-04-17 06:47 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-17 04:59 . 2009-04-17 07:38 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-16 22:28 . 2009-04-16 22:28 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Citrix
2009-04-14 19:29 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 19:29 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 19:29 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 19:29 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\documents and settings\Owner\Application Data\TomTom
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:17 . 2006-06-10 09:30 -------- d-----w c:\program files\Viewpoint
2009-04-26 19:50 . 2006-06-10 09:30 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-24 03:26 . 2006-06-10 09:25 -------- d-----w c:\program files\Java
2009-04-23 20:27 . 2008-04-21 01:28 52220 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 20:27 . 2008-04-21 01:28 3818784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 05:59 . 2006-06-10 09:21 -------- d-----w c:\program files\Google
2009-04-23 04:00 . 2008-10-24 00:04 -------- d-----w c:\program files\PokerStars
2009-04-17 07:38 . 2008-08-28 18:57 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-25 19:09 . 2009-01-13 06:40 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 12:50 . 2009-03-25 12:50 -------- d-----w c:\program files\TomTom DesktopSuite
2009-03-23 20:06 . 2009-03-23 20:06 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-23 20:06 . 2009-03-23 20:06 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-21 12:46 . 2009-03-21 12:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-17 06:10 . 2006-11-18 18:12 -------- d-----w c:\program files\Verizon
2009-03-12 03:37 . 2006-11-18 19:14 -------- d-----w c:\program files\Common Files\PestPatrol
2009-03-10 02:44 . 2006-11-23 23:39 -------- d-----w c:\program files\LimeWire
2009-03-09 09:19 . 2008-10-23 22:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2005-01-09 23:48 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 22:34 . 2009-03-01 18:20 27512 ----a-w c:\windows\DIIUnin.dat
2009-03-04 22:33 . 2008-03-19 19:29 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-04 22:33 . 2008-03-19 19:29 17212 ----atw c:\windows\system32\SIntf32.dll
2009-03-04 22:33 . 2008-03-19 19:29 12067 ----atw c:\windows\system32\SIntf16.dll
2009-03-03 00:18 . 2005-01-09 23:48 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 18:20 . 2009-03-01 18:20 2829 ----a-w c:\windows\DIIUnin.pif
2009-03-01 18:20 . 2009-03-01 18:20 94208 ----a-w c:\windows\DIIUnin.exe
2009-03-01 17:50 . 2009-01-01 02:36 -------- d-----w c:\program files\Starcraft
2009-02-20 18:09 . 2005-01-09 23:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-01-09 23:48 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-01-09 23:48 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-01-09 23:48 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-01-09 23:47 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-01-09 23:48 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2005-01-09 23:48 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-01-09 23:48 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-01-09 23:48 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 05:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-01-09 23:48 55808 ----a-w c:\windows\system32\secur32.dll
2008-10-30 23:55 . 2005-01-10 01:26 35456 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-23 03:01 . 2008-10-23 03:01 13123 ----a-w c:\documents and settings\Owner\Application Data\fyfacyz.bin
2008-10-23 03:01 . 2008-10-23 03:01 18576 ----a-w c:\documents and settings\All Users\Application Data\paqopit.bin
2008-10-23 03:01 . 2008-10-23 03:01 16588 ----a-w c:\documents and settings\Owner\Application Data\tykidi.reg
2008-10-23 03:01 . 2008-10-23 03:01 16366 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fagovazus.dll
2008-10-23 03:01 . 2008-10-23 03:01 10889 ----a-w c:\documents and settings\Owner\Application Data\epyduhuva.scr
2008-10-23 03:01 . 2008-10-23 03:01 10522 ----a-w c:\documents and settings\All Users\Application Data\ozaqehiwi.sys
2008-10-22 23:48 . 2008-10-22 23:48 16301 ----a-w c:\documents and settings\All Users\Application Data\adiwisosaw.com
2008-10-22 23:48 . 2008-10-22 23:48 12505 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\ozyvitama.dll
2008-10-22 23:48 . 2008-10-22 23:48 11416 ----a-w c:\documents and settings\All Users\Application Data\dakahupuh.dll
2008-10-22 23:48 . 2008-10-22 23:48 11159 ----a-w c:\documents and settings\All Users\Application Data\losono.com
2008-10-22 23:45 . 2008-10-22 23:45 14463 ----a-w c:\documents and settings\Owner\Application Data\geqidira.bat
2008-10-22 23:45 . 2008-10-22 23:45 14098 ----a-w c:\documents and settings\Owner\Application Data\ojytigexa.vbs
2008-10-22 23:45 . 2008-10-22 23:45 18861 ----a-w c:\documents and settings\All Users\Application Data\pihamymezy.dat
2008-10-22 23:45 . 2008-10-22 23:45 15908 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\caxyfim.sys
2008-10-02 01:13 . 2006-09-06 12:52 4668 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-04-22 05:35 . 2007-04-22 05:35 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2005-01-10 01:26 . 2006-08-31 20:00 13104 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_21.23.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 22:32 . 2009-04-26 22:32 16384 c:\windows\temp\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-23 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-23 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262ac29a-5653-11dd-bde4-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be611e29-1937-11de-be42-00038a000015}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b20aa1-f860-11da-b187-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 05:50]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 18:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1662786125-2231174955-3555815908-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,23,b0,6f,2c,28,
ba,bc,da,e2,63,26,f1,3f,c8,ff,68,a1,a5,53,f5,cd,93,b9,84,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,29,1a,5a,8e,
9f,4e,3d,6a,9c,d6,61,af,45,84,18,49,70,8e,7f,58,97,e5,f0,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,48,f3,c6,a6,
3b,2e,63,ff,7c,85,e0,43,d4,0e,fe,c0,5f,e8,22,f4,06,ea,e8,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,01,40,f4,81,fd,
c7,53,f7,86,8c,21,01,be,91,eb,e7,e1,49,7b,83,fa,25,51,19,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,6f,3a,68,e7,6f,
56,5b,eb,f5,1d,4d,73,a8,13,5c,05,5e,e5,82,51,8a,3f,19,1f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f0,df,7a,6a,63,
d8,b3,b6,df,20,58,62,78,6b,cf,c8,0c,92,d1,70,c5,18,a4,21,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,01,66,11,04,e6,
cf,b1,4e,fb,a7,78,e6,12,2f,9a,ea,11,6f,9b,7c,d5,c5,a8,01,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f4,9c,19,1b,e0,
f4,8b,38,01,3a,48,fc,e8,04,4a,f1,2e,67,38,8a,a5,58,e0,77,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c4,9d,50,79,5e,
11,54,a5,f6,0f,4e,58,98,5b,89,c9,8d,7e,f3,4e,c3,63,a1,10,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a0,18,4e,0f,59,
5f,1f,65,3d,ce,ea,26,2d,45,aa,78,9c,3e,b1,1d,42,b9,63,95,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,58,a1,57,e9,a2,
9f,3d,b2,2a,b7,cc,b5,b9,7f,41,e7,0e,56,11,9a,1c,8a,c3,92,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,87,42,28,80,69,
30,b7,fa,6c,43,2d,1e,aa,22,2f,9c,2f,a7,58,24,4f,cd,34,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-04-26 18:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 22:36
ComboFix2.txt 2009-04-26 21:26
Pre-Run: 139,987,521,536 bytes free
Post-Run: 139,986,186,240 bytes free
296 --- E O F --- 2009-04-25 07:03
-
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Use the
ESET Online Antivirus Scanner (http://www.eset.com/onlinescan/index.php)
This scanner requires Internet Explorer
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
-
As I am running the scan, it stops on the same folder every time, not necessarily the same file, but the same folder. Should I attach a print screen? Also, every time I try to remove the J2SE Runtime Environment 5.0 Update 2 it says there is a fatal error should I print screen that too so you can look at it?
-
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4037 (20090427)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=e71cac362cc42a46a7df4d279e27cc23
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-27 07:47:22
# local_time=2009-04-27 03:47:22 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=335747
# found=0
# scan_time=3986
-
Download JavaRa (http://www.majorgeeks.com/JavaRa_d5967.html)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
- Delete the JavaRa files from the Desktop
.
----------
Delete temporary files
Go to:
- Start
- Run
- type: CLEANMGR.EXE
- Press Enter.
When prompted select the C: drive and click OK.
Check the boxes for:- Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
.
Click OK or Enter
----------
Now try the Java update again.
-
thanks java is gone now..... is there anything else i need?
-
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.
-
alright, thanks for all the time you have spent helping me!!!