Jump to content


Photo

Infected with trojan - Win32.TDSS.rtk


  • This topic is locked This topic is locked
22 replies to this topic

#1 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 04 July 2009 - 03:10 PM

Each time I booted up my computer, a series of black DOS boxes would flash by (around 25 - 30 of them), but they went so quickly I couldn't read them. Also, every time I clicked on a link when I ran a search on Google, it would take me someplace other than where I was trying to go. Spybot S&D was showing I was infected with a trojan called Win32.TDSS.rtk. It always said it cleaned it, but it kept coming back when I reboot.

I think I finally got rid of the original trojan with Trojan Remover, but now Spybot S&D is telling me I'm infected with Win32.TDSS.reg. The black boxes don't appear to be popping up and I'm going to the right place when I click on a link in Google. However, each time I run Spybot S&D it discovers this same trojan, says it fixes it, but then if I reboot and rerun Spybot it continues to find the same trojan again. Trojan Remover says it doesn't find anything now.

I have and use the most updated versions of the following on a regular basis:

- Norton AV
- AVG
- Ad-Aware
- Spybot S&D
- Malwarebites' Anti-Malware
- A-squared
- CC Cleaner

** After posting the original problem above, I'm now getting new, additional alerts. AVG has popped up and is telling me I have a new trojan horse called BackDoor.Generic11.ZND affecting file C:\System Volume Information\_restore{B170FC5F-C817-4F3F-9697-15491B33945B}\RP586\A0044537.dll on process name C:\WINDOWS\system32\svchost.exe, and Norton AV is saying I have a virus called Packed.Generic.238. Norton says it quarantined the virus, but I got the same alert previously and it said it quarantined it then, so it's really not gone.

I've read the FAQ and here's my HJT log. Could you please help me fix this? Thank you so much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:31 PM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/i...arch/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft...eRegCleaner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

--
End of file - 10699 bytes

Edited by matxny, 04 July 2009 - 10:30 PM.


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 05 July 2009 - 09:00 AM

Hi, and Welcome to SWI

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

I don't recommend the use of Registry Cleaners.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwords that some changes were made, allow this instead of blocking it.
Please don't forget this step to disable teatimer.

You appear to be running AVG, and Norton AntiVirus. It is not recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You need to decide which you want to keep, and completely uninstall the other.

Also close Trojan Remover and Ad-Aware to prevent them from interferring with fixes.

Download ATF Cleaner by Atribune from here http://www.atribune....c...5&Itemid=25 and save it to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

* The purpose of the Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you rarely use, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to start - the second, and subsequent, boots should be quicker.

Please Run Malwarebytes' Anti-Malware.
  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft...eRegCleaner.cab


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Download the latest version of Kaspersky Virus Removal Tool
  • Reboot to Safe mode.
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • After that click on Security level (1) then choose Customize (2) then click on the tab that says Heuristic Analyzer (3) then choose Enable deep rootkit search (4) and then choose OK.
    Posted Image
  • Then choose OK again to go back to the main screen and click the Scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events (it will be too long to post).
Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Please post a new HijackThis log, the log from MBAM, the requested portion (Detected) of the log from the Kaspersky Virus Removal Tool, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 06 July 2009 - 09:38 AM

Hello. Thank you very much for helping me. I've followed all of your instructions and did not encounter any errors. After I did everything I reran AVG and it is now clean. However, I also reran Spybot S&D and it's still telling me I have the Win32.TDSS.reg trojan affecting registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETnkxidwyk.

Here's what I did and the logs you requested (ComboFix log is in next reply as instructed). I also have a few question prompted from going through what you've had me do so far (they are in blue font so they stand out).

- Uninstalled Tweaknow Regcleaner. I will no longer be using the registry cleaner portion of CC Cleaner. Is it ok for me to continue using the regular cleaner portion of CC Cleaner?

- Disabled Spybot's TeaTimer. I'll keep it that way until you tell me we're done.

- Uninstalled Norton AV.

- Downloaded & ran ATF Cleaner. Is this a program I should run regularly as part of my normal cleaning process?

- Updated and ran Malwarebytes' Anti-Malware. It said "no malicious items were detected". The report is below.

- Ran HJT and deleted the two entries you indicated.

- Downloaded, installed, and ran Kaspersky Virus Remover Tool. It did not report finding anything so there was nothing to delete/disinfect/neutralize. The first part of the report is below.

- Downloaded and ran ComboFix. Log is in next reply per your instructions.

- After everything else was done I ran HJT. A new log is below.

I currently only have the firewall that comes with Windows XP. I see several firewall applications in your posting. Can I use one of them along with what I already have on Windows or will that create a problem like it did when I had both Norton AV and AVG running? If it is a problem, what do you suggest?

When we're done, can I uninstall ComboFix? It doesn't seem to be something I would want to run on my own.


New HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:02 AM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 9536 bytes


MBAM Log

Malwarebytes' Anti-Malware 1.38
Database version: 2378
Windows 5.1.2600 Service Pack 3

7/6/2009 2:03:59 AM
mbam-log-2009-07-06 (02-03-59).txt

Scan type: Quick Scan
Objects scanned: 84784
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kapersky Virus Removal Tool log (Detected portion)

Scan
----
Scanned: 889083
Detected: 0
Untreated: 0
Start time: 7/6/2009 2:26:33 AM
Duration: 06:32:48
Finish time: 7/6/2009 8:59:21 AM


Detected
--------
Status Object
------ ------

Edited by matxny, 06 July 2009 - 03:41 PM.


#4 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 06 July 2009 - 09:39 AM

ComboFix log

ComboFix 09-07-05.04 - Administrator 07/06/2009 9:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.405 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\popcorn Terms.html
c:\windows\system32\mdm.exe
c:\windows\system32\QTWMCI32.DLL
c:\windows\system32\sys_dll.dll
c:\windows\system32\twain.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 05:48 . 2009-06-22 21:05 3015544 ----a-w- c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\eyi17D.exe
2009-07-04 19:54 . 2009-07-06 06:08 -------- d-----w- c:\program files\Hijack This
2009-07-04 19:34 . 2009-06-22 21:05 3015544 ----a-w- c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\eij95.exe
2009-07-04 19:21 . 2009-07-04 19:21 -------- d-----w- c:\program files\Trojan Remover
2009-07-03 22:54 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-03 22:54 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-03 22:54 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-03 22:54 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-03 22:54 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-03 22:54 . 2009-07-03 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-26 03:33 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 03:33 . 2009-06-26 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 03:33 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 03:27 . 2009-06-26 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-26 03:27 . 2009-06-26 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 21:19 . 2009-06-25 21:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-21 03:23 . 2009-06-30 03:31 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-21 03:23 . 2009-06-30 03:31 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-21 03:23 . 2009-06-30 03:31 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-21 03:23 . 2009-06-30 03:30 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-21 03:23 . 2009-06-30 03:30 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-21 03:23 . 2009-06-30 03:30 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-21 03:22 . 2009-06-30 03:29 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-21 03:22 . 2009-07-03 15:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-21 03:22 . 2009-06-30 03:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-21 03:22 . 2009-06-30 03:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-21 03:22 . 2009-06-30 03:26 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-21 03:22 . 2009-06-30 03:25 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-21 03:22 . 2009-06-30 03:23 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 03:22 . 2009-06-30 03:22 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-15 21:50 . 2009-06-15 21:50 -------- d-----w- c:\program files\D4
2009-06-15 20:37 . 2009-06-15 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-15 20:37 . 2009-06-15 20:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-06-15 20:36 . 2009-06-15 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-06-15 20:36 . 2009-06-15 20:36 -------- d-----w- c:\program files\IObit
2009-06-15 19:41 . 2009-07-06 05:35 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-06-15 19:41 . 2009-07-06 05:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow RegCleaner
2009-06-15 16:33 . 2009-06-15 16:33 -------- d-----w- c:\program files\File Shredder
2009-06-12 13:07 . 2009-06-12 13:07 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 20:44 . 2009-06-15 16:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eraser
2009-06-06 20:20 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-06 20:17 . 2009-06-06 20:19 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 05:48 . 2007-01-22 06:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\program files\Symantec
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-06 05:36 . 2006-06-01 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 03:40 . 2007-01-19 08:42 -------- d-----w- c:\program files\a-squared Free
2009-07-03 22:54 . 2007-01-22 06:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-06-30 03:30 . 2009-05-26 21:43 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-30 03:29 . 2009-05-26 21:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-30 03:29 . 2009-05-26 21:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-28 10:10 . 2008-06-18 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-26 03:41 . 2008-06-20 13:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 03:41 . 2008-06-20 13:19 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 03:41 . 2008-06-20 13:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-26 02:43 . 2006-11-19 20:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-26 02:42 . 2006-11-19 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-15 20:53 . 2006-06-28 19:00 -------- d-----w- c:\program files\HyperSnap-DX 4
2009-06-15 20:51 . 2006-08-01 00:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICAClient
2009-06-15 20:51 . 2008-08-06 19:13 -------- d-----w- c:\program files\Britannica 7.0
2009-06-15 20:36 . 2007-03-09 00:34 -------- d-----w- c:\program files\Yahoo!
2009-06-12 13:09 . 2006-07-29 06:20 -------- d-----w- c:\program files\Java
2009-06-09 18:39 . 2006-09-07 02:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-06-09 18:39 . 2006-09-07 02:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 21:58 . 2009-05-26 21:58 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-26 21:43 . 2009-05-28 00:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 21:43 . 2009-05-26 21:43 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 15:33 . 2008-12-16 21:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 12:20 . 2008-06-20 13:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 17:47 . 2009-04-29 17:47 34062 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-29 17:47 . 2009-04-29 17:47 1047072 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-04-26 03:23 . 2009-04-26 03:23 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-26 03:23 . 2009-01-25 04:22 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-18 12:37 . 2008-06-25 23:21 688 ----a-w- c:\windows\EReg077.dat
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
1998-12-09 10:53 . 1998-12-09 10:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 10:53 . 1998-12-09 10:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 10:53 . 1998-12-09 10:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

------- Sigcheck -------

[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\user32.dll

[7] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\ws2_32.dll

[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB916281_0$\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\ie7\wininet.dll
[7] 2006-11-08 02:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2007-01-12 14:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[7] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie8\wininet.dll
[7] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe

[7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll

[7] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll

[7] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll

[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-20 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Dimension4"="c:\program files\D4\D4.exe" [2004-02-04 200704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2006-9-23 189952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-24 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 03:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\D4\\D4.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/25/2009 12:22 AM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2008 9:19 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2008 9:19 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 12:21 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 12:21 AM 298776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
S3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [5/25/2006 1:11 PM 164586]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:26]

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwca.ops.placeware.com/etc/place/CHARLIE/CHApws-a1/5.1.8.511/lib/quicksilver.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 09:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,f5,e5,09,21,9d,3d,46,87,eb,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,f5,e5,09,21,9d,3d,46,87,eb,95,\

[HKEY_USERS\S-1-5-21-2025429265-343818398-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A84510B-716D-6F91-F3DC-418E085F1838}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaeiabbcckihjcfgkceecpijpgkecg"=hex:6a,61,62,6e,63,6a,6d,66,6b,6b,6a,6f,6a,6c,
61,65,67,62,65,70,00,fb
"nakjkacmappjconibgbcgppheedd"=hex:6a,61,62,6e,63,6a,6d,66,6b,6b,6a,6f,6a,6c,
61,65,67,62,65,70,00,00
"abilileoelkghcmibnikocoajgieodfiea"=hex:64,62,62,69,69,67,64,68,6d,6a,67,61,
6f,69,6b,65,6c,67,6e,66,63,66,67,68,6a,62,6d,66,65,67,69,66,6e,69,64,64,6c,\
"mabllllapkhjljhlbdibmkljkm"=hex:6f,61,6b,6a,64,6c,6f,70,62,6f,63,61,6d,66,66,
6f,68,6f,67,6f,66,66,69,68,68,6d,69,63,66,6f,00,66
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-07-06 9:56
ComboFix-quarantined-files.txt 2009-07-06 13:56

Pre-Run: 23,647,813,632 bytes free
Post-Run: 23,638,495,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

388 --- E O F --- 2009-06-11 07:06

#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 06 July 2009 - 08:12 PM

This part is ok, any of the options shown are safe (the graphic is older, it may have changed):

Posted Image

It's only the registry cleaner portion that can cause problems if you aren't sure what you are actually deleting with it.

Downloaded & ran ATF Cleaner. Is this a program I should run regularly as part of my normal cleaning process?

It does essentially the same thing that CCleaner does, you won't need to keep both. I think ATF Cleaner is safer though as it doesn't have the registry cleaner capability.

I currently only have the firewall that comes with Windows XP. I see several firewall applications in your posting. Can I use one of them along with what I already have on Windows or will that create a problem like it did when I had both Norton AV and AVG running? If it is a problem, what do you suggest?

I would recommend installing a software firewall. They will be more capable than the Windows firewall which doesn't check outgoing data (the Windows firewall won't stop a trojan from communicating and sending your personal data somewhere; a properly configured rules based software firewall would stop and ask you what to do about a non-approved file attempting to access the Internet). Most any software firewall you install will automatically turn off the Windows firewall. Just don't turn it back on as you don't want two firewalls running. Two excellent free firewalls are Outpost Firewall Free or Online Armor Free. Either one would be a good choice. There is a tutorial on understanding firewalls at http://www.bleepingc...tutorial60.html and a tutorial for Outpost Free at http://www.outpostfi...9658#post179658

When we're done, can I uninstall ComboFix? It doesn't seem to be something I would want to run on my own.

You shouldn't run it on your own, it's designed by it's author to only be used under the direction of a trained Helper. We will uninstall it when we are finished with it.

I also reran Spybot S&D and it's still telling me I have the Win32.TDSS.reg trojan affecting registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETnkxidwyk.


With TeaTimer still turned off:
Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Spybot - Search & Destroy

Restart your system.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Using Windows Explorer, delete the following folders if found:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Program Files\Spybot - Search & Destroy

Download and install Spybot Search & Destroy:
http://www.safer-net...load/index.html
  • Accept the Default Settings when installing.
  • In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
  • Close ALL windows except Spybot S&D
  • Click the button to ‘Search for Updates’ and then download and install all available Updates.
Close Spybot Search & Destroy

Run Spybot Search & Destroy
  • click the button ‘Check for Problems’
  • When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window.
  • Make certain there is a check mark beside all of the RED entries ONLY.
  • Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
Exit Spybot Search & Destroy.

Do you still get This warning:

Win32.TDSS.reg trojan affecting registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETnkxidwyk.


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Please post a new HijackThis log, the log from ESET's online scanner, and let me know if you still have the warning from Spybot Search & Destroy on Win32.TDSS.reg trojan.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 07 July 2009 - 01:41 AM

Thank you for all the info regarding my earlier questions. It was very helpful.

I downloaded and installed Outpost Firewall Free and, as you explained, it turned off the Windows firewall during the setup process.

I followed your instructions to completely delete, download, install, update, and run Spybot S&D. When I went to uninstall the program from the Control Panel, I found the Add/Remove Programs listed both the current version of Spybot S&D as well as an older version (v1.4). I went ahead and uninstalled both and then manually deleted the folders you indicated. It is still finding the Win32.TDSS.reg trojan affecting the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETnkxidwyk registry key.

I ran the scan with the EST Online Scanner. It said it didn't find anything. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=3dd09191b61f2c4cb23d36e6784d666f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-07 06:18:11
# local_time=2009-07-07 02:18:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 66 100 9598165372500
# compatibility_mode=6914 61 60 57 30232397500
# scanned=63425
# found=0
# cleaned=0
# scan_time=1795


Finally, after all of the above I reran HJT. Here is a the newest log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:39 AM, on 7/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 10134 bytes

#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 07 July 2009 - 04:34 AM

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
These reports are long; please post the contents of both logs, each in it's own reply so nothing is cut off by the maximum post length.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 07 July 2009 - 08:18 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-07 09:15:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (58%) free of 38 GB
Total RAM: 766 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:13 AM, on 7/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Hijack This\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 10080 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-10 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"CamMonitor"=C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-20 185896]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-25 1948440]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Dimension4"=C:\Program Files\D4\D4.exe [2004-02-04 200704]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-28 2374464]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall\feedback.exe [2009-04-28 428032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - C:\Program Files\CreataCard\Plus\FMRemind.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-25 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2002-08-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\D4\D4.exe"="C:\Program Files\D4\D4.exe:*:Enabled:Dimension 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-07-07 09:15:37 ----D---- C:\rsit
2009-07-07 01:25:03 ----D---- C:\Program Files\ESET
2009-07-07 00:42:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-07 00:42:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 22:57:31 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum
2009-07-06 09:58:06 ----SHD---- C:\RECYCLER
2009-07-06 09:48:06 ----A---- C:\Boot.bak
2009-07-06 09:47:58 ----RASHD---- C:\cmdcons
2009-07-06 09:45:57 ----A---- C:\WINDOWS\zip.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\SWSC.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\SWREG.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\sed.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\PEV.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-06 09:45:57 ----A---- C:\WINDOWS\grep.exe
2009-07-06 09:45:50 ----D---- C:\WINDOWS\ERDNT
2009-07-06 09:45:46 ----D---- C:\Qoobox
2009-07-06 02:21:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-04 15:54:29 ----D---- C:\Program Files\Hijack This
2009-07-04 15:21:41 ----D---- C:\Program Files\Trojan Remover
2009-07-03 19:35:38 ----A---- C:\Documents and Settings\Administrator\Application Data\install.txt
2009-07-03 18:54:40 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-07-03 18:54:40 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-07-03 18:54:40 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-07-03 18:54:40 ----A---- C:\WINDOWS\system32\unrar3.dll
2009-07-03 18:54:40 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-07-03 18:54:36 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-06-25 23:33:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-25 23:27:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-06-25 23:27:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-15 17:50:08 ----D---- C:\Program Files\D4
2009-06-15 16:37:06 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-06-15 16:37:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2009-06-15 16:36:28 ----D---- C:\Program Files\IObit
2009-06-15 16:36:28 ----D---- C:\Documents and Settings\Administrator\Application Data\IObit
2009-06-15 15:41:20 ----D---- C:\Program Files\TweakNow RegCleaner
2009-06-15 15:41:20 ----D---- C:\Documents and Settings\Administrator\Application Data\TweakNow RegCleaner
2009-06-15 12:33:31 ----D---- C:\Program Files\File Shredder
2009-06-12 09:09:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-12 09:09:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-12 09:09:10 ----A---- C:\WINDOWS\system32\java.exe
2009-06-11 03:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-07 09:15:17 ----D---- C:\WINDOWS\Prefetch
2009-07-07 08:30:04 ----D---- C:\WINDOWS\Temp
2009-07-07 04:09:08 ----HD---- C:\$AVG8.VAULT$
2009-07-07 02:21:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 01:25:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-07 01:25:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 01:25:03 ----AD---- C:\Program Files
2009-07-07 00:27:04 ----D---- C:\WINDOWS\system32\config
2009-07-07 00:12:18 ----D---- C:\WINDOWS
2009-07-06 23:03:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-06 23:03:28 ----HD---- C:\WINDOWS\inf
2009-07-06 23:01:48 ----D---- C:\WINDOWS\WinSxS
2009-07-06 23:01:44 ----SHD---- C:\WINDOWS\Installer
2009-07-06 23:01:21 ----D---- C:\Program Files\Agnitum
2009-07-06 09:57:00 ----D---- C:\WINDOWS\system32
2009-07-06 09:53:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-06 09:52:21 ----A---- C:\WINDOWS\system.ini
2009-07-06 09:51:07 ----D---- C:\WINDOWS\AppPatch
2009-07-06 09:51:04 ----D---- C:\Program Files\Common Files
2009-07-06 09:48:06 ----RASH---- C:\boot.ini
2009-07-06 01:48:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-06 01:47:21 ----D---- C:\Program Files\Symantec
2009-07-06 01:47:20 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-06 01:47:00 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-06 01:46:54 ----D---- C:\WINDOWS\system32\CBA
2009-07-04 23:40:45 ----D---- C:\Program Files\a-squared Free
2009-07-03 22:55:26 ----A---- C:\WINDOWS\WININIT.INI
2009-07-03 18:54:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2009-07-03 17:37:42 ----SHD---- C:\WINDOWS\CSC
2009-07-01 22:05:26 ----D---- C:\WINDOWS\network diagnostic
2009-06-28 06:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-25 23:41:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-25 22:43:06 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-25 22:42:53 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-15 16:53:59 ----D---- C:\Program Files\HyperSnap-DX 4
2009-06-15 16:53:19 ----D---- C:\WINDOWS\security
2009-06-15 16:53:19 ----D---- C:\WINDOWS\repair
2009-06-15 16:51:43 ----D---- C:\WINDOWS\system32\MsDtc
2009-06-15 16:51:43 ----D---- C:\Documents and Settings\Administrator\Application Data\ICAClient
2009-06-15 16:51:42 ----D---- C:\Program Files\Britannica 7.0
2009-06-15 16:51:42 ----D---- C:\MT456
2009-06-15 16:51:42 ----D---- C:\MT123
2009-06-15 16:51:41 ----D---- C:\WINDOWS\Help
2009-06-15 16:36:49 ----D---- C:\Program Files\Yahoo!
2009-06-15 16:18:55 ----D---- C:\Program Files\Windows Media Player
2009-06-15 16:18:53 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-15 14:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-06-14 21:17:18 ----D---- C:\WINDOWS\Debug
2009-06-13 21:39:22 ----D---- C:\My Downloads
2009-06-12 09:09:05 ----D---- C:\Program Files\Java
2009-06-11 03:06:31 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:06:20 ----D---- C:\WINDOWS\ie8updates
2009-06-11 03:06:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-09 14:39:30 ----D---- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2009-06-09 14:39:27 ----D---- C:\Program Files\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-25 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-25 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-10 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS []
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-02-10 257432]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000nt5.sys [2002-07-15 89104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-22 807998]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver; C:\WINDOWS\system32\DRIVERS\mdgndis5.sys [2001-08-17 164586]
S3 SABProcEnum;SABProcEnum; C:\WINDOWS\system32\drivers\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-03 718880]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-25 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-25 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------

#9 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 07 July 2009 - 08:19 AM

info.txt logfile of random's system information tool 1.06 2009-07-07 09:16:18

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arthur's Reading Race-->C:\WINDOWS\uninst.exe -fC:\Lvg_Bks\DeIsL1.isu
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bicycle Casino-->"C:\Program Files\Microsoft Games\Bicycle Casino\UNINSTAL.EXE" /runtemp /addremove
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CreataCard Plus 3-->C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Plus\DeIsL1.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dimension 4 v5.0-->MsiExec.exe /I{935FF092-EEBA-4E97-8C1B-CD2364F392A4}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FastStone Image Viewer 2.8-->C:\Program Files\FastStone Image Viewer\uninst.exe
File Shredder 2.0-->"C:\Program Files\File Shredder\unins000.exe"
Grammar-->C:\PROGRA~1\SUPERS~1\Grammar\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Grammar\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Hijack This\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{ABCD836B-C6F6-4B4F-B21A-CD2B2A378682}
HyperSnap-DX 4-->C:\PROGRA~1\HYPERS~1\UNWISE.EXE C:\PROGRA~1\HYPERS~1\INSTALL.LOG
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Trek 1, 2, 3-->C:\MT123\UNWISE.EXE C:\MT123\INSTALL.LOG
Math Trek 4, 5, 6-->C:\MT456\UNWISE.EXE C:\MT456\INSTALL.LOG
Micrografx Photo Magic-->C:\WINDOWS\MGXCLEAN.EXE MAGIC.APP
Micrografx Windows Draw 5-->C:\WINDOWS\MGXCLEAN.EXE DRAW5.APP FONTS.APP
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Live Meeting-->C:\Program Files\Microsoft Office\Live Meeting\Quicksilver\quicksilver.exe -UALL
Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mighty Math Number Heroes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{60859BF2-5151-473C-8F76-7F3A232CF7E7}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Oregon Trail 5-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Oregon Trail 5\Uninstall.xml"
Outpost Firewall 2009-->"C:\Program Files\Agnitum\Outpost Firewall\unins000.exe"
Phonics-->C:\PROGRA~1\SUPERS~1\Phonics\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Phonics\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Reader Rabbit's 1st Grade-->C:\WINDOWS\uninst.exe -f"c:\program files\microsoft games\elmo\uninstal\DeIsL1.isu"
Reading-->C:\PROGRA~1\SUPERS~1\Reading\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Reading\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2-->"C:\Program Files\Registry Mechanic\unins000.exe"
Repair Tool for Outlook Express v.1.6.1-->"C:\Program Files\Repair Tool for OE\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Science Trek 4, 5, 6-->C:\Strek456\UNWISE.EXE C:\Strek456\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sesame Street Elmo's Preschool-->c:\program files\microsoft games\ELMO\CWRUN.EXE ElmosPreschool UninstallExe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spanish with Phonics-->C:\PROGRA~1\SUPERS~1\Spanish\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Spanish\INSTALL.LOG
Spelling-->C:\PROGRA~1\SUPERS~1\Spelling\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Spelling\INSTALL.LOG
SpongeBob SquarePants Typing-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\SpongeBob SquarePants Typing\Uninstall.xml"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Student Edition-->"C:\Program Files\Britannica 7.0\Student Edition\UninstallerData\Uninstall Student Edition.exe"
The ClueFinders' 4th Grade Adventures-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\CFndr4th\Uninst\DeIsL2.isu
Third Grade Adventures-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\3RDADV\Uninst\DeIsL1.isu
Treasures of Knowledge-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Treasures of Knowledge\Uninstall.xml"
Trojan Remover 6.7.9-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vocabulary-->C:\PROGRA~1\SUPERS~1\VOCABU~1\UNWISE.EXE C:\PROGRA~1\SUPERS~1\VOCABU~1\INSTALL.LOG
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Writing-->C:\PROGRA~1\SUPERS~1\Writing\UNWISE.EXE C:\PROGRA~1\SUPERS~1\Writing\INSTALL.LOG
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoombinis Logical Journey™-->C:\Program Files\The Learning Company\Zoombinis Logical Journey™\uninstall.exe

=====HijackThis Backups=====

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft...eRegCleaner.cab [2009-07-06]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/...arconfigchanged [2009-07-06]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: Outpost Firewall

======System event log======

Computer Name: FLOOD1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0008742E1488. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 32889
Source Name: Dhcp
Time Written: 20090410014526.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 32884
Source Name: W32Time
Time Written: 20090407051911.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0008742E1488. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 32856
Source Name: Dhcp
Time Written: 20090406153934.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 32851
Source Name: W32Time
Time Written: 20090406143028.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0008742E1488. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 32827
Source Name: Dhcp
Time Written: 20090406005100.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: FLOOD1
Event Code: 6
Message:
Record Number: 9780
Source Name: Norton AntiVirus
Time Written: 20090606182248.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 6
Message:
Record Number: 9779
Source Name: Norton AntiVirus
Time Written: 20090606182247.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 6
Message:
Record Number: 9778
Source Name: Norton AntiVirus
Time Written: 20090606182247.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 6
Message:
Record Number: 9777
Source Name: Norton AntiVirus
Time Written: 20090606182247.000000-240
Event Type: warning
User:

Computer Name: FLOOD1
Event Code: 6
Message:
Record Number: 9776
Source Name: Norton AntiVirus
Time Written: 20090606182246.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#10 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 08 July 2009 - 06:59 AM

I got an email last night that you had posted a new reply just before the site locked up. I could see that you had posted something, but it wouldn't open when I clicked on the link. Once the board was fixed, your response was gone. Could you please repost it? Thank you.

#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 08 July 2009 - 07:59 PM

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


That's all but the current version. Older versions did not used to be uninstalled automatically when the program was updated. That happens automatically now.

I recommend uninstalling Adobe Reader 7.0.9 and going to http://www.adobe.com and downloading and installing the current version to take advantage of security fixes for vulnerabilities that are currently being exploited.

I see you have Viewpoint installed...
Viewpoint Manager is considered to be foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change though, please read this article:
http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint Media Player
Reboot afterwards. <-- Important!

If you chose to uninstall Viewpoint, after rebooting, using Windows Explorer delete the following folder if still there:
C:\Program Files\Viewpoint

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

Save the file to your Desktop.

Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

Driver::
SKYNETnkxidwyk

File::
C:\WINDOWS\system32\drivers\SKYNETnkxidwyk.sys

DirLook::
C:\WINDOWS\system32\drivers

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

Please post a new HijackThis log, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered. When you post the log from ComboFix, please check that nothing is cut off by the maximum post length. If it is, please see where it cut off, and post only the remainder in a third reply.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 09 July 2009 - 12:10 AM

- I deleted all of the older version of Java and in the Add/Remove Programs list I only see JavaTM 6 Update 14 remaining, which I think is the most current version.

- I uninstalled Adobe Reader 7.0.9 and downloaded and installed version 9.1.2.

- I uninstalled Viewport Media Player, rebooted, and checked but the indicated folder was not there.

- I deleted ComboFix.exe, downloaded it again, and followed your instructions to create the CFScript.txt file and then, after closing my A/V and all anti-sypware programs, I dragged the text file to the ComboFix.exe icon as indicated. I don't know if it matters or if it shows in the report or not, but while it was running, after the scan for infected files but before it started Stage 1, it showed a message that said "SED: can't read Drive.folder.dat: No such file or directory". Also, when it was done the text file you had me create was gone. I'm just letting you know in case that wasn't supposed to happen. The ComboFix log is in the next post.

- When all that was done, I ran HJT. The newest log is below.

- Finally, after all of this I ran Spybot S&D since that's the program that's been finding this trojan. It reported NOTHING was found. I'm hoping that means we've finally gotten everything clean, but I'll believe it when/if you tell me.

Here's the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:42 AM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 10073 bytes

#13 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 09 July 2009 - 12:11 AM

ComboFix log:

ComboFix 09-07-08.04 - Administrator 07/09/2009 0:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.359 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

FILE ::
"c:\windows\system32\drivers\SKYNETnkxidwyk.sys"
.

((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 01:36 . 2009-07-09 01:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 01:33 . 2009-07-09 01:33 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-09 01:31 . 2009-07-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-09 01:31 . 2009-07-09 02:27 -------- d-----w- c:\program files\NOS
2009-07-07 13:15 . 2009-07-07 13:22 -------- d-----w- C:\rsit
2009-07-07 05:25 . 2009-07-07 05:25 -------- d-----w- c:\program files\ESET
2009-07-07 04:42 . 2009-07-07 04:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 04:42 . 2009-07-07 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 03:03 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-07-07 03:03 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-07-07 03:01 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-07-07 02:57 . 2009-07-07 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-07-04 19:54 . 2009-07-07 13:21 -------- d-----w- c:\program files\Hijack This
2009-07-04 19:21 . 2009-07-04 19:21 -------- d-----w- c:\program files\Trojan Remover
2009-07-03 22:54 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-03 22:54 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-03 22:54 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-03 22:54 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-03 22:54 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-03 22:54 . 2009-07-03 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-26 03:33 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 03:33 . 2009-06-26 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 03:33 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 03:27 . 2009-06-26 03:27 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Malwarebytes
2009-06-26 03:27 . 2009-06-26 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 21:19 . 2009-06-25 21:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-21 03:23 . 2009-06-30 03:31 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-21 03:23 . 2009-07-07 03:23 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-21 03:23 . 2009-06-30 03:31 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-21 03:23 . 2009-06-30 03:30 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-21 03:23 . 2009-06-30 03:30 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-21 03:23 . 2009-07-07 03:23 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-21 03:22 . 2009-06-30 03:29 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-21 03:22 . 2009-07-03 15:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-21 03:22 . 2009-06-30 03:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-21 03:22 . 2009-06-30 03:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-21 03:22 . 2009-07-07 03:23 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-21 03:22 . 2009-06-30 03:25 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-21 03:22 . 2009-06-30 03:23 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 03:22 . 2009-06-30 03:22 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-15 21:50 . 2009-06-15 21:50 -------- d-----w- c:\program files\D4
2009-06-15 20:36 . 2009-06-15 21:14 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\IObit
2009-06-15 20:36 . 2009-06-15 20:36 -------- d-----w- c:\program files\IObit
2009-06-15 16:33 . 2009-06-15 16:33 -------- d-----w- c:\program files\File Shredder
2009-06-11 20:44 . 2009-06-15 16:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eraser
2009-06-10 20:18 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 20:18 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 01:40 . 2006-09-07 02:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-09 01:17 . 2006-07-29 06:20 -------- d-----w- c:\program files\Java
2009-07-07 03:01 . 2007-01-21 09:49 -------- d-----w- c:\program files\Agnitum
2009-07-06 05:48 . 2007-01-22 06:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\program files\Symantec
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-06 05:47 . 2006-06-28 18:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-05 03:40 . 2007-01-19 08:42 -------- d-----w- c:\program files\a-squared Free
2009-07-03 22:54 . 2007-01-22 06:17 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Simply Super Software
2009-06-30 03:30 . 2009-05-26 21:43 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-30 03:29 . 2009-05-26 21:43 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-30 03:29 . 2009-05-26 21:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-28 10:10 . 2008-06-18 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-26 03:41 . 2008-06-20 13:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 03:41 . 2008-06-20 13:19 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 03:41 . 2008-06-20 13:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-15 20:53 . 2006-06-28 19:00 -------- d-----w- c:\program files\HyperSnap-DX 4
2009-06-15 20:51 . 2006-08-01 00:25 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\ICAClient
2009-06-15 20:51 . 2008-08-06 19:13 -------- d-----w- c:\program files\Britannica 7.0
2009-06-09 18:39 . 2006-09-07 02:50 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\AdobeUM
2009-05-26 21:43 . 2009-05-28 00:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 21:43 . 2009-05-26 21:43 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-21 15:33 . 2008-12-16 21:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 12:20 . 2008-06-20 13:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-26 03:23 . 2009-04-26 03:23 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-26 03:23 . 2009-01-25 04:22 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-18 12:37 . 2008-06-25 23:21 688 ----a-w- c:\windows\EReg077.dat
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
1998-12-09 10:53 . 1998-12-09 10:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 10:53 . 1998-12-09 10:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 10:53 . 1998-12-09 10:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 10:53 . 1998-12-09 10:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\drivers ----

2009-07-07 03:03 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-07-07 03:03 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-07-07 03:01 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-26 03:33 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 03:33 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-24 00:33 . 2009-03-26 19:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-25 04:22 . 2009-04-26 03:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-11-18 22:47 . 2004-08-04 12:00 734 ----a-w- c:\windows\system32\drivers\etc\hosts.20081118-174718.backup
2008-08-20 15:09 . 2004-08-04 02:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2008-08-20 15:09 . 2004-08-04 02:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2008-08-20 15:09 . 2004-08-04 02:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2008-08-20 15:09 . 2004-08-04 02:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2008-08-20 15:09 . 2004-08-04 02:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2008-08-20 15:09 . 2004-08-04 02:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2008-08-20 15:09 . 2008-04-13 18:43 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2008-08-20 15:09 . 2008-04-13 18:36 42240 ------w- c:\windows\system32\drivers\viaagp.sys
2008-08-20 15:09 . 2008-04-14 00:12 11325 ------w- c:\windows\system32\drivers\vchnt5.dll
2008-08-20 15:09 . 2008-04-13 18:46 121984 ------w- c:\windows\system32\drivers\usbvideo.sys
2008-08-20 15:09 . 2008-04-13 18:56 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2008-08-20 15:09 . 2008-04-13 18:36 44672 ------w- c:\windows\system32\drivers\uagp35.sys
2008-08-20 15:09 . 2008-04-13 18:36 5888 ------w- c:\windows\system32\drivers\smbali.sys
2008-08-20 15:09 . 2004-08-04 02:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2008-08-20 15:09 . 2004-08-04 02:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2008-08-20 15:09 . 2004-08-04 02:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2008-08-20 15:09 . 2004-08-04 02:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2008-08-20 15:09 . 2008-04-13 18:36 40960 ------w- c:\windows\system32\drivers\sisagp.sys
2008-08-20 15:09 . 2008-04-14 00:12 3901 ------w- c:\windows\system32\drivers\siint5.dll
2008-08-20 15:09 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2008-08-20 15:08 . 2004-08-04 02:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2008-08-20 15:08 . 2008-04-13 18:56 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2008-08-20 15:08 . 2008-04-13 18:46 59136 ------w- c:\windows\system32\drivers\rfcomm.sys
2008-08-20 15:08 . 2004-08-04 02:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2008-08-20 15:08 . 2004-08-04 02:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2008-08-20 15:08 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2008-08-20 15:08 . 2004-07-17 15:35 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2008-08-20 15:08 . 2008-04-13 18:43 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2008-08-20 15:08 . 2004-08-04 02:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2008-08-20 15:08 . 2004-08-04 02:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2008-08-20 15:08 . 2004-08-04 02:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2008-08-20 15:07 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2008-08-20 15:05 . 2008-04-13 18:45 46592 ------w- c:\windows\system32\drivers\irbus.sys
2008-08-20 15:05 . 2004-08-04 02:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2008-08-20 15:05 . 2004-08-04 02:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2008-08-20 15:05 . 2004-08-04 02:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2008-08-20 15:05 . 2008-04-13 18:45 19200 ------w- c:\windows\system32\drivers\hidir.sys
2008-08-20 15:05 . 2008-04-13 18:46 25600 ------w- c:\windows\system32\drivers\hidbth.sys
2008-08-20 15:05 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2008-08-20 15:05 . 2008-04-13 18:36 46464 ------w- c:\windows\system32\drivers\gagp30kx.sys
2008-08-20 15:04 . 2004-07-18 02:55 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2008-08-20 15:04 . 2008-04-14 00:11 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2008-08-20 15:04 . 2008-04-13 18:46 18944 ------w- c:\windows\system32\drivers\bthusb.sys
2008-08-20 15:04 . 2008-04-13 18:46 36480 ------w- c:\windows\system32\drivers\bthprint.sys
2008-08-20 15:04 . 2008-04-13 18:51 101120 ------w- c:\windows\system32\drivers\bthpan.sys
2008-08-20 15:04 . 2008-04-13 18:46 37888 ------w- c:\windows\system32\drivers\bthmodem.sys
2008-08-20 15:04 . 2008-04-13 18:46 17024 ------w- c:\windows\system32\drivers\bthenum.sys
2008-08-20 15:04 . 2008-04-14 00:11 17279 ------w- c:\windows\system32\drivers\atv10nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 14143 ------w- c:\windows\system32\drivers\atv06nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 25471 ------w- c:\windows\system32\drivers\atv04nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 11359 ------w- c:\windows\system32\drivers\atv02nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 21183 ------w- c:\windows\system32\drivers\atv01nt5.dll
2008-08-20 15:04 . 2004-07-17 15:36 64352 ------w- c:\windows\system32\drivers\ativmc20.cod
2008-08-20 15:04 . 2004-08-04 02:29 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 13824 ------w- c:\windows\system32\drivers\atinttxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 52224 ------w- c:\windows\system32\drivers\atinraxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 14336 ------w- c:\windows\system32\drivers\atinpdxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 13824 ------w- c:\windows\system32\drivers\atinmdxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 57856 ------w- c:\windows\system32\drivers\atinbtxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2008-08-20 15:04 . 2004-08-04 02:29 327040 ------w- c:\windows\system32\drivers\ati2mtaa.sys
2008-08-20 15:04 . 2004-08-04 02:29 34735 ------w- c:\windows\system32\drivers\ati1xsxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 29455 ------w- c:\windows\system32\drivers\ati1xbxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 21343 ------w- c:\windows\system32\drivers\ati1ttxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 26367 ------w- c:\windows\system32\drivers\ati1snxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 63663 ------w- c:\windows\system32\drivers\ati1rvxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 30671 ------w- c:\windows\system32\drivers\ati1raxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 12047 ------w- c:\windows\system32\drivers\ati1pdxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys
2008-08-20 15:04 . 2004-08-04 02:29 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys
2008-08-20 15:04 . 2008-04-13 18:36 43008 ------w- c:\windows\system32\drivers\amdagp.sys
2008-08-20 15:04 . 2008-04-13 18:36 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2008-08-20 15:04 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2008-08-20 15:04 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2008-08-20 15:04 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2008-08-20 15:04 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2008-06-20 13:21 . 2009-07-08 13:03 16302 ----a-w- c:\windows\system32\drivers\Avg\microavi.avg
2008-06-20 13:21 . 2009-07-08 13:03 463779 ----a-w- c:\windows\system32\drivers\Avg\miniavi.avg
2008-06-20 13:19 . 2009-05-10 12:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2008-06-20 13:19 . 2009-06-26 03:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-06-20 13:19 . 2009-06-26 03:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2008-06-20 13:19 . 2009-07-08 13:03 37904461 ----a-w- c:\windows\system32\drivers\Avg\incavi.avm
2008-06-20 13:19 . 2009-07-08 13:03 6061540 ----a-w- c:\windows\system32\drivers\Avg\avi7.avg
2008-06-11 20:53 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2007-09-19 03:03 . 2007-09-19 03:03 0 ---ha-w- c:\windows\system32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
2006-12-19 06:11 . 2006-12-19 06:11 0 ---ha-w- c:\windows\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
2006-10-19 02:47 . 2006-10-19 02:47 671232 ------w- c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
2006-09-29 00:00 . 2006-09-29 00:00 82944 ------w- c:\windows\system32\drivers\WudfRd.sys
2006-09-28 23:55 . 2006-09-28 23:55 77568 ------w- c:\windows\system32\drivers\WudfPf.sys
2006-09-23 22:02 . 2004-10-08 01:16 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2006-09-23 21:50 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2006-06-15 13:32 . 2002-07-15 19:15 89104 ----a-w- c:\windows\system32\drivers\e1000nt5.sys
2006-05-26 15:12 . 2005-06-22 04:12 807998 ----a-w- c:\windows\system32\drivers\ialmnt5.sys
2006-05-26 15:11 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2006-05-26 15:11 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2006-05-26 15:11 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2006-05-26 15:11 . 2008-04-13 18:45 56576 ------w- c:\windows\system32\drivers\swmidi.sys
2006-05-26 15:11 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2006-05-26 15:11 . 2008-04-13 18:45 172416 ------w- c:\windows\system32\drivers\kmixer.sys
2006-05-26 15:11 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2006-05-26 15:11 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2006-05-26 15:11 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2006-05-26 15:11 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2006-05-26 15:11 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2006-05-26 15:11 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2006-05-26 15:11 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2006-05-26 15:11 . 2002-04-01 17:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2006-05-26 15:11 . 2002-10-28 15:26 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2006-05-26 15:11 . 2002-12-19 21:48 539008 ------w- c:\windows\system32\drivers\smwdm.sys
2006-05-26 15:07 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys
2006-05-26 14:33 . 2001-08-22 12:42 13632 ------w- c:\windows\system32\drivers\omci.sys
2006-05-25 21:18 . 2008-04-13 18:32 129792 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2006-05-25 21:18 . 2008-04-13 18:36 73472 ----a-w- c:\windows\system32\drivers\sr.sys
2006-05-25 21:16 . 2008-04-14 00:13 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2006-05-25 21:16 . 2008-04-14 00:13 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2006-05-25 21:16 . 2008-04-14 00:13 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-05-25 21:15 . 2008-04-13 18:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2006-05-25 21:15 . 2008-04-14 00:13 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2006-05-25 17:12 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2006-05-25 17:11 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2006-05-25 17:11 . 2001-08-17 12:12 164586 ----a-w- c:\windows\system32\drivers\mdgndis5.sys
2006-05-25 17:10 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2006-05-25 17:09 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2005-05-17 22:45 . 2005-05-17 22:45 76288 ----a-w- c:\windows\system32\drivers\nvraid.sys
2005-05-17 22:45 . 2005-05-17 22:45 92800 ----a-w- c:\windows\system32\drivers\NvAtaBus.sys
2005-03-22 01:48 . 2005-03-22 01:48 39904 ----a-w- c:\windows\system32\drivers\cercsr6.sys
2005-02-02 05:21 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2004-09-22 22:46 . 2006-10-19 01:00 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys
2004-08-04 12:00 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2004-08-04 12:00 . 2004-08-04 12:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys
2004-08-04 12:00 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2004-08-04 12:00 . 2008-04-13 18:57 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2004-08-04 12:00 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2004-08-04 12:00 . 2008-04-13 18:51 59904 ----a-w- c:\windows\system32\drivers\atmarpc.sys
2004-08-04 12:00 . 2004-08-04 12:00 31360 ----a-w- c:\windows\system32\drivers\atmepvc.sys
2004-08-04 12:00 . 2008-04-13 18:51 55808 ----a-w- c:\windows\system32\drivers\atmlane.sys
2004-08-04 12:00 . 2004-08-04 12:00 352256 ----a-w- c:\windows\system32\drivers\atmuni.sys
2004-08-04 12:00 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2004-08-04 12:00 . 2008-04-13 18:53 71552 ----a-w- c:\windows\system32\drivers\bridge.sys
2004-08-04 12:00 . 2004-08-04 12:00 13952 ----a-w- c:\windows\system32\drivers\cbidf2k.sys
2004-08-04 12:00 . 2008-04-13 19:14 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2004-08-04 12:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2004-08-04 12:00 . 2008-04-13 19:16 49536 ----a-w- c:\windows\system32\drivers\classpnp.sys
2004-08-04 12:00 . 2008-04-13 18:40 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2004-08-04 12:00 . 2008-04-13 18:40 14208 ----a-w- c:\windows\system32\drivers\diskdump.sys
2004-08-04 12:00 . 2008-04-13 18:44 799744 ----a-w- c:\windows\system32\drivers\dmboot.sys
2004-08-04 12:00 . 2008-04-13 18:44 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2004-08-04 12:00 . 2004-08-04 12:00 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2004-08-04 12:00 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\dxapi.sys
2004-08-04 12:00 . 2008-04-13 18:38 71168 ----a-w- c:\windows\system32\drivers\dxg.sys
2004-08-04 12:00 . 2004-08-04 12:00 3328 ----a-w- c:\windows\system32\drivers\dxgthk.sys
2004-08-04 12:00 . 2008-04-13 19:14 143744 ----a-w- c:\windows\system32\drivers\fastfat.sys
2004-08-04 12:00 . 2008-04-13 18:40 27392 ------w- c:\windows\system32\drivers\fdc.sys
2004-08-04 12:00 . 2008-04-13 18:33 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2004-08-04 12:00 . 2008-04-13 18:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2004-08-04 12:00 . 2004-08-04 12:00 7936 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2004-08-04 12:00 . 2004-08-04 12:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2004-08-04 12:00 . 2004-08-04 12:00 3440660 ----a-w- c:\windows\system32\drivers\gm.dls
2004-08-04 12:00 . 2004-08-04 12:00 646 ----a-w- c:\windows\system32\drivers\gmreadme.txt
2004-08-04 12:00 . 2008-04-13 18:45 36864 ----a-w- c:\windows\system32\drivers\hidclass.sys
2004-08-04 12:00 . 2008-04-13 18:45 24960 ----a-w- c:\windows\system32\drivers\hidparse.sys
2004-08-04 12:00 . 2008-04-13 18:53 264832 ----a-w- c:\windows\system32\drivers\http.sys
2004-08-04 12:00 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2004-08-04 12:00 . 2008-04-13 18:40 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2004-08-04 12:00 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2004-08-04 12:00 . 2008-04-13 18:53 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2004-08-04 12:00 . 2004-08-04 12:00 32896 ----a-w- c:\windows\system32\drivers\ipfltdrv.sys
2004-08-04 12:00 . 2008-04-13 18:57 20864 ----a-w- c:\windows\system32\drivers\ipinip.sys
2004-08-04 12:00 . 2008-04-13 18:57 152832 ----a-w- c:\windows\system32\drivers\ipnat.sys
2004-08-04 12:00 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2004-08-04 12:00 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2004-08-04 12:00 . 2008-04-13 18:39 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2004-08-04 12:00 . 2008-04-13 18:31 92288 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2004-08-04 12:00 . 2004-08-04 12:00 7680 ----a-w- c:\windows\system32\drivers\mcd.sys
2004-08-04 12:00 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\mnmdd.sys
2004-08-04 12:00 . 2008-04-13 18:39 42368 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2004-08-04 12:00 . 2008-04-13 18:39 92544 ----a-w- c:\windows\system32\drivers\mqac.sys
2004-08-04 12:00 . 2008-04-13 18:32 180608 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2004-08-04 12:00 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\drivers\mrxsmb.sys
2004-08-04 12:00 . 2008-04-13 18:32 19072 ----a-w- c:\windows\system32\drivers\msfs.sys
2004-08-04 12:00 . 2008-04-13 18:56 35072 ----a-w- c:\windows\system32\drivers\msgpc.sys
2004-08-04 12:00 . 2008-04-13 19:17 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2004-08-04 12:00 . 2008-04-13 19:20 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2004-08-04 12:00 . 2008-04-13 18:57 10112 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2004-08-04 12:00 . 2008-04-13 19:20 91520 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2004-08-04 12:00 . 2008-04-13 18:57 40576 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2004-08-04 12:00 . 2008-04-13 18:56 34688 ----a-w- c:\windows\system32\drivers\netbios.sys
2004-08-04 12:00 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2004-08-04 12:00 . 2008-04-13 18:53 40320 ----a-w- c:\windows\system32\drivers\nmnt.sys
2004-08-04 12:00 . 2008-04-13 18:32 30848 ----a-w- c:\windows\system32\drivers\npfs.sys
2004-08-04 12:00 . 2008-04-13 19:15 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2004-08-04 12:00 . 2004-08-04 12:00 2944 ----a-w- c:\windows\system32\drivers\null.sys
2004-08-04 12:00 . 2004-08-04 12:00 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys
2004-08-04 12:00 . 2004-08-04 12:00 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys
2004-08-04 12:00 . 2008-04-13 18:56 88320 ----a-w- c:\windows\system32\drivers\nwlnkipx.sys
2004-08-04 12:00 . 2004-08-04 12:00 63232 ----a-w- c:\windows\system32\drivers\nwlnknb.sys
2004-08-04 12:00 . 2004-08-04 12:00 55936 ----a-w- c:\windows\system32\drivers\nwlnkspx.sys
2004-08-04 12:00 . 2008-04-13 18:34 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys
2004-08-04 12:00 . 2004-08-04 12:00 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys
2004-08-04 12:00 . 2008-04-13 18:40 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys
2004-08-04 12:00 . 2004-08-04 12:00 6784 ----a-w- c:\windows\system32\drivers\parvdm.sys
2004-08-04 12:00 . 2008-04-13 18:36 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2004-08-04 12:00 . 2001-08-17 17:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2004-08-04 12:00 . 2008-04-13 18:40 24960 ----a-w- c:\windows\system32\drivers\pciidex.sys
2004-08-04 12:00 . 2008-04-13 18:36 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2004-08-04 12:00 . 2008-04-13 18:56 69120 ----a-w- c:\windows\system32\drivers\psched.sys
2004-08-04 12:00 . 2004-08-04 12:00 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys
2004-08-04 12:00 . 2004-08-04 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2004-08-04 12:00 . 2008-04-13 19:19 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2004-08-04 12:00 . 2008-04-13 18:57 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2004-08-04 12:00 . 2008-04-13 19:19 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2004-08-04 12:00 . 2004-08-04 12:00 16512 ----a-w- c:\windows\system32\drivers\raspti.sys
2004-08-04 12:00 . 2004-08-04 12:00 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys
2004-08-04 12:00 . 2008-04-13 19:28 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys
2004-08-04 12:00 . 2004-08-04 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2004-08-04 12:00 . 2008-05-08 14:02 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2004-08-04 12:00 . 2008-04-13 18:56 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys
2004-08-04 12:00 . 2004-08-04 12:00 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys
2004-08-04 12:00 . 2008-04-13 18:40 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys
2004-08-04 12:00 . 2008-04-13 18:36 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2004-08-04 12:00 . 2007-11-13 10:25 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2004-08-04 12:00 . 2008-04-13 18:40 15744 ----a-w- c:\windows\system32\drivers\serenum.sys
2004-08-04 12:00 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2004-08-04 12:00 . 2008-04-13 18:40 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2004-08-04 12:00 . 2008-04-13 18:40 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2004-08-04 12:00 . 2008-04-13 18:40 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys
2004-08-04 12:00 . 2004-08-04 12:00 14592 ----a-w- c:\windows\system32\drivers\smclib.sys
2004-08-04 12:00 . 2008-12-11 10:57 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2004-08-04 12:00 . 2008-04-13 18:40 14976 ----a-w- c:\windows\system32\drivers\tape.sys
2004-08-04 12:00 . 2008-06-20 11:51 361600 ------w- c:\windows\system32\drivers\tcpip.sys
2004-08-04 12:00 . 2008-06-20 11:08 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-08-04 12:00 . 2008-04-13 19:00 19072 ----a-w- c:\windows\system32\drivers\tdi.sys
2004-08-04 12:00 . 2008-04-13 18:32 66048 ----a-w- c:\windows\system32\drivers\udfs.sys
2004-08-04 12:00 . 2008-04-13 18:39 384768 ----a-w- c:\windows\system32\drivers\update.sys
2004-08-04 12:00 . 2008-04-13 18:56 12800 ----a-w- c:\windows\system32\drivers\usb8023.sys
2004-08-04 12:00 . 2004-08-04 12:00 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2004-08-04 12:00 . 2008-04-13 18:45 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2004-08-04 12:00 . 2008-04-13 18:45 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2004-08-04 12:00 . 2008-04-13 18:45 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2004-08-04 12:00 . 2008-04-13 18:45 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2004-08-04 12:00 . 2008-04-13 18:44 20992 ----a-w- c:\windows\system32\drivers\vga.sys
2004-08-04 12:00 . 2008-04-13 18:44 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys
2004-08-04 12:00 . 2008-04-13 18:41 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2004-08-04 12:00 . 2008-04-13 18:57 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys
2004-08-04 12:00 . 2004-08-04 12:00 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys
2004-08-04 12:00 . 2004-08-04 12:00 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys
2004-08-04 12:00 . 2008-11-18 22:47 287955 ------r- c:\windows\system32\drivers\etc\hosts
2004-08-04 12:00 . 2004-08-04 12:00 3683 ----a-w- c:\windows\system32\drivers\etc\lmhosts.sam
2004-08-04 12:00 . 2004-08-04 12:00 407 ----a-w- c:\windows\system32\drivers\etc\networks
2004-08-04 12:00 . 2004-08-04 12:00 799 ----a-w- c:\windows\system32\drivers\etc\protocol
2004-08-04 12:00 . 2004-08-04 12:00 7116 ----a-w- c:\windows\system32\drivers\etc\services
2004-08-03 23:15 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2004-08-03 23:09 . 2008-04-13 18:46 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys
2004-08-03 23:08 . 2008-04-13 18:45 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys
2004-08-03 23:08 . 2008-04-13 19:00 30080 ----a-w- c:\windows\system32\drivers\modem.sys
2004-08-03 23:08 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2004-08-03 23:07 . 2008-04-13 18:36 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2004-08-03 23:07 . 2008-04-13 18:36 63744 ----a-w- c:\windows\system32\drivers\mf.sys
2004-08-03 23:03 . 2008-04-13 18:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2004-08-03 23:03 . 2008-04-13 18:55 14592 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2004-08-03 22:59 . 2008-04-13 18:31 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2004-08-03 22:59 . 2008-04-13 18:31 36736 ----a-w- c:\windows\system32\drivers\crusoe.sys
2004-08-03 22:59 . 2008-04-13 18:31 37376 ----a-w- c:\windows\system32\drivers\amdk6.sys
2004-08-03 22:59 . 2008-04-13 18:31 42752 ----a-w- c:\windows\system32\drivers\p3.sys
2004-08-03 22:59 . 2008-04-13 18:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys
2004-08-03 22:59 . 2008-04-13 18:40 80128 ----a-w- c:\windows\system32\drivers\parport.sys
2004-08-03 22:58 . 2008-04-13 18:39 4352 ----a-w- c:\windows\system32\drivers\swenum.sys
2004-08-03 22:58 . 2008-04-13 18:39 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2004-08-03 22:58 . 2008-04-13 18:51 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys
2004-08-03 22:58 . 2008-04-13 18:51 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys
2001-08-17 14:06 . 2004-08-04 12:00 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys
2001-08-17 14:03 . 2008-04-13 18:45 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2001-08-17 14:03 . 2008-04-13 18:45 25600 ------w- c:\windows\system32\drivers\usbcamd.sys
2001-08-17 14:02 . 2004-08-04 12:00 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys
2001-08-17 14:02 . 2004-08-04 12:00 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys
2001-08-17 14:01 . 2004-08-04 12:00 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys
2001-08-17 13:57 . 2004-08-04 12:00 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys
2001-08-17 13:52 . 2004-08-04 12:00 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2001-08-17 13:24 . 2004-08-04 12:00 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2001-08-17 13:24 . 2004-08-04 12:00 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys
2001-08-17 13:24 . 2004-08-04 12:00 12032 ----a-w- c:\windows\system32\drivers\nikedrv.sys
2001-08-17 13:24 . 2004-08-04 12:00 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys


((((((((((((((((((((((((((((( SnapShot@2009-07-06_13.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-09 01:36 . 2009-07-09 01:36 26624 c:\windows\Installer\b975c.msi
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-09 01:40 . 2009-07-09 01:40 3938816 c:\windows\Installer\b9766.msi
+ 2009-07-09 01:57 . 2009-07-09 01:57 6653952 c:\windows\Installer\1f00c8.msp
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-20 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Dimension4"="c:\program files\D4\D4.exe" [2004-02-04 200704]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2006-9-23 189952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-24 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 03:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\D4\\D4.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/25/2009 12:22 AM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/20/2008 9:19 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/20/2008 9:19 AM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [7/6/2009 11:03 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [7/6/2009 11:01 PM 1195008]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 12:21 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 12:21 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [7/6/2009 11:01 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [7/6/2009 11:03 PM 257432]
S3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;c:\windows\system32\drivers\mdgndis5.sys [5/25/2006 1:11 PM 164586]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 03:26]

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwca.ops.placeware.com/etc/place/CHARLIE/CHApws-a1/5.1.8.511/lib/quicksilver.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 00:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-343818398-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,f5,e5,09,21,9d,3d,46,87,eb,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,f5,e5,09,21,9d,3d,46,87,eb,95,\

[HKEY_USERS\S-1-5-21-2025429265-343818398-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A84510B-716D-6F91-F3DC-418E085F1838}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaeiabbcckihjcfgkceecpijpgkecg"=hex:6a,61,62,6e,63,6a,6d,66,6b,6b,6a,6f,6a,6c,
61,65,67,62,65,70,00,fb
"nakjkacmappjconibgbcgppheedd"=hex:6a,61,62,6e,63,6a,6d,66,6b,6b,6a,6f,6a,6c,
61,65,67,62,65,70,00,00
"abilileoelkghcmibnikocoajgieodfiea"=hex:64,62,62,69,69,67,64,68,6d,6a,67,61,
6f,69,6b,65,6c,67,6e,66,63,66,67,68,6a,62,6d,66,65,67,69,66,6e,69,64,64,6c,\
"mabllllapkhjljhlbdibmkljkm"=hex:6f,61,6b,6a,64,6c,6f,70,62,6f,63,61,6d,66,66,
6f,68,6f,67,6f,66,66,69,68,68,6d,69,63,66,6f,00,66
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer

Edited by matxny, 09 July 2009 - 12:14 AM.


#14 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 09 July 2009 - 12:15 AM

last portion of ComboFix log:

------------------------ Other Running Processes ------------------------
.
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-09 0:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 04:14

Pre-Run: 23,340,437,504 bytes free
Post-Run: 23,246,258,176 bytes free

591 --- E O F --- 2009-06-11 07:06

#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 09 July 2009 - 04:43 AM

So far I don't see anything related to what Spybot Search & Destroy is reporting.

Download the Registry Search Tool from here:
http://www.billsway....les/RegSrch.zip
Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:
SKYNET

Press 'OK'
The search will run for a while then alert you when it is finished.
Press 'OK' and copy the contents of the WordPad window and post in this thread.

This item is not malware related, it's just good housekeeping for an empty entry

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Please post a new HijackThis log, the results from running the Registry SEarch Tool, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 09 July 2009 - 09:52 AM

I downloaded the Registry Search Tool and ran it. No WordPad window opened, just a box that said "Search completed in 91 seconds. No instances of "SKYNET" found."

I deleted the indicated entry using HJT.

Here's the newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:19 AM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwca.ops.pl...quicksilver.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154239387786
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.k..._2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontier.web...ort/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 10119 bytes

#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 09 July 2009 - 04:36 PM

Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

I downloaded the Registry Search Tool and ran it. No WordPad window opened, just a box that said "Search completed in 91 seconds. No instances of "SKYNET" found."

I think it's gone. I see nothing that Spybot Search & Destroy could be finding for the item it is detecting. Run Spybot Search & Destroy, update the signatures for it if there are any newer found, close and restart Spybot Search & Destroy, and run a new scan. Is the detection still occurring?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 09 July 2009 - 09:16 PM

I've uninstalled ComboFix.

I updated and ran Spot S&D. It didn't find anything. I also ran AVG and all my other anti-malware programs and none of them found anything. Am I good to go?

I still have RSIT.exe and RegSrch.vbs on my desktop. Can I just drag them to the Recycle Bin or are there special instructions to uninstall them?

#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 09 July 2009 - 09:22 PM

I still have RSIT.exe and RegSrch.vbs on my desktop. Can I just drag them to the Recycle Bin...

Yes, you can.

Create a Restore Point
  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 10 July 2009 - 03:22 PM

First, I ran all of my A/V and various anti-malware programs, and nothing was found, so I think we've fixed my original problem.

After going through and doing all the additional things you recommended in your last post, I have some more questions:

- I created a restore point, but how/when would I ever use it? Is that something I would use only under the guidance of someone like you telling me to?

- I installed the MVPS HOSTS file. Can I also use the Immunize feature in Spybot S&D? Will it add to what I got from MVPS or would it overwrite what I just did? Also, how do I routinely update the file from MVPS HOSTS? Do I just download it and reinstall it like I did today, or is there some method of updating what's already there? How often should I be doing that?

- I installed SpywareBlaster. Is it automatically running every time I log in, or do I need to go in and turn it on every time?

- Tony Klein's article mentioned that Windows XP SP3 has problems. I think I have SP3. Is that bad? It seems to be focused on HP computers and I have a Dell. Should I uninstall it? I've never noticed the problems they described. Also, I don't see SP2 (or SP1 if there was one) listed. Are those something I should have, or are whatever fixes were included in them already included in SP3?

- Thanks to you I already have all the software recommended in Tony Klein's article except for Windows Defender. Is this something I should install?

Thank you.

#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 10 July 2009 - 08:20 PM

- I created a restore point, but how/when would I ever use it? Is that something I would use only under the guidance of someone like you telling me to?

It's not necessarily used because of a virus. A good example is if you just installed a program, and it caused a problem. You uninstall the program, but the problem remains. You could then use System Restore using a Restore Point from just before the program was installed, and hopefully that would fix the problem.

- I installed the MVPS HOSTS file. Can I also use the Immunize feature in Spybot S&D? Will it add to what I got from MVPS or would it overwrite what I just did? Also, how do I routinely update the file from MVPS HOSTS? Do I just download it and reinstall it like I did today, or is there some method of updating what's already there? How often should I be doing that?

That's all you would need to do. Although there is an included batch file to use to make it easier, it's really as simple as replacing the old HOSTS file with the new one. You may find this list of updated software useful to check when many different utilities, including MVPS HOSTS file, have been updated.
Go to http://www.dslreport...orum/security,1, and open the very first topic there, it should be
Security Software Updates - [date]. A link for the topic is not that useful, as it's a new topic for each day.

http://www.bleepingc...3.html#immunize
Though Spybot - S&D has a robust immunization process, it is advised that you use SpywareBlaster for this process instead. SpywareBlaster provides a much greater deal of control over immunization and is updated frequently with new sites and malware. If you have SpywareBlaster installed, Spybot - S&D will notify you that using SpywareBlaster will provide greater control.

- I installed SpywareBlaster. Is it automatically running every time I log in, or do I need to go in and turn it on every time?

It works through registry settings, so there's nothing to run, except when you want to run it and check for updates.

- Tony Klein's article mentioned that Windows XP SP3 has problems. I think I have SP3. Is that bad?

That particular article it references was over a year ago. Some people did have problems right after SP3 was released, but that was some time ago. You should be fine with SP3 installed, and without it, you would be needlessly vulnerable to many exploits that have since been fixed.

- Thanks to you I already have all the software recommended in Tony Klein's article except for Windows Defender. Is this something I should install?

I would, although if you do, I would not run the TeaTimer utility in Spybot Search & Destroy as it would duplicate functionality.

Does that fully answer your questions?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 matxny

matxny

    Member

  • Full Member
  • Pip
  • 48 posts

Posted 10 July 2009 - 08:31 PM

That answers everything. Thank you very much for all your guidance and hard work! There's no way I would have been able to get where I am now without your direction. Not only did we clean up my original problem, but I feel much safer going forward because of all the things I've learned and the new programs I've installed. The support you and the rest of the staff here give is absolutely invaluable. Thank you again!

#23 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,352 posts

Posted 11 July 2009 - 11:40 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button