Jump to content
Sign in to follow this  
dickster

As per instructions from Jacee(Resolved)

Recommended Posts

I have a problem with problems caused by Windows Antivirus Pro.

 

http://forums.pcpitstop.com/index.php?show...172142&st=0

 

I'm including the 2 log files from DDS.

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by iamphil at 18:45:28.57 on Wed 09/02/2009

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2738 [GMT -7:00]

 

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Folding@home\Folding@home-gpu\Folding@home.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe

C:\Documents and Settings\iamphil\Application Data\Folding@home-x86\FahCore_78.exe

C:\Documents and Settings\iamphil\Application Data\Folding@home-gpu\FahCore_11.exe

D:\down\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = forums.pcpitstop.com/index.php?

uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/anti-virus/uninstall/

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [iObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe

StartupFolder: c:\docume~1\iamphil\startm~1\programs\startup\foldin~1.lnk - c:\docume~1\iamphil\applic~1\microsoft\installer\{4aa947a0-0ba8-4065-b8ee-29c6da9661ee}\_41346D1BD9E98636678C85.exe

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249652376531

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\iamphil\applic~1\mozilla\firefox\profiles\52tptwi0.default\

FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/index.php?

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-11 12552]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-8-12 40560]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-11 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-11 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-11 108552]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]

R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-1 305936]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-6 1057024]

S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]

S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]

 

=============== Created Last 30 ================

 

2009-09-02 05:21 <DIR> --d----- c:\program files\Enigma Software Group

2009-09-01 23:20 389,120 a------- c:\windows\system32\CF7427.exe

2009-09-01 22:43 <DIR> a-dshr-- C:\cmdcons

2009-09-01 22:41 229,376 a------- c:\windows\PEV.exe

2009-09-01 22:41 161,792 a------- c:\windows\SWREG.exe

2009-09-01 22:41 98,816 a------- c:\windows\sed.exe

2009-09-01 22:41 389,120 a------- c:\windows\system32\CF31127.exe

2009-09-01 22:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-01 22:17 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-09-01 22:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-01 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit

2009-09-01 22:06 <DIR> --d----- c:\program files\IObit

2009-09-01 20:36 <DIR> --d----- c:\documents and settings\iamphil\DoctorWeb

2009-09-01 19:41 <DIR> --d----- c:\program files\Trend Micro

2009-09-01 18:09 7,680 a------- c:\windows\system32\drivers\RKL1A90.tmp.sys

2009-09-01 08:49 352 a---h--- c:\windows\nod32fixtemdono.reg

2009-09-01 08:44 <DIR> --d----- c:\program files\ESET

2009-09-01 08:32 157,712 a------- c:\windows\system32\drivers\tmcomm.sys

2009-09-01 07:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-09-01 07:41 <DIR> --d----- c:\docume~1\iamphil\applic~1\SUPERAntiSpyware.com

2009-08-31 19:04 <DIR> --d----- c:\program files\a-squared Anti-Malware

2009-08-28 04:34 120 a------- c:\windows\Vrufobunitoba.dat

2009-08-27 18:29 <DIR> --d----- C:\SIERRA

2009-08-27 18:29 <DIR> --d----- c:\program files\WON

2009-08-27 18:29 <DIR> --d----- c:\program files\Sierra On-Line

2009-08-27 18:29 433 a------- c:\windows\SIERRA.INI

2009-08-27 18:29 327,168 a------- c:\windows\IsUninst.exe

2009-08-26 19:44 <DIR> --d----- c:\program files\ieSpell

2009-08-26 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure

2009-08-26 16:34 <DIR> --d----- c:\program files\Panda Security

2009-08-26 10:46 <DIR> --d----- c:\docume~1\iamphil\applic~1\Malwarebytes

2009-08-26 10:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-26 08:40 <DIR> --d----- c:\docume~1\iamphil\applic~1\URSoft

2009-08-26 08:40 <DIR> --d----- c:\program files\Your Uninstaller 2008

2009-08-26 07:14 1,013 a------- c:\windows\test.html

2009-08-26 07:13 108,336 a------- c:\windows\system32\MSWINSCK.OCX

2009-08-26 06:26 <DIR> --d----- c:\windows\Downloaded Installations

2009-08-26 00:45 <DIR> --d----- c:\docume~1\iamphil\applic~1\JLC's Software

2009-08-20 18:38 <DIR> --d----- c:\program files\ffdshow

2009-08-20 18:22 <DIR> --d----- c:\windows\system32\LogFiles

2009-08-19 01:05 <DIR> --d----- c:\program files\Philips

2009-08-18 20:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-08-18 20:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-08-15 11:30 42 a------- c:\windows\system32\Jiii_PNUCT.pnc

2009-08-15 11:30 42 a------- c:\windows\system32\AK083E209605E394C.lie

2009-08-13 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\redistpart

2009-08-13 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\createpart

2009-08-13 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\launcher

2009-08-13 18:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\explauncher

2009-08-12 23:23 <DIR> --d----- c:\program files\RivaTuner v2.24

2009-08-12 23:22 <DIR> --d-h--- c:\windows\PIF

2009-08-12 20:01 40,560 a------- c:\windows\system32\drivers\hotcore3.sys

2009-08-12 20:00 <DIR> --d----- c:\program files\Paragon Software

2009-08-12 18:14 <DIR> --d----- c:\docume~1\iamphil\applic~1\MailWasherPro

2009-08-12 18:14 <DIR> --d----- c:\program files\FireTrust

2009-08-12 08:12 <DIR> --d----- c:\program files\VideoLAN

2009-08-12 01:43 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

2009-08-12 01:43 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

2009-08-11 23:22 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-08-11 23:22 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys

2009-08-11 23:22 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-11 23:22 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-11 23:22 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-08-11 23:22 <DIR> --d----- c:\program files\AVG

2009-08-11 23:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8

2009-08-11 19:11 <DIR> --d----- c:\program files\DAMN NFO Viewer

2009-08-11 18:08 <DIR> --d----- c:\program files\uTorrent

2009-08-11 18:08 <DIR> --d----- c:\docume~1\iamphil\applic~1\uTorrent

2009-08-08 11:18 <DIR> --d----- c:\docume~1\iamphil\applic~1\Goodsol

2009-08-08 11:17 <DIR> --d----- c:\program files\goodsol

2009-08-08 11:15 <DIR> --d----- c:\program files\Mahjong The Endless Journey

2009-08-08 11:14 <DIR> --d----- c:\program files\ReflexiveArcade

2009-08-08 02:15 <DIR> --d----- c:\docume~1\iamphil\applic~1\Auslogics

2009-08-08 02:13 <DIR> --d----- c:\program files\Auslogics

2009-08-08 00:24 <DIR> --d----- c:\docume~1\iamphil\applic~1\Folding@home-gpu

2009-08-08 00:22 <DIR> --d----- c:\program files\Folding@home

2009-08-08 00:22 <DIR> --d----- c:\docume~1\iamphil\applic~1\Folding@home-x86

2009-08-08 00:17 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

2009-08-08 00:03 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-07 11:44 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-07 11:44 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-07 11:44 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-07 11:44 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-07 11:44 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-07 11:44 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-07 11:44 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-07 11:20 <DIR> --d----- c:\windows\system32\scripting

2009-08-07 11:20 <DIR> --d----- c:\windows\system32\en

2009-08-07 11:20 <DIR> --d----- c:\windows\l2schemas

2009-08-07 11:20 <DIR> --d----- c:\windows\system32\bits

2009-08-07 11:19 <DIR> --d----- c:\windows\ServicePackFiles

2009-08-07 11:17 <DIR> --d----- c:\windows\network diagnostic

2009-08-07 11:09 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys

2009-08-07 10:55 <DIR> --d----- c:\program files\Microsoft LifeCam

2009-08-07 10:54 <DIR> --d----- c:\windows\RegisteredPackages

2009-08-07 10:54 2,297,552 a------- c:\windows\system32\d3dx9_26.dll

2009-08-07 10:31 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-08-07 10:31 272,128 -------- c:\windows\system32\drivers\bthport.sys

2009-08-07 10:30 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2009-08-07 10:29 200,819 a------- c:\windows\system32\nvapps.xml

2009-08-07 10:29 <DIR> --d----- c:\windows\nview

2009-08-07 10:29 453,152 a------- c:\windows\system32\nvudisp.exe

2009-08-07 10:29 18,477 a------- c:\windows\system32\nvdisp.nvu

2009-08-07 10:28 453,152 a------- c:\windows\system32\NVUNINST.EXE

2009-08-07 10:27 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-08-07 10:27 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-08-07 10:27 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-08-07 10:27 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-08-07 10:26 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-08-07 10:26 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

2009-08-07 10:26 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-08-07 10:23 <DIR> --d----- c:\windows\pss

2009-08-07 10:22 60,032 a------- c:\windows\system32\drivers\usbaudio.sys

2009-08-07 10:21 26,496 a------- c:\windows\system32\drivers\SET6.tmp

2009-08-07 10:21 26,496 -------- c:\windows\system32\drivers\SET7.tmp

2009-08-07 10:21 26,496 a------- c:\windows\system32\drivers\SET4.tmp

2009-08-07 10:21 26,496 -------- c:\windows\system32\drivers\SET5.tmp

2009-08-07 10:21 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

2009-08-07 06:42 <DIR> --d----- c:\windows\system32\PreInstall

2009-08-07 06:42 <DIR> --d-h--- c:\windows\$hf_mig$

2009-08-07 06:39 31,768 a------- c:\windows\system32\wucltui.dll.mui

2009-08-07 06:39 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui

2009-08-07 06:39 23,576 a------- c:\windows\system32\wuapi.dll.mui

2009-08-07 06:39 18,456 a------- c:\windows\system32\wuaueng.dll.mui

2009-08-07 06:39 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-08-07 06:39 <DIR> --ds---- c:\documents and settings\iamphil\UserData

2009-08-07 06:24 <DIR> --d----- c:\program files\Lavalys

2009-08-07 06:22 499,712 a------- c:\windows\system32\msvcp71.dll

2009-08-07 06:22 348,160 a------- c:\windows\system32\msvcr71.dll

2009-08-07 06:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools

2009-08-07 06:19 13,646 a------- c:\windows\system32\wpa.bak

2009-08-06 23:07 115,328 a----r-- c:\windows\system32\drivers\Rtenicxp.sys

2009-08-06 23:07 9,728 a----r-- c:\windows\system32\RtNicProp32.dll

2009-08-06 23:07 <DIR> --d----- c:\windows\OPTIONS

2009-08-06 23:07 <DIR> --d----- c:\program files\Realtek

2009-08-06 23:03 <DIR> --d----- c:\program files\VIA

2009-08-06 23:03 331,184 -------- c:\windows\system32\difxapi.dll

2009-08-06 23:03 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys

2009-08-06 23:02 28,099 a------- c:\windows\Ascd_tmp.ini

2009-08-06 23:02 10,296 a------- c:\windows\system32\drivers\ASUSHWIO.SYS

2009-08-06 22:59 <DIR> --d----- c:\documents and settings\iamphil

2009-08-06 22:58 <DIR> --ds---- c:\windows\system32\Microsoft

2009-08-06 22:57 8,192 a------- c:\windows\REGLOCS.OLD

2009-08-06 22:54 57,856 ac------ c:\windows\system32\dllcache\EXCH_scripto.dll

2009-08-06 22:53 189,986 ac------ c:\windows\system32\dllcache\c_1361.nls

2009-08-06 22:52 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-08-06 22:52 488 a---hr-- c:\windows\system32\WindowsLogon.manifest

2009-08-06 22:52 488 a---hr-- c:\windows\system32\logonui.exe.manifest

2009-08-06 22:52 <DIR> --ds---- c:\windows\Downloaded Program Files

2009-08-06 22:52 <DIR> --d--r-- c:\windows\Offline Web Pages

2009-08-06 22:52 749 a---hr-- c:\windows\WindowsShell.Manifest

2009-08-06 22:52 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest

2009-08-06 22:52 749 a---hr-- c:\windows\system32\sapi.cpl.manifest

2009-08-06 22:52 749 a---hr-- c:\windows\system32\nwc.cpl.manifest

2009-08-06 22:52 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest

2009-08-06 22:52 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest

2009-08-06 22:52 <DIR> --d-h--- c:\program files\WindowsUpdate

2009-08-06 22:52 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex

2009-08-06 22:52 <DIR> --d----- c:\windows\system32\DirectX

2009-08-06 22:51 <DIR> --d----- c:\program files\common files\MSSoap

2009-08-06 22:50 <DIR> --d----- c:\program files\Online Services

2009-08-06 22:50 <DIR> --d----- c:\program files\Messenger

2009-08-06 22:50 <DIR> --d----- c:\program files\MSN Gaming Zone

2009-08-06 22:49 <DIR> --d----- c:\program files\Windows NT

2009-08-06 21:15 <DIR> --d----- c:\program files\Ulead Systems

2009-08-06 21:10 <DIR> --d----- c:\program files\ASUS

2009-08-06 21:10 <DIR> --d----- c:\program files\AMD

2009-08-06 03:42 <DIR> --d----- c:\program files\common files\ODBC

2009-08-06 03:42 <DIR> --d----- c:\program files\common files\SpeechEngines

2009-08-06 03:41 <DIR> --d--r-- c:\documents and settings\all users\Documents

 

==================== Find3M ====================

 

2009-09-01 22:43 56,320 a------- c:\windows\system32\eventlog.dll

2009-08-06 22:50 21,640 a------- c:\windows\system32\emptyregdb.dat

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-04 18:56 4,248,840 a------- c:\windows\system32\qtp-mt334.dll

2009-08-04 18:56 248,584 a------- c:\windows\system32\prgiso.dll

2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll

2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll

2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll

 

============= FINISH: 18:45:46.76 ===============

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/6/2009 10:55:22 PM

System Uptime: 9/2/2009 5:46:34 AM (13 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | M3A76-CM

Processor: AMD Athlon Dual Core Processor 5050e | AM2 | 2600/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 78 GiB total, 70.702 GiB free.

D: is FIXED (NTFS) - 220 GiB total, 218.278 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 932 GiB total, 453.954 GiB free.

J: is FIXED (NTFS) - 373 GiB total, 372.511 GiB free.

W: is Removable

X: is Removable

Y: is Removable

Z: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: PCI Device

Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_82EA1043&REV_00\3&267A616A&0&A2

Manufacturer:

Name: PCI Device

PNP Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_82EA1043&REV_00\3&267A616A&0&A2

Service: HDAudBus

 

Class GUID:

Description:

Device ID: ROOT\LEGACY_BEEP\XX_KBIWKMUNUSWFNY_XX

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BEEP\XX_KBIWKMUNUSWFNY_XX

Service: kbiwkmunuswfny

 

==== System Restore Points ===================

 

RP1: 9/1/2009 11:17:48 PM - System Checkpoint

RP2: 9/2/2009 5:17:29 AM - Installed Windows XP KB969897.

 

==== Installed Programs ======================

 

µTorrent

Adobe Reader 8.1.3

AMD Processor Driver

ASUSUpdate

AusLogics BoostSpeed

Cool & Quiet

ESET NOD32 Antivirus

EVEREST Home Edition v2.20

Folding@home-gpu

Folding@home-x86

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hoyle Mahjong Tiles

ieSpell

ImgBurn

IObit Security 360 RC

Mahjong The Endless Journey

MailWasher Pro

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft LifeCam

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.5.2)

NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)

NVIDIA Drivers

NVIDIA PhysX v8.09.04

Opera 9.64

Paragon Partition Manager™ 9.5 Professional

PC Probe II

Platform

Pretty Good Solitaire version 9.1.0

REALTEK GbE & FE Ethernet PCI-E NIC Driver

RivaTuner v2.24

SA30xx Device Manager

SA30xx Media Converter

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

VIA Platform Device Manager

VLC media player 0.9.9

WebFldrs XP

Winamp

Windows Defender

Windows XP Service Pack 3

WinRAR archiver

WinZip 11.1

Your Uninstaller! 2008 Version 6.0

 

==== Event Viewer Messages From Past Week ========

 

9/1/2009 9:15:21 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied.

9/1/2009 9:15:06 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

9/1/2009 8:52:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

9/1/2009 8:52:15 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/1/2009 8:17:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AsIO AvgLdx86 AvgMfx86 Fips pavboot SASDIFSV SASKUTIL

9/1/2009 7:52:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

9/1/2009 7:52:07 PM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3221684350 (0xC007007E).

9/1/2009 7:52:07 PM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.

9/1/2009 7:50:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/1/2009 7:41:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

9/1/2009 7:38:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 AsIO AvgLdx86 AvgMfx86 easdrv Fips SASDIFSV SASKUTIL

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpns.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.4503.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\npwmsdrm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.4503.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\npdsplay.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 3.0.2.629.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\npdrmv2.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.4503.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mplayer2.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.4.9.1126.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\migrate.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.0.4503.

9/1/2009 7:31:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\custsat.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 9.0.2600.5512.

9/1/2009 5:28:18 PM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).

9/1/2009 5:28:17 PM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

9/1/2009 10:49:37 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

9/1/2009 10:46:11 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

9/1/2009 10:46:11 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.

9/1/2009 10:46:09 PM, error: SRService [104] - The System Restore initialization process failed.

9/1/2009 10:43:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

8/31/2009 6:40:37 PM, error: Service Control Manager [7034] - The AntipyProex service terminated unexpectedly. It has done this 1 time(s).

8/31/2009 3:22:38 PM, information: Windows File Protection [64007] - The protected system file eventlog.dll could not be verified as valid because the file was in use. Use the SFC utility to verify the integrity of the file at a later time.

 

==== End Of File ===========================

 

 

Thanks for any help. :)

Share this post


Link to post
Share on other sites

Hi dickster

 

I see 2 antivirus

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

......need to get this widdled down to 1 please.

 

 

 

If you have downloaded and used ComboFix, please delete now.

 

Download a fresh copy

 

Download Combofix© by sUBs from any of the links below. You must rename it before saving it.

 

 

name ComboFix.exe to a ComboFix.com

 

Save it to your desktop.

 

Link 1

Link 2

 

 

 

Posted Image

 

 

Posted Image

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)

http://www.bleepingcomputer.com/forums/topic114351.html

 

Please leave the flash drive plugged in while completing the following.

 

Double click on Combo-Fix.exe & follow the prompts.

 

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

 

Posted Image

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

Posted Image

 

 

No Validation is Required.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

 

 

** Please Note:

At times ComboFix may appear to stall, please be patient.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Please only run the tool once, ty.

 

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.

Don't select to run the Recovery Console as we don't need it.

By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Edited by Juliet

Share this post


Link to post
Share on other sites

My combofix log as requested. I still can't run HJT to post that log here. I uninstalled AGV but what you see was left behind. I don't have to .exe file to reinstall, and can't get it to stop running.

 

ComboFix 09-09-02.02 - iamphil 09/03/2009 8:18.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2632 [GMT -7:00]

Running from: c:\documents and settings\iamphil\Desktop\ComboFix.com

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))

.

 

2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:\program files\Enigma Software Group

2009-09-02 05:17 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-02 05:17 . 2009-09-02 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-02 05:17 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\program files\IObit

2009-09-02 04:14 . 2009-09-02 04:14 -------- d-----w- c:\program files\Windows Defender

2009-09-02 03:36 . 2009-09-02 03:36 -------- d-----w- c:\documents and settings\iamphil\DoctorWeb

2009-09-02 02:41 . 2009-09-02 02:41 -------- d-----w- c:\program files\Trend Micro

2009-09-02 01:09 . 2009-09-02 01:09 7680 ----a-w- c:\windows\system32\drivers\RKL1A90.tmp.sys

2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\ESET

2009-09-01 15:58 . 2009-09-01 15:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-09-01 15:49 . 2008-01-07 21:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\program files\ESET

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-09-01 15:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-01 15:26 . 2009-09-01 15:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-01 15:20 . 2009-09-01 15:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera

2009-09-01 15:19 . 2009-09-01 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-01 14:41 . 2009-09-01 14:42 117760 ----a-w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com

2009-09-01 02:04 . 2009-09-01 16:31 -------- d-----w- c:\program files\a-squared Anti-Malware

2009-08-28 17:09 . 2009-08-28 17:09 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Opera

2009-08-28 17:08 . 2009-08-28 17:08 -------- d-----w- c:\program files\Opera

2009-08-28 11:34 . 2009-08-28 11:34 120 ----a-w- c:\windows\Vrufobunitoba.dat

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- C:\SIERRA

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\WON

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\Sierra On-Line

2009-08-28 01:29 . 1998-10-03 02:00 327168 ----a-w- c:\windows\IsUninst.exe

2009-08-28 01:13 . 2009-08-28 01:13 -------- d-----w- c:\documents and settings\iamphil\Application Data\Ulead Systems

2009-08-27 02:44 . 2009-08-27 02:44 -------- d-----w- c:\program files\ieSpell

2009-08-26 23:55 . 2009-08-26 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-08-26 23:34 . 2009-09-02 02:28 -------- d-----w- c:\program files\Panda Security

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\iamphil\Application Data\Malwarebytes

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\documents and settings\iamphil\Application Data\URSoft

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\program files\Your Uninstaller 2008

2009-08-26 13:26 . 2009-08-26 13:26 -------- d-----w- c:\windows\Downloaded Installations

2009-08-26 07:45 . 2009-08-26 15:43 -------- d-----w- c:\documents and settings\iamphil\Application Data\JLC's Software

2009-08-25 00:18 . 2009-08-25 00:18 1656832 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_a0.exe

2009-08-25 00:18 . 2009-08-25 00:18 1382280 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\libfftw3f-3.dll

2009-08-21 01:38 . 2009-08-26 15:42 -------- d-----w- c:\program files\ffdshow

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\LogFiles

2009-08-19 03:07 . 2009-08-19 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 03:07 . 2009-08-19 03:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-14 01:43 . 2009-08-14 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\redistpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\createpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher

2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\program files\RivaTuner v2.24

2009-08-13 06:22 . 2009-08-31 22:21 -------- d--h--w- c:\windows\PIF

2009-08-13 03:01 . 2009-08-05 01:56 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2009-08-13 03:00 . 2009-08-13 03:00 -------- d-----w- c:\program files\Paragon Software

2009-08-13 01:17 . 2009-08-13 01:17 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Identities

2009-08-13 01:14 . 2009-08-26 13:21 -------- d-----w- c:\documents and settings\iamphil\Application Data\MailWasherPro

2009-08-13 01:14 . 2009-08-13 01:14 -------- d-----w- c:\program files\FireTrust

2009-08-12 15:15 . 2009-08-12 15:15 -------- d-----w- c:\documents and settings\iamphil\Application Data\vlc

2009-08-12 15:12 . 2009-08-12 15:12 -------- d-----w- c:\program files\VideoLAN

2009-08-12 13:47 . 2009-08-12 13:47 0 ----a-w- c:\windows\nsreg.dat

2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Mozilla

2009-08-12 08:43 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 06:22 . 2009-08-12 06:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-12 06:22 . 2009-08-12 06:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-12 06:22 . 2009-08-12 06:27 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-08-12 06:22 . 2009-08-12 06:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-12 06:22 . 2009-08-12 06:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-12 06:22 . 2009-09-01 13:51 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-12 06:22 . 2009-08-12 06:22 -------- d-----w- c:\program files\AVG

2009-08-12 06:22 . 2009-09-01 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\ImgBurn

2009-08-12 02:11 . 2009-08-12 02:11 -------- d-----w- c:\program files\DAMN NFO Viewer

2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\program files\uTorrent

2009-08-12 01:08 . 2009-08-26 15:39 -------- d-----w- c:\documents and settings\iamphil\Application Data\uTorrent

2009-08-09 04:55 . 2009-08-09 04:55 1843200 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_11.exe

2009-08-08 18:18 . 2009-08-08 18:18 -------- d-----w- c:\documents and settings\iamphil\Application Data\Goodsol

2009-08-08 18:17 . 2009-08-08 18:17 -------- d-----w- c:\program files\goodsol

2009-08-08 18:15 . 2009-08-08 18:16 -------- d-----w- c:\program files\Mahjong The Endless Journey

2009-08-08 18:14 . 2009-08-08 18:14 -------- d-----w- c:\program files\ReflexiveArcade

2009-08-08 09:15 . 2009-08-26 23:14 -------- d-----w- c:\documents and settings\iamphil\Application Data\Auslogics

2009-08-08 09:13 . 2009-08-08 09:13 -------- d-----w- c:\program files\Auslogics

2009-08-08 07:25 . 2009-08-08 07:25 1298432 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_14.exe

2009-08-08 07:24 . 2009-09-02 05:57 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe

2009-08-08 07:24 . 2009-08-18 23:48 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_5429DBF727E2384037BDE1.exe

2009-08-08 07:24 . 2009-08-08 07:24 2338816 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_78.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe

2009-08-08 07:22 . 2009-08-08 07:22 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe

2009-08-08 07:22 . 2009-09-01 02:49 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-x86

2009-08-08 07:22 . 2009-08-08 07:24 -------- d-----w- c:\program files\Folding@home

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\MSBuild

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\Reference Assemblies

2009-08-07 18:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-07 18:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\scripting

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\en

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\l2schemas

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\bits

2009-08-07 18:19 . 2009-08-07 18:21 -------- d-----w- c:\windows\ServicePackFiles

2009-08-07 18:09 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2009-08-07 17:55 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys

2009-08-07 17:55 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys

2009-08-07 17:55 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys

2009-08-07 17:55 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys

2009-08-07 17:55 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys

2009-08-07 17:55 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys

2009-08-07 17:55 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys

2009-08-07 17:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-08-07 17:55 . 2009-08-07 17:55 -------- d-----w- c:\program files\Microsoft LifeCam

2009-08-07 17:54 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2009-08-07 17:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-08-07 17:31 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-08-07 17:29 . 2009-08-07 17:29 -------- d-----w- c:\windows\nview

2009-08-07 17:29 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-07 17:28 . 2008-10-02 17:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-07 17:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 05:43 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\eventlog.dll

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\program files\Ulead Systems

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems

2009-09-01 15:18 . 2009-08-07 17:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-26 13:54 . 2009-08-26 13:44 -------- d-----w- c:\documents and settings\iamphil\Application Data\Winamp

2009-08-26 13:45 . 2009-08-26 13:44 -------- d-----w- c:\program files\Winamp

2009-08-19 08:05 . 2009-08-19 08:05 -------- d-----w- c:\program files\Philips

2009-08-10 16:47 . 2009-08-07 04:12 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-08 08:26 . 2009-08-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-08-08 07:55 . 2009-08-07 04:10 -------- d-----w- c:\program files\ASUS

2009-08-07 17:30 . 2009-08-07 17:30 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-07 06:04 . 2009-08-07 06:03 -------- d-----w- c:\program files\VIA

2009-08-07 05:53 . 2009-08-07 05:53 -------- d-----w- c:\program files\microsoft frontpage

2009-08-07 05:50 . 2009-08-07 05:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-07 04:10 . 2009-08-07 04:10 -------- d-----w- c:\program files\AMD

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 01:56 . 2009-08-05 01:56 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll

2009-08-05 01:56 . 2009-08-05 01:56 248584 ----a-w- c:\windows\system32\prgiso.dll

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:50 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2009-08-07 05:49 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-21 943888]

 

c:\documents and settings\iamphil\Start Menu\Programs\Startup\

Folding@home.lnk - c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe [2009-8-8 98477]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-12 06:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Charon\\Stan.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/11/2009 11:22 PM 12552]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/12/2009 8:01 PM 40560]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/11/2009 11:22 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/11/2009 11:22 PM 108552]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/1/2009 10:06 PM 305936]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/6/2009 11:04 PM 1057024]

S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]

S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = forums.pcpitstop.com/index.php?

uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/anti-virus/uninstall/

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

FF - ProfilePath - c:\documents and settings\iamphil\Application Data\Mozilla\Firefox\Profiles\52tptwi0.default\

FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/index.php?

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-03 08:21

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(56592)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-03 8:22

ComboFix-quarantined-files.txt 2009-09-03 15:22

 

Pre-Run: 75,896,246,272 bytes free

Post-Run: 75,894,308,864 bytes free

 

256 --- E O F --- 2009-09-02 02:54

Edited by dickster

Share this post


Link to post
Share on other sites

Welcome back

 

Did you run CF three times?

ComboFix 09-09-02.02 - iamphil 09/03/2009 8:18.3.2 - NTFSx86

 

Check if you can find these files, please post them if found.

C:\qoobox\ComboFix2.txt

C:\qoobox\ComboFix3.txt

 

Please go to Start > Run and copy/paste the following, then press Enter:

 

C:\QooBox\ComboFix-quarantined-files.txt

 

Post the contents of the logfile which should open.

 

 

 

 

I uninstalled AGV but what you see was left behind. I don't have to .exe file to reinstall, and can't get it to stop running.

We can remove it.

 

Experiment and see if you can update and then run a scan now with Malwarebytes' Anti-Malware, if you can please save the log.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

SecCenter::

{17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::

c:\windows\system32\drivers\avgtdix.sys

c:\windows\system32\drivers\avgrkx86.sys

c:\windows\system32\drivers\avgldx86.sys

c:\windows\system32\drivers\avgmfx86.sys

Folder::

c:\windows\system32\drivers\Avg

c:\program files\AVG

c:\documents and settings\All Users\Application Data\avg8

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

Driver::

AvgRkx86

AvgLdx86

AvgTdiX

avg8emc

avg8wd

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Download and run Win32kDiag:

In your next reply post:

Combofix.txt

MBAM log if possible

Win32kDiag.txt

 

 

 

 

How's the computer?

Edited by Juliet

Share this post


Link to post
Share on other sites

Was still not able to get Malwarebytes to run, but here are the others.

 

Quarantine log.

 

2009-09-03 15:21:57 . 2009-09-03 15:21:57 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG8_TRAY.reg.dat

2009-09-03 15:21:57 . 2009-09-03 15:21:57 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SUPERAntiSpyware.reg.dat

2009-09-03 15:21:37 . 2007-08-17 20:48:16 40 ----a-w- C:\Qoobox\Quarantine\I\Autorun.inf.vir

2009-09-03 15:20:47 . 2009-09-03 15:20:47 5,937 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2009-09-03 15:15:12 . 2009-09-03 15:15:12 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

 

 

 

New combofix log.

 

ComboFix 09-09-03.02 - iamphil 09/04/2009 7:00.6.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2909 [GMT -7:00]

Running from: c:\documents and settings\iamphil\Desktop\ComboFix.com

Command switches used :: c:\docume~1\iamphil\Desktop\CFScript.txt

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

FILE ::

"c:\windows\system32\drivers\avgldx86.sys"

"c:\windows\system32\drivers\avgmfx86.sys"

"c:\windows\system32\drivers\avgrkx86.sys"

"c:\windows\system32\drivers\avgtdix.sys"

.

 

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))

.

 

2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:\program files\Enigma Software Group

2009-09-02 05:17 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-02 05:17 . 2009-09-02 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-02 05:17 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\program files\IObit

2009-09-02 04:14 . 2009-09-02 04:14 -------- d-----w- c:\program files\Windows Defender

2009-09-02 03:36 . 2009-09-02 03:36 -------- d-----w- c:\documents and settings\iamphil\DoctorWeb

2009-09-02 02:41 . 2009-09-02 02:41 -------- d-----w- c:\program files\Trend Micro

2009-09-02 01:09 . 2009-09-02 01:09 7680 ----a-w- c:\windows\system32\drivers\RKL1A90.tmp.sys

2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\ESET

2009-09-01 15:58 . 2009-09-01 15:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-09-01 15:49 . 2008-01-07 21:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\program files\ESET

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-09-01 15:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-01 15:26 . 2009-09-01 15:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-01 15:20 . 2009-09-01 15:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera

2009-09-01 15:19 . 2009-09-01 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-01 14:41 . 2009-09-01 14:42 117760 ----a-w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com

2009-09-01 02:04 . 2009-09-01 16:31 -------- d-----w- c:\program files\a-squared Anti-Malware

2009-08-28 17:09 . 2009-08-28 17:09 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Opera

2009-08-28 17:08 . 2009-08-28 17:08 -------- d-----w- c:\program files\Opera

2009-08-28 11:34 . 2009-08-28 11:34 120 ----a-w- c:\windows\Vrufobunitoba.dat

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- C:\SIERRA

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\WON

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\Sierra On-Line

2009-08-28 01:29 . 1998-10-03 02:00 327168 ----a-w- c:\windows\IsUninst.exe

2009-08-28 01:13 . 2009-08-28 01:13 -------- d-----w- c:\documents and settings\iamphil\Application Data\Ulead Systems

2009-08-27 02:44 . 2009-08-27 02:44 -------- d-----w- c:\program files\ieSpell

2009-08-26 23:55 . 2009-08-26 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-08-26 23:34 . 2009-09-02 02:28 -------- d-----w- c:\program files\Panda Security

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\iamphil\Application Data\Malwarebytes

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\documents and settings\iamphil\Application Data\URSoft

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\program files\Your Uninstaller 2008

2009-08-26 13:26 . 2009-08-26 13:26 -------- d-----w- c:\windows\Downloaded Installations

2009-08-26 07:45 . 2009-08-26 15:43 -------- d-----w- c:\documents and settings\iamphil\Application Data\JLC's Software

2009-08-25 00:18 . 2009-08-25 00:18 1656832 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_a0.exe

2009-08-25 00:18 . 2009-08-25 00:18 1382280 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\libfftw3f-3.dll

2009-08-21 01:38 . 2009-08-26 15:42 -------- d-----w- c:\program files\ffdshow

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\LogFiles

2009-08-19 03:07 . 2009-08-19 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 03:07 . 2009-08-19 03:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-14 01:43 . 2009-08-14 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\redistpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\createpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher

2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\program files\RivaTuner v2.24

2009-08-13 06:22 . 2009-08-31 22:21 -------- d--h--w- c:\windows\PIF

2009-08-13 03:01 . 2009-08-05 01:56 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2009-08-13 03:00 . 2009-08-13 03:00 -------- d-----w- c:\program files\Paragon Software

2009-08-13 01:17 . 2009-08-13 01:17 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Identities

2009-08-13 01:14 . 2009-08-26 13:21 -------- d-----w- c:\documents and settings\iamphil\Application Data\MailWasherPro

2009-08-13 01:14 . 2009-08-13 01:14 -------- d-----w- c:\program files\FireTrust

2009-08-12 15:15 . 2009-08-12 15:15 -------- d-----w- c:\documents and settings\iamphil\Application Data\vlc

2009-08-12 15:12 . 2009-08-12 15:12 -------- d-----w- c:\program files\VideoLAN

2009-08-12 13:47 . 2009-08-12 13:47 0 ----a-w- c:\windows\nsreg.dat

2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Mozilla

2009-08-12 08:43 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 06:22 . 2009-08-12 06:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\ImgBurn

2009-08-12 02:11 . 2009-08-12 02:11 -------- d-----w- c:\program files\DAMN NFO Viewer

2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\program files\uTorrent

2009-08-12 01:08 . 2009-08-26 15:39 -------- d-----w- c:\documents and settings\iamphil\Application Data\uTorrent

2009-08-09 04:55 . 2009-08-09 04:55 1843200 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_11.exe

2009-08-08 18:18 . 2009-08-08 18:18 -------- d-----w- c:\documents and settings\iamphil\Application Data\Goodsol

2009-08-08 18:17 . 2009-08-08 18:17 -------- d-----w- c:\program files\goodsol

2009-08-08 18:15 . 2009-08-08 18:16 -------- d-----w- c:\program files\Mahjong The Endless Journey

2009-08-08 18:14 . 2009-08-08 18:14 -------- d-----w- c:\program files\ReflexiveArcade

2009-08-08 09:15 . 2009-08-26 23:14 -------- d-----w- c:\documents and settings\iamphil\Application Data\Auslogics

2009-08-08 09:13 . 2009-08-08 09:13 -------- d-----w- c:\program files\Auslogics

2009-08-08 07:25 . 2009-08-08 07:25 1298432 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_14.exe

2009-08-08 07:24 . 2009-09-04 02:32 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe

2009-08-08 07:24 . 2009-08-18 23:48 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_5429DBF727E2384037BDE1.exe

2009-08-08 07:24 . 2009-08-08 07:24 2338816 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_78.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe

2009-08-08 07:22 . 2009-08-08 07:22 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe

2009-08-08 07:22 . 2009-09-01 02:49 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-x86

2009-08-08 07:22 . 2009-08-08 07:24 -------- d-----w- c:\program files\Folding@home

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\MSBuild

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\Reference Assemblies

2009-08-07 18:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-07 18:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\scripting

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\en

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\l2schemas

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\bits

2009-08-07 18:19 . 2009-08-07 18:21 -------- d-----w- c:\windows\ServicePackFiles

2009-08-07 18:09 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2009-08-07 17:55 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys

2009-08-07 17:55 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys

2009-08-07 17:55 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys

2009-08-07 17:55 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys

2009-08-07 17:55 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys

2009-08-07 17:55 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys

2009-08-07 17:55 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys

2009-08-07 17:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-08-07 17:55 . 2009-08-07 17:55 -------- d-----w- c:\program files\Microsoft LifeCam

2009-08-07 17:54 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2009-08-07 17:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-08-07 17:31 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-08-07 17:29 . 2009-08-07 17:29 -------- d-----w- c:\windows\nview

2009-08-07 17:29 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-07 17:28 . 2008-10-02 17:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-07 17:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-08-07 17:27 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-08-07 17:27 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-08-07 17:27 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-08-07 17:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-08-07 17:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-08-07 17:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-08-07 17:22 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 05:43 . 2004-08-04 12:00 56320 ------w- c:\windows\system32\eventlog.dll

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\program files\Ulead Systems

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems

2009-09-01 15:18 . 2009-08-07 17:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-26 13:54 . 2009-08-26 13:44 -------- d-----w- c:\documents and settings\iamphil\Application Data\Winamp

2009-08-26 13:45 . 2009-08-26 13:44 -------- d-----w- c:\program files\Winamp

2009-08-19 08:05 . 2009-08-19 08:05 -------- d-----w- c:\program files\Philips

2009-08-10 16:47 . 2009-08-07 04:12 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-08 08:26 . 2009-08-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-08-08 07:55 . 2009-08-07 04:10 -------- d-----w- c:\program files\ASUS

2009-08-07 17:30 . 2009-08-07 17:30 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-07 06:04 . 2009-08-07 06:03 -------- d-----w- c:\program files\VIA

2009-08-07 05:53 . 2009-08-07 05:53 -------- d-----w- c:\program files\microsoft frontpage

2009-08-07 05:50 . 2009-08-07 05:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-07 04:10 . 2009-08-07 04:10 -------- d-----w- c:\program files\AMD

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 01:56 . 2009-08-05 01:56 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll

2009-08-05 01:56 . 2009-08-05 01:56 248584 ----a-w- c:\windows\system32\prgiso.dll

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:50 . 2004-08-04 12:00 666624 ------w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2009-08-07 05:49 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-09-03_15.21.37 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2009-09-02 12:51 67516 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2009-09-04 02:36 67516 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2009-09-04 02:36 432686 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2009-09-02 12:51 432686 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-21 943888]

 

c:\documents and settings\iamphil\Start Menu\Programs\Startup\

Folding@home.lnk - c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe [2009-8-8 98477]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Charon\\Stan.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/12/2009 8:01 PM 40560]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/1/2009 10:06 PM 305936]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/6/2009 11:04 PM 1057024]

.

.

------- Supplementary Scan -------

.

uStart Page = forums.pcpitstop.com/index.php?

uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/anti-virus/uninstall/

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

FF - ProfilePath - c:\documents and settings\iamphil\Application Data\Mozilla\Firefox\Profiles\52tptwi0.default\

FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/index.php?

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-04 07:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(2840)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-04 7:02

ComboFix-quarantined-files.txt 2009-09-04 14:02

ComboFix2.txt 2009-09-04 02:42

ComboFix3.txt 2009-09-03 15:22

 

Pre-Run: 75,802,181,632 bytes free

Post-Run: 75,771,162,624 bytes free

 

260 --- E O F --- 2009-09-04 13:49

Edited by dickster

Share this post


Link to post
Share on other sites

Win32kDiag.txt

 

 

Log file is located at: C:\Documents and Settings\iamphil\Desktop\Win32kDiag.txt

 

WARNING: Could not get backup privileges!

 

Searching 'C:\WINDOWS'...

 

 

 

Found mount point : C:\WINDOWS\addins\addins

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP196.tmp\ZAP196.tmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D5.tmp\ZAP1D5.tmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7.tmp\ZAP7.tmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB5.tmp\ZAPB5.tmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\temp\temp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\assembly\tmp\tmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Config\Config

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d1\d1

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d2\d2

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d3\d3

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d4\d4

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d5\d5

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d6\d6

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d7\d7

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\CSC\d8\d8

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\ime\shared\res\res

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\java\classes\classes

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\java\trustlib\trustlib

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\DataColl\DataColl

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\PIF\PIF

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1025\1025

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1028\1028

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1031\1031

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1037\1037

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1041\1041

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1042\1042

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\1054\1054

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\2052\2052

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\3076\3076

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\HMBRRP9R\HMBRRP9R

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\all

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\brt

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\can

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\eng

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\as1.suitesmart.com\_f5e.swf\_f5e.swf

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\box.anchorfree.net\afso\afso.swf\afso.swf

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn.widgetserver.com\cdn.widgetserver.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn4.specificclick.net\img\img

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\billboard-v40.swf\billboard-v40.swf

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\player-v40.swf\player-v40.swf

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\flash.quantserve.com\flash.quantserve.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\gannett.a.mms.mavenapps.net\gannett.a.mms.mavenapps.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\is1.j.tv2n.net\is1.j.tv2n.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\pub.widgetbox.com\pub.widgetbox.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\udn.specificclick.net\udn.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\video.flashtalking.com\video.flashtalking.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\www.crackle.com\www.crackle.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\#as1.suitesmart.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#box.anchorfree.net\#box.anchorfree.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com\#cdn.widgetserver.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.specificclick.net\#cdn4.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.deezer.com\#files.deezer.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\#flash.quantserve.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gannett.a.mms.mavenapps.net\#gannett.a.mms.mavenapps.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net\#is1.j.tv2n.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com\#pub.widgetbox.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net\#udn.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com\#video.flashtalking.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com\#www.crackle.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mydamnchannel.com\#www.mydamnchannel.com

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\Search80

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\ESD\ESD

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\export\export

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\wins\wins

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\system32\xircom\xircom

 

Mount point destination : \Device\__max++>\^

 

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

 

Mount point destination : \Device\__max++>\^

 

 

 

Finished!

Share this post


Link to post
Share on other sites

Welcome back

 

 

Several steps to complete here, just take your time.

 

 

Locate your version of ComboFix on the desktop > right click and select delete.

 

Now we'll download an updated copy.

 

 

Download Combofix© by sUBs from any of the links below.

 

Save it to your desktop.

 

Link 1

Link 2

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)

http://www.bleepingcomputer.com/forums/topic114351.html

 

 

Please only run the tool once, ty.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Please delete your copy of Win32kDiag.

 

Please save this file to your Desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with Notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

NEXT**

 

NEXT** download GMER Rootkit Scanner from here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked.

     

    Uncheck the following ...

    • Sections
  • IAT/EAT
Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)Then click the Scan button & wait for it to finish. Once done click on the [save..] button, and in the File name area, type in ark.txtSave it where you can easily find it, such as your desktop then post the contents here.

 

**Caution**

Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries

 

 

 

 

In your next reply post:

ComboFix.txt

Win32kDiag.txt

ark.txt

Share this post


Link to post
Share on other sites

Combofix log.

 

ComboFix 09-09-03.02 - iamphil 09/04/2009 13:32.7.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2824 [GMT -7:00]

Running from: c:\documents and settings\iamphil\Desktop\ComboFix.com

AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))

.

 

2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:\program files\Enigma Software Group

2009-09-02 05:17 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-02 05:17 . 2009-09-02 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-02 05:17 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-02 05:06 . 2009-09-02 05:06 -------- d-----w- c:\program files\IObit

2009-09-02 04:14 . 2009-09-02 04:14 -------- d-----w- c:\program files\Windows Defender

2009-09-02 03:36 . 2009-09-02 03:36 -------- d-----w- c:\documents and settings\iamphil\DoctorWeb

2009-09-02 02:41 . 2009-09-02 02:41 -------- d-----w- c:\program files\Trend Micro

2009-09-02 01:09 . 2009-09-02 01:09 7680 ----a-w- c:\windows\system32\drivers\RKL1A90.tmp.sys

2009-09-01 16:05 . 2009-09-01 16:05 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\ESET

2009-09-01 15:58 . 2009-09-01 15:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-09-01 15:49 . 2008-01-07 21:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\program files\ESET

2009-09-01 15:44 . 2009-09-01 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-09-01 15:32 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-09-01 15:26 . 2009-09-01 15:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-01 15:20 . 2009-09-01 15:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera

2009-09-01 15:19 . 2009-09-01 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-01 14:41 . 2009-09-01 14:42 117760 ----a-w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-01 14:41 . 2009-09-01 14:41 -------- d-----w- c:\documents and settings\iamphil\Application Data\SUPERAntiSpyware.com

2009-09-01 02:04 . 2009-09-01 16:31 -------- d-----w- c:\program files\a-squared Anti-Malware

2009-08-28 17:09 . 2009-08-28 17:09 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Opera

2009-08-28 17:08 . 2009-08-28 17:08 -------- d-----w- c:\program files\Opera

2009-08-28 11:34 . 2009-08-28 11:34 120 ----a-w- c:\windows\Vrufobunitoba.dat

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- C:\SIERRA

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\WON

2009-08-28 01:29 . 2009-08-28 01:29 -------- d-----w- c:\program files\Sierra On-Line

2009-08-28 01:29 . 1998-10-03 02:00 327168 ----a-w- c:\windows\IsUninst.exe

2009-08-28 01:13 . 2009-08-28 01:13 -------- d-----w- c:\documents and settings\iamphil\Application Data\Ulead Systems

2009-08-27 02:44 . 2009-08-27 02:44 -------- d-----w- c:\program files\ieSpell

2009-08-26 23:55 . 2009-08-26 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2009-08-26 23:34 . 2009-09-02 02:28 -------- d-----w- c:\program files\Panda Security

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\iamphil\Application Data\Malwarebytes

2009-08-26 17:46 . 2009-08-26 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\documents and settings\iamphil\Application Data\URSoft

2009-08-26 15:40 . 2009-08-26 15:40 -------- d-----w- c:\program files\Your Uninstaller 2008

2009-08-26 13:26 . 2009-08-26 13:26 -------- d-----w- c:\windows\Downloaded Installations

2009-08-26 07:45 . 2009-08-26 15:43 -------- d-----w- c:\documents and settings\iamphil\Application Data\JLC's Software

2009-08-25 00:18 . 2009-08-25 00:18 1656832 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_a0.exe

2009-08-25 00:18 . 2009-08-25 00:18 1382280 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\libfftw3f-3.dll

2009-08-21 01:38 . 2009-08-26 15:42 -------- d-----w- c:\program files\ffdshow

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-08-21 01:22 . 2009-08-21 01:22 -------- d-----w- c:\windows\system32\LogFiles

2009-08-19 03:07 . 2009-08-19 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-19 03:07 . 2009-08-19 03:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-14 01:43 . 2009-08-14 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\redistpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\createpart

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher

2009-08-14 01:40 . 2009-08-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher

2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\program files\RivaTuner v2.24

2009-08-13 06:22 . 2009-09-04 20:27 -------- d--h--w- c:\windows\PIF

2009-08-13 03:01 . 2009-08-05 01:56 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2009-08-13 03:00 . 2009-08-13 03:00 -------- d-----w- c:\program files\Paragon Software

2009-08-13 01:17 . 2009-08-13 01:17 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Identities

2009-08-13 01:14 . 2009-08-26 13:21 -------- d-----w- c:\documents and settings\iamphil\Application Data\MailWasherPro

2009-08-13 01:14 . 2009-08-13 01:14 -------- d-----w- c:\program files\FireTrust

2009-08-12 15:15 . 2009-08-12 15:15 -------- d-----w- c:\documents and settings\iamphil\Application Data\vlc

2009-08-12 15:12 . 2009-08-12 15:12 -------- d-----w- c:\program files\VideoLAN

2009-08-12 13:47 . 2009-08-12 13:47 0 ----a-w- c:\windows\nsreg.dat

2009-08-12 13:47 . 2009-08-12 13:47 -------- d-----w- c:\documents and settings\iamphil\Local Settings\Application Data\Mozilla

2009-08-12 08:43 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 06:22 . 2009-08-12 06:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\ImgBurn

2009-08-12 02:11 . 2009-08-12 02:11 -------- d-----w- c:\program files\DAMN NFO Viewer

2009-08-12 01:08 . 2009-08-12 01:08 -------- d-----w- c:\program files\uTorrent

2009-08-12 01:08 . 2009-08-26 15:39 -------- d-----w- c:\documents and settings\iamphil\Application Data\uTorrent

2009-08-09 04:55 . 2009-08-09 04:55 1843200 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_11.exe

2009-08-08 18:18 . 2009-08-08 18:18 -------- d-----w- c:\documents and settings\iamphil\Application Data\Goodsol

2009-08-08 18:17 . 2009-08-08 18:17 -------- d-----w- c:\program files\goodsol

2009-08-08 18:15 . 2009-08-08 18:16 -------- d-----w- c:\program files\Mahjong The Endless Journey

2009-08-08 18:14 . 2009-08-08 18:14 -------- d-----w- c:\program files\ReflexiveArcade

2009-08-08 09:15 . 2009-08-26 23:14 -------- d-----w- c:\documents and settings\iamphil\Application Data\Auslogics

2009-08-08 09:13 . 2009-08-08 09:13 -------- d-----w- c:\program files\Auslogics

2009-08-08 07:25 . 2009-08-08 07:25 1298432 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu\FahCore_14.exe

2009-08-08 07:24 . 2009-09-04 02:32 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-gpu

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:24 . 2009-08-18 23:48 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe

2009-08-08 07:24 . 2009-08-18 23:48 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_5429DBF727E2384037BDE1.exe

2009-08-08 07:24 . 2009-08-08 07:24 2338816 ----a-w- c:\documents and settings\iamphil\Application Data\Folding@home-x86\FahCore_78.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe

2009-08-08 07:22 . 2009-08-08 07:22 98477 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe

2009-08-08 07:22 . 2009-08-08 07:22 10134 ----a-r- c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe

2009-08-08 07:22 . 2009-09-01 02:49 -------- d-----w- c:\documents and settings\iamphil\Application Data\Folding@home-x86

2009-08-08 07:22 . 2009-08-08 07:24 -------- d-----w- c:\program files\Folding@home

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\MSBuild

2009-08-08 07:03 . 2009-08-08 07:03 -------- d-----w- c:\program files\Reference Assemblies

2009-08-07 18:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-07 18:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-07 18:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\scripting

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\en

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\l2schemas

2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\windows\system32\bits

2009-08-07 18:19 . 2009-08-07 18:21 -------- d-----w- c:\windows\ServicePackFiles

2009-08-07 18:09 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2009-08-07 17:55 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys

2009-08-07 17:55 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys

2009-08-07 17:55 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys

2009-08-07 17:55 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys

2009-08-07 17:55 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys

2009-08-07 17:55 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys

2009-08-07 17:55 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys

2009-08-07 17:55 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-08-07 17:55 . 2009-08-07 17:55 -------- d-----w- c:\program files\Microsoft LifeCam

2009-08-07 17:54 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2009-08-07 17:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-08-07 17:31 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-08-07 17:29 . 2009-08-07 17:29 -------- d-----w- c:\windows\nview

2009-08-07 17:29 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-07 17:28 . 2008-10-02 17:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-07 17:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-08-07 17:27 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-08-07 17:27 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-08-07 17:27 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-08-07 17:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-08-07 17:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-08-07 17:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-08-07 17:22 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-02 05:43 . 2004-08-04 12:00 56320 ------w- c:\windows\system32\eventlog.dll

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\program files\Ulead Systems

2009-09-02 02:30 . 2009-08-07 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems

2009-09-01 15:18 . 2009-08-07 17:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-26 13:54 . 2009-08-26 13:44 -------- d-----w- c:\documents and settings\iamphil\Application Data\Winamp

2009-08-26 13:45 . 2009-08-26 13:44 -------- d-----w- c:\program files\Winamp

2009-08-19 08:05 . 2009-08-19 08:05 -------- d-----w- c:\program files\Philips

2009-08-10 16:47 . 2009-08-07 04:12 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-08 08:26 . 2009-08-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-08-08 07:55 . 2009-08-07 04:10 -------- d-----w- c:\program files\ASUS

2009-08-07 17:30 . 2009-08-07 17:30 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-07 06:04 . 2009-08-07 06:03 -------- d-----w- c:\program files\VIA

2009-08-07 05:53 . 2009-08-07 05:53 -------- d-----w- c:\program files\microsoft frontpage

2009-08-07 05:50 . 2009-08-07 05:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-08-07 04:10 . 2009-08-07 04:10 -------- d-----w- c:\program files\AMD

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 01:56 . 2009-08-05 01:56 4248840 ----a-w- c:\windows\system32\qtp-mt334.dll

2009-08-05 01:56 . 2009-08-05 01:56 248584 ----a-w- c:\windows\system32\prgiso.dll

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:50 . 2004-08-04 12:00 666624 ------w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2009-08-07 05:49 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-09-03_15.21.37 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 12:00 . 2009-09-02 12:51 67516 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2009-09-04 02:36 67516 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2009-09-04 02:36 432686 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2009-09-02 12:51 432686 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-21 943888]

 

c:\documents and settings\iamphil\Start Menu\Programs\Startup\

Folding@home.lnk - c:\documents and settings\iamphil\Application Data\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe [2009-8-8 98477]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ASUS\\ASUSUpdate\\Update.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"d:\\Charon\\Stan.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/12/2009 8:01 PM 40560]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/1/2009 10:06 PM 305936]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/6/2009 11:04 PM 1057024]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - aujasnkj

.

.

------- Supplementary Scan -------

.

uStart Page = forums.pcpitstop.com/index.php?

uInternet Connection Wizard,ShellNext = hxxp://www.pctools.com/en/anti-virus/uninstall/

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

FF - ProfilePath - c:\documents and settings\iamphil\Application Data\Mozilla\Firefox\Profiles\52tptwi0.default\

FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/index.php?

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-04 13:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3740)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-04 13:34

ComboFix-quarantined-files.txt 2009-09-04 20:34

ComboFix2.txt 2009-09-04 14:02

ComboFix3.txt 2009-09-04 02:42

ComboFix4.txt 2009-09-03 15:22

 

Pre-Run: 75,940,458,496 bytes free

Post-Run: 75,932,176,384 bytes free

 

257 --- E O F --- 2009-09-04 13:49

Share this post


Link to post
Share on other sites

WinDiag log

 

Log file is located at: C:\Documents and Settings\iamphil\Desktop\Win32kDiag.txt

 

Removing all found mount points.

 

Attempting to reset file permissions.

 

WARNING: Could not get backup privileges!

 

Searching 'C:\WINDOWS'...

 

 

 

Found mount point : C:\WINDOWS\addins\addins

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\addins\addins

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP196.tmp\ZAP196.tmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP196.tmp\ZAP196.tmp

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D5.tmp\ZAP1D5.tmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D5.tmp\ZAP1D5.tmp

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7.tmp\ZAP7.tmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7.tmp\ZAP7.tmp

 

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB5.tmp\ZAPB5.tmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB5.tmp\ZAPB5.tmp

 

Found mount point : C:\WINDOWS\assembly\temp\temp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\temp\temp

 

Found mount point : C:\WINDOWS\assembly\tmp\tmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

 

Found mount point : C:\WINDOWS\Config\Config

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Config\Config

 

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

 

Found mount point : C:\WINDOWS\CSC\d1\d1

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d1\d1

 

Found mount point : C:\WINDOWS\CSC\d2\d2

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d2\d2

 

Found mount point : C:\WINDOWS\CSC\d3\d3

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d3\d3

 

Found mount point : C:\WINDOWS\CSC\d4\d4

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d4\d4

 

Found mount point : C:\WINDOWS\CSC\d5\d5

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d5\d5

 

Found mount point : C:\WINDOWS\CSC\d6\d6

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d6\d6

 

Found mount point : C:\WINDOWS\CSC\d7\d7

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d7\d7

 

Found mount point : C:\WINDOWS\CSC\d8\d8

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\CSC\d8\d8

 

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

 

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

 

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

 

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

 

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

 

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

 

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

 

Found mount point : C:\WINDOWS\ime\shared\res\res

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\ime\shared\res\res

 

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

 

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

 

Found mount point : C:\WINDOWS\java\classes\classes

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\java\classes\classes

 

Found mount point : C:\WINDOWS\java\trustlib\trustlib

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

 

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

 

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

 

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

 

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

 

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

 

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

 

Found mount point : C:\WINDOWS\pchealth\helpctr\DataColl\DataColl

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\DataColl\DataColl

 

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

 

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

 

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

 

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

 

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

 

Found mount point : C:\WINDOWS\PIF\PIF

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\PIF\PIF

 

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

 

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

 

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

 

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

 

Found mount point : C:\WINDOWS\system32\1025\1025

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1025\1025

 

Found mount point : C:\WINDOWS\system32\1028\1028

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1028\1028

 

Found mount point : C:\WINDOWS\system32\1031\1031

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1031\1031

 

Found mount point : C:\WINDOWS\system32\1037\1037

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1037\1037

 

Found mount point : C:\WINDOWS\system32\1041\1041

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1041\1041

 

Found mount point : C:\WINDOWS\system32\1042\1042

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1042\1042

 

Found mount point : C:\WINDOWS\system32\1054\1054

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\1054\1054

 

Found mount point : C:\WINDOWS\system32\2052\2052

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\2052\2052

 

Found mount point : C:\WINDOWS\system32\3076\3076

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\3076\3076

 

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\HMBRRP9R\HMBRRP9R

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\HMBRRP9R\HMBRRP9R

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\all

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\all

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\brt

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\brt

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\can

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\can

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\eng

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\eng

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\as1.suitesmart.com\_f5e.swf\_f5e.swf

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\as1.suitesmart.com\_f5e.swf\_f5e.swf

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\box.anchorfree.net\afso\afso.swf\afso.swf

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\box.anchorfree.net\afso\afso.swf\afso.swf

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn.widgetserver.com\cdn.widgetserver.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn.widgetserver.com\cdn.widgetserver.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn4.specificclick.net\img\img

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\cdn4.specificclick.net\img\img

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\billboard-v40.swf\billboard-v40.swf

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\billboard-v40.swf\billboard-v40.swf

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\player-v40.swf\player-v40.swf

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\files.deezer.com\swf\player-v40.swf\player-v40.swf

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\flash.quantserve.com\flash.quantserve.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\flash.quantserve.com\flash.quantserve.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\gannett.a.mms.mavenapps.net\gannett.a.mms.mavenapps.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\gannett.a.mms.mavenapps.net\gannett.a.mms.mavenapps.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\is1.j.tv2n.net\is1.j.tv2n.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\is1.j.tv2n.net\is1.j.tv2n.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\pub.widgetbox.com\pub.widgetbox.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\pub.widgetbox.com\pub.widgetbox.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\udn.specificclick.net\udn.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\udn.specificclick.net\udn.specificclick.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\video.flashtalking.com\video.flashtalking.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\video.flashtalking.com\video.flashtalking.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\www.crackle.com\www.crackle.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\7MSYU4F9\www.crackle.com\www.crackle.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\#as1.suitesmart.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\#as1.suitesmart.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#box.anchorfree.net\#box.anchorfree.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#box.anchorfree.net\#box.anchorfree.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com\#cdn.widgetserver.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com\#cdn.widgetserver.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.specificclick.net\#cdn4.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.specificclick.net\#cdn4.specificclick.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.deezer.com\#files.deezer.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.deezer.com\#files.deezer.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\#flash.quantserve.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\#flash.quantserve.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gannett.a.mms.mavenapps.net\#gannett.a.mms.mavenapps.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gannett.a.mms.mavenapps.net\#gannett.a.mms.mavenapps.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net\#is1.j.tv2n.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net\#is1.j.tv2n.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com\#pub.widgetbox.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com\#pub.widgetbox.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net\#udn.specificclick.net

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net\#udn.specificclick.net

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com\#video.flashtalking.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com\#video.flashtalking.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com\#www.crackle.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com\#www.crackle.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mydamnchannel.com\#www.mydamnchannel.com

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mydamnchannel.com\#www.mydamnchannel.com

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\Search80

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80\Search80

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\ESD\ESD

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\ESD\ESD

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

 

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

 

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

 

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

 

Found mount point : C:\WINDOWS\system32\export\export

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\export\export

 

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

 

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

 

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

 

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

 

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

 

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

 

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

 

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

 

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

 

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

 

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

 

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

 

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

 

Found mount point : C:\WINDOWS\system32\wins\wins

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\wins\wins

 

Found mount point : C:\WINDOWS\system32\xircom\xircom

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\system32\xircom\xircom

 

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

 

Mount point destination : \Device\__max++>\^

 

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

 

 

 

Finished!

 

 

ark.txt

 

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-09-04 14:16:59

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

Code \??\C:\DOCUME~1\iamphil\LOCALS~1\Temp\catchme.sys pIofCallDriver

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

 

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

dickster, give me an update on how the computer is now.

 

 

 

NEXT**

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.

The below scan can take up to an hour or longer, so please be patient.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

 

Using Internet Explorer, visit http://www.kaspersky.com/kos/english/langu...n=1250646146031

 

 

 

http://www.kaspersky.com/service?chapter=161739400

 

Ensure your external and/or USB/Flash or Pen drives are inserted during the scan.

 

 

Other available links

Kaspersky Online Scanner or from here

http://www.kaspersky.com/virusscanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition

    files.

  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)

    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:

Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in

your reply.

 

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

 

(Note.. for Internet Explorer 7 users:

If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

In your next reply post:

Kaspersky log

New HJT log taken after the above scans have run

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

Computer has always run good, but was getting those windows antivirus popups every other minute. End one in task manager and another popped up almost immediatly.

 

Kaspersky log is short.

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, September 5, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, September 05, 2009 06:03:19

Records in database: 2747807

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

H:\

I:\

J:\

W:\

X:\

Y:\

Z:\

 

Scan statistics:

Objects scanned: 38195

Threats found: 1

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 00:32:23

 

 

File name / Threat / Threats count

C:\Documents and Settings\iamphil\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\kf141.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2

 

Selected area has been scanned.

 

 

Still can't run HJT.

Share this post


Link to post
Share on other sites

Morning

 

Computer has always run good, but was getting those windows antivirus popups every other minute. End one in task manager and another popped up almost immediately.

Have the pop ups stopped?

 

 

We have a file that needs to be deleted.

 

 

 

Download OTM by OldTimer Here & save it to your desktop.

  • Double click on OTM.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

:Files
C:\Documents and Settings\iamphil\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\kf141.zip
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

Still can't run HJT.

For MalwareBytes and HJT.

Delete what you have......now download again and when saving to desktop rename, instead of allowing the .exe rename to .com and this should allow it to run.

 

 

Download Trend Micro Hijack This™ and save to desktop.

 

 

Please download Malwarebytes' Anti-Malware to your desktop

 

Additional Link

Here also

 

 

 

We need to run a tool once more.

 

Locate and delete your version of Win32kDiag.

 

 

Download and run Win32kDiag:

 

In your next reply post:

OTM log

MBAM log

HJT log

Win32kDiag.txt

Share this post


Link to post
Share on other sites

Still can't get HJT to run but here are the other logs. Haven't been using the pc, so not sure if the popups stopped.

 

OTM

 

All processes killed

========== FILES ==========

C:\Documents and Settings\iamphil\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\kf141.zip moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 16914219 bytes

->Opera cache emptied: 1023427 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: iamphil

->Temp folder emptied: 82310216 bytes

->Temporary Internet Files folder emptied: 2855450 bytes

->Java cache emptied: 25755153 bytes

->FireFox cache emptied: 87180243 bytes

->Opera cache emptied: 74953163 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32835 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 49219 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 279.65 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09052009_100755

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Malwarebytes

 

Malwarebytes' Anti-Malware 1.40

Database version: 2744

Windows 5.1.2600 Service Pack 3

 

9/5/2009 10:30:41 AM

mbam-log-2009-09-05 (10-30-19).txt

 

Scan type: Quick Scan

Objects scanned: 90366

Time elapsed: 2 minute(s), 10 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

Win32kDiag.txt

 

Log file is located at: C:\Documents and Settings\iamphil\Desktop\Win32kDiag.txt

 

WARNING: Could not get backup privileges!

 

Searching 'C:\WINDOWS'...

 

 

 

 

 

Finished!

Edited by dickster

Share this post


Link to post
Share on other sites

Got HJT to run and posting log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:19:53 AM, on 9/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = forums.pcpitstop.com/index.php?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pctools.com/en/anti-virus/uninstall/

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - Startup: Folding@home.lnk = ?

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249652376531

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 5080 bytes

Share this post


Link to post
Share on other sites

Welcome back

 

 

Scans show me the infection has been removed.....good job.

 

 

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

 

"%userprofile%\desktop\combofix.exe" /u

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

 

Win32kDiag <--delete

Win32kDiag.txt <--delete

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NEXT**

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

 

 

Go to Start> Run> In the space provided type

 

sc stop WMPNetworkSvc

press enter

 

Type this command too

Go to Start> Run> In the space provided type

sc delete WMPNetworkSvc

press enter

Exit

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NEXT**

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including the OTC application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

How's the computer?

Share this post


Link to post
Share on other sites

Everything appears to be running fine now. I do THANK you so very much for your help. Couldn't have done it without you. You do a fantastic job of helping us, and it's most appreciated! :tup:

Share this post


Link to post
Share on other sites

Everything appears to be running fine now. I do THANK you so very much for your help. Couldn't have done it without you. You do a fantastic job of helping us, and it's most appreciated! :tup:

 

Ahhhh, thank you! :wub:

 

 

 

GMER Rootkit Scanner

ark.txt

Make sure to remove the above or it's very likely to be picked up by scanners.

 

 

Your good to go.

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-c...-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×