Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

007guard and slow internet problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 Zybergod

Zybergod

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 December 2008 - 12:25 PM

I've read through the mandatory "read this first" topic and have included the Random system inspector log below. I'm experiencing slow internet response and netstat is showing 007guard.com connections. I've taken steps to modify my host file but I would appreciate having the log looked over and the infection removed. Thank you in advance!

info.txt logfile of random's system information tool 1.04 2008-12-17 11:19:32

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Add or Remove Adobe Creative Suite 3 Production Premium-->C:\Program Files\Common Files\Adobe\Installers\aefc483f26b23ab60cc5653016d5017\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 3 Production Premium-->MsiExec.exe /I{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Media Encoder 2.5-->MsiExec.exe /I{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Glyphlet Creation Tool CS3-->MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AnalogX MaxMem-->C:\Program Files\AnalogX\MaxMem\maxmemu.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple ProRes QuickTime Decoder-->MsiExec.exe /I{B0870386-2559-4762-A46D-020E60FB9BA9}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AsfTools 3.1 (remove only)-->C:\Program Files\AsfTools 3.1\Uninst.exe
Avaya Voice Player-->MsiExec.exe /X{487DCF0E-25F0-4B94-A8B9-151CBD73ABF7}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avid Codecs LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D261AB45-344B-4E6C-A63D-EB087CF62205}\setup.exe" -l0x9 -removeonly
Avid DIO Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44453C96-8A4F-4FCA-9783-4F9F00F09254}\SETUP.exe" -l0x9 -removeonly
Avid DNADiags-->MsiExec.exe /X{9D916AFB-35EC-450C-B08A-007B6811C927}
Avid EDL Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CBBC3EE-D4FB-4923-85EB-8C4851E20300}\setup.exe" -l0x9 -removeonly
Avid FilmScribe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FC32C39-6846-4963-A7AF-8A5DC3EC712E}\setup.exe" -l0x9 -removeonly
Avid Log Exchange-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E7B8D6B-88E3-4B7E-8761-EA62CBE53C8F}\setup.exe" -l0x9 -removeonly
Avid Xpress Pro HD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF7EBCC7-F42C-4872-A609-ECE2527AD003}\setup.exe" -l0x9 -removeonly
AvidAfterEffectsEMP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A52CCA0B-B16B-4DF4-8C5F-3CBE60E93DC0}\setup.exe" -l0x9 -removeonly
BOINC-->MsiExec.exe /I{2D671126-CF09-4B0A-9F9C-DE3617C2DF46}
BOINC-->MsiExec.exe /I{9F1B3F73-8001-4C72-8BC1-4D7BFB82D92E}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Boris FX Ltd-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD60152B-9F50-4B91-97B0-85B19EFFFCF5}\Setup.exe" -l0x9
Boris Graffiti Ltd-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92DFE3E1-88A2-427B-9D0C-141CF86A11FB}\Setup.exe" -l0x9
Call of Duty® 4 - Modern Warfare™ 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Designer 7.51.1416-->MsiExec.exe /I{FA2E0F99-F596-497C-83FF-73A0CFF90FBB}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
CP2101 USB to UART Bridge Controller-->C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\uninstall.ini
Dell3007WFP32c-->MsiExec.exe /I{2F07BC0E-4BB3-4151-AA42-1DB59F5D57AF}
Digsby-->C:\Program Files\Digsby\uninstall.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dropbox-->"C:\Program Files\Dropbox\uninstall.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD43 v4.2.0-->"C:\Program Files\dvd43\unins000.exe"
Enemy Territory - QUAKE Wars™ Demo 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{B7B6C0BE-C919-425C-A493-DF9FF11249F5}\setup.exe -runfromtemp -l0x0409
FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Flock (2.0.2)-->C:\Program Files\Flock\uninstall\helper.exe
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Gbridge (remove only)-->C:\Program Files\Gbridge LLC\Gbridge\uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gears-->MsiExec.exe /I{2A9C3F41-DACA-37AB-84FB-2E6193C42151}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{DFB48451-4F78-33DC-BC42-8C403C74939F}
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GridIron Nucleo Pro 2-->MsiExec.exe /I{F70A5640-8713-48FA-8AD1-2BBDE2C6D54A}
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HandBrake 0.9.3-->C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\brianp\Desktop\HJT\HijackThis.exe" /uninstall
HP Help and Support 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
HP Performance Tuning Framework-->MsiExec.exe /I{2D5F91BD-BB3D-4E8C-B29C-C5BC42E194F1}
HP Safety and Comfort Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}\SETUP.EXE" -l0x9
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IsoBuster 2.3-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jing-->MsiExec.exe /I{7EC96FCD-0C12-46D3-988A-FB802F138BEB}
Labtec WebCam-->MsiExec.exe /X{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}
Labtec® Camera Driver-->"C:\Program Files\Common Files\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Launchy 2.0-->"C:\Program Files\Launchy\unins000.exe"
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
MacDrive 5-->MsiExec.exe /I {9F02AE6F-7980-496A-856F-7A6A705137DA}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Magic Bullet Looks PPro-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Common\Plug-ins\CS3\MediaCore\mblooks3ppro.log
MediaMover PC 2.6-->MsiExec.exe /X{5CE1AB33-AD4B-47F3-AECA-6E8FE4B0603C}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetXfer 2.57.399-->"C:\Program Files\Xi\NetXfer\unins000.exe"
Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Nvidia Omega Drivers v2.169.21 Setup Files-->"C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe" "/U:C:\Program Files\Nvidia Omega Drivers\v2.169.21\Omega Uninstall.xml"
Panasonic P2 Drivers-->MsiExec.exe /X{25F13DE8-7527-4327-9F21-53B26281CEBF}
Panasonic P2 Viewer-->MsiExec.exe /X{74AAC6CE-E2B4-4F54-9D47-397EC3A9F707}
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDF Settings-->MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Privoxy (remove only)-->"C:\Program Files\Privoxy\privoxy_uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe"
Retrospect 7.0-->MsiExec.exe /I{AFF8387B-A958-48F8-9E1C-2E9485A1985A}
Rimage 360i Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA1C1E5C-9548-425C-99E7-FB36090BF346}\SETUP.EXE" -l0x9 -removeonly
Roxio Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio CinePlayer-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
Roxio Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SDP Downloader-->MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
Sentinel Protection Installer 7.0.0-->MsiExec.exe /I{547D4265-AF45-42E9-A62A-C58182AA35B9}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic ReelDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E265B87E-C3E5-4338-9889-1579581BF280}\Setup.exe" -l0x9
Sorenson Squeeze 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam™-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Font Thing-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL3.isu" -cC:\PROGRA~1\Fisher\THEFON~1\_ISREG32.DLL
TMPGEnc 4.0 XPress-->MsiExec.exe /I{8E8ECFE5-A675-4110-B785-3B044FF48CDB}
Torrent Episode Downloader-->MsiExec.exe /I{1D319C1D-C857-4AD1-9F37-7F9A33726683}
Trapcode 3DStroke-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcode3Dstroke.log
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VNC Enterprise Edition E4.4.0-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VNC Mirror Driver 1.8.0-->"C:\Program Files\RealVNC\VNC4\Mirror Driver\unins000.exe"
WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe"
WebDialogs Unyte-->C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F09C3B9060684346A02C2F528049D062\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WSUserGuide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808E5AB1-E98F-4362-AB10-B5B69CB2301C}\SETUP.EXE" -l0x9
X3watch 5.0.5-->"C:\Program Files\X3watch\unins000.exe"
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XviD MPEG4 Video Codec v1.0.3 (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRA~1\Java\JRE15~1.0\bin;C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Avid;C:\Program Files\Common Files\Adobe\AGL;.;C:\Perl\bin;C:\OpenSA\Apache2\bin;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"MKL_SERIAL"=YES
"KMP_DUPLICATE_LIB_OK"=TRUE
"BitRock"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 22 December 2008 - 12:31 PM

Anyone?

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:53 AM

Posted 26 December 2008 - 05:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:53 AM

Posted 03 January 2009 - 11:52 AM

Due to the lack of feedback, this Topic is now closed.

If you still have problems, please Start a new topic.

R,
K

//Edit topic opened.

Edited by KoanYorel, 05 January 2009 - 11:50 AM.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 05 January 2009 - 11:41 AM

Following up on: http://www.bleepingcomputer.com/forums/t/187307/007guard-and-slow-internet-problems/

I'm sorry for my delayed response. I left the office for the holidays and was unable to access the computer with the problem after you posted your repsonse. Thank you again for taking the time. I am attaching the DDS files below:

DDS.txt

DDS (Version 1.1.0) - NTFSx86
Run by brianp at 10:39:08.57 on Mon 01/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1351 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dropbox\dropbox.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\brianp\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\brianp\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Mediafour Mac Volume Notifications] "c:\program files\common files\mediafour\MACVNTFY.EXE" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\brianp\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\dropbox.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Getting Started with MacDrive 5.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\P2 Card Manager.lnk.disabled
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brianp\applic~1\mozilla\firefox\profiles\j8zzzh3t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\brianp\application data\mozilla\firefox\profiles\j8zzzh3t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\brianp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\google\update\1.2.131.11\npGoogleOneClick5.dll

============= SERVICES / DRIVERS ===============

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2002-1-28 23376]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-12 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-12 26824]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2008-10-19 39928]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12672]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-12 231704]
R4 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-11-17 941784]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2005-8-23 476160]
R4 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-9-17 212608]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2005-12-8 16512]
S3 Flamethrower;Flamethrower;c:\windows\system32\drivers\Flamethrower.sys [2005-9-6 458240]
S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2002-8-15 220240]
S3 SIWIO;SIW low-level I/O driver;\??\c:\windows\temp\siwio.sys --> c:\windows\temp\SiwIo.sys [?]
S4 gupdate1c89b559918d108;Google Update Service (gupdate1c89b559918d108);c:\program files\google\update\GoogleUpdate.exe [2008-7-16 133104]

=============== Created Last 30 ================

2008-12-17 11:16 --d----- c:\program files\CCleaner
2008-12-16 12:46 --d----- c:\docume~1\brianp\applic~1\HandBrake
2008-12-15 17:15 --d----- c:\docume~1\brianp\applic~1\Flock
2008-12-15 17:15 --d----- c:\program files\Flock
2008-12-12 12:34 --d----- c:\docume~1\alluse~1\applic~1\Digsby
2008-12-10 17:06 197,351 a------- c:\temp\PS7_Brushes__Snowflakes_by_ainohanako.zip
2008-12-10 17:05 1,119,190 a------- c:\temp\snowflakes_brushes_by_hawksmont (1).zip
2008-12-10 17:05 --d----- C:\Temp

==================== Find3M ====================

2008-12-11 10:57 1,130,848 a------- c:\docume~1\brianp\applic~1\GDIPFONTCACHEV1.DAT
2008-12-02 14:27 14,618,605 a------- C:\vlc-0.9.6-win32.exe
2008-10-09 11:22 286,720 a------- c:\windows\system32\eSTsnmp.dll
2007-12-12 13:51 22,328 a------- c:\docume~1\brianp\applic~1\PnkBstrK.sys
2007-12-12 10:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-10-25 10:15 2,209,513 a------- c:\docume~1\brianp\applic~1\Install.dat

============= FINISH: 10:39:29.56 ===============

Attached Files



#6 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 January 2009 - 09:50 AM

Hi Zybergod,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.

I'm not seeing anything obvious. Lets start this way:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Then

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Also "copy/paste" a new DDS.txt file into this thread.

Also please describe how your computer behaves at the moment.
Posted Image

#7 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 January 2009 - 12:22 PM

Tom!! Thank you so much for helping me out. I'll fax you some pizza when this whole thing blows over.

Here is the DDS file:

DDS (Version 1.1.0) - NTFSx86
Run by brianp at 11:14:42.60 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1596 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\brianp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dropbox\dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\brianp\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = 127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\brianp\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Mediafour Mac Volume Notifications] "c:\program files\common files\mediafour\MACVNTFY.EXE" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\brianp\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\dropbox.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Getting Started with MacDrive 5.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\P2 Card Manager.lnk.disabled
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
IE: Download all by NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download by NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brianp\applic~1\mozilla\firefox\profiles\j8zzzh3t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\brianp\application

data\mozilla\firefox\profiles\j8zzzh3t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\brianp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\brianp\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2002-1-28 23376]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-12 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-12 26824]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2008-10-19 39928]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12672]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-12 231704]
R4 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-11-17 941784]
R4 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2005-8-23 476160]
R4 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-9-17 212608]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2005-12-8 16512]
S3 Flamethrower;Flamethrower;c:\windows\system32\drivers\Flamethrower.sys [2005-9-6 458240]
S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2002-8-15 220240]
S3 SIWIO;SIW low-level I/O driver;\??\c:\windows\temp\siwio.sys --> c:\windows\temp\SiwIo.sys [?]
S4 gupdate1c89b559918d108;Google Update Service (gupdate1c89b559918d108);c:\program files\google\update\GoogleUpdate.exe [2008-7-16 133104]

=============== Created Last 30 ================

2009-01-06 10:57 <DIR> --d----- c:\docume~1\brianp\applic~1\Malwarebytes
2009-01-06 10:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-06 10:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 10:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-17 11:16 <DIR> --d----- c:\program files\CCleaner
2008-12-16 12:46 <DIR> --d----- c:\docume~1\brianp\applic~1\HandBrake
2008-12-15 17:15 <DIR> --d----- c:\docume~1\brianp\applic~1\Flock
2008-12-15 17:15 <DIR> --d----- c:\program files\Flock
2008-12-12 12:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digsby
2008-12-10 17:06 197,351 a------- c:\temp\PS7_Brushes__Snowflakes_by_ainohanako.zip
2008-12-10 17:05 1,119,190 a------- c:\temp\snowflakes_brushes_by_hawksmont (1).zip
2008-12-10 17:05 <DIR> --d----- C:\Temp

==================== Find3M ====================

2008-12-11 10:57 1,130,848 a------- c:\docume~1\brianp\applic~1\GDIPFONTCACHEV1.DAT
2008-12-02 14:27 14,618,605 a------- C:\vlc-0.9.6-win32.exe
2008-10-09 11:22 286,720 a------- c:\windows\system32\eSTsnmp.dll
2007-12-12 13:51 22,328 a------- c:\docume~1\brianp\applic~1\PnkBstrK.sys
2007-12-12 10:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-10-25 10:15 2,209,513 a------- c:\docume~1\brianp\applic~1\Install.dat

============= FINISH: 11:15:10.04 ===============


The computer is running pretty well. The internet tends to be a little sluggish at times. I have Google Chrome installed and that has trouble accessing simple sites like Gmail. The thing that tipped me off was netstat:
Active Connections

Proto Local Address Foreign Address State
TCP XPRO:epmap XPRO:0 LISTENING
TCP XPRO:microsoft-ds XPRO:0 LISTENING
TCP XPRO:1032 XPRO:0 LISTENING
TCP XPRO:1053 www.007guard.com:1054 ESTABLISHED
TCP XPRO:1054 www.007guard.com:1053 ESTABLISHED
TCP XPRO:1055 www.007guard.com:1056 ESTABLISHED
TCP XPRO:1056 www.007guard.com:1055 ESTABLISHED
TCP XPRO:5354 XPRO:0 LISTENING
TCP XPRO:8791 XPRO:0 LISTENING
TCP XPRO:27015 XPRO:0 LISTENING
TCP XPRO:netbios-ssn XPRO:0 LISTENING
TCP XPRO:1038 rex:netbios-ssn ESTABLISHED
TCP XPRO:1050 web3.getdropbox.com:https CLOSE_WAIT
TCP XPRO:1051 web1.getdropbox.com:https CLOSE_WAIT
TCP XPRO:1052 174.36.30.13-static.reverse.softlayer.com:http ESTABLISHED
TCP XPRO:1070 72.21.211.148:http ESTABLISHED
TCP XPRO:1094 acd4129912.rit.edu:https ESTABLISHED
TCP XPRO:1102 el-in-f125.google.com:5222 ESTABLISHED
TCP XPRO:1119 an-in-f18.google.com:https CLOSE_WAIT
TCP XPRO:1144 www.bleepingcomputer.com:http CLOSE_WAIT
TCP XPRO:1174 191-247.amazon.com:http TIME_WAIT
TCP XPRO:1180 channel28.01.05.sf2p.facebook.com:http ESTABLISHED
TCP XPRO:epmap XPRO:0 LISTENING 0
UDP XPRO:microsoft-ds *:*
UDP XPRO:isakmp *:*
UDP XPRO:1025 *:*
UDP XPRO:1026 *:*
UDP XPRO:1027 *:*
UDP XPRO:1068 *:*
UDP XPRO:4500 *:*
UDP XPRO:ntp *:*
UDP XPRO:1900 *:*
UDP XPRO:5353 *:*
UDP XPRO:ntp *:*
UDP XPRO:1900 *:*
UDP XPRO:44301 *:*
UDP XPRO:ntp *:*
UDP XPRO:netbios-ns *:*
UDP XPRO:netbios-dgm *:*
UDP XPRO:1900 *:*
UDP XPRO:5353 *:*
UDP XPRO:1025 *:*

I've added a localhost loopback for 007guard.com but I'd like to get rid of it all together.

#8 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 January 2009 - 03:19 PM

Zybergod,

Did you run Malwarebytes'?

Can I have the report?
Posted Image

#9 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 January 2009 - 04:13 PM

Sorry!

Malwarebytes' Anti-Malware 1.32
Database version: 1624
Windows 5.1.2600 Service Pack 2

1/6/2009 11:09:14 AM
mbam-log-2009-01-06 (11-09-14).txt

Scan type: Quick Scan
Objects scanned: 63748
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\Service.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Service.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

#10 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 January 2009 - 04:59 PM

Zybergod,

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Posted Image

#11 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 January 2009 - 06:07 PM

Ah crap. I'll change my passwords right away. Here is the log:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Xeon™ CPU 3.40GHz )
BIOS : Default System BIOS
USER : brianp ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:136 Go (Free:5 Go)
G:\ (Local Disk) - NTFS - Total:136 Go (Free:9 Go)
H:\ (CD or DVD)
V:\ (Network Disk) - NTFS - Total:745 Go (Free:160 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 01/06/2009|17:02 )

--------------------\\ Listing folders in APPLIC~1

[02/22/2008|02:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[08/23/2005|04:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[09/20/2005|10:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> IsolatedStorage
[09/06/2005|03:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Leadertech
[06/11/2008|01:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[09/20/2005|01:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> PACE Anti-Piracy
[06/02/2008|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SecuROM
[09/06/2005|03:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic

[11/13/2008|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/20/2005|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[09/03/2008|03:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[11/27/2007|02:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/10/2007|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/12/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/05/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BOINC
[12/12/2008|12:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Digsby
[03/06/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FlashFXP
[12/03/2008|04:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[10/17/2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FreeDownloadManager.ORG
[04/10/2008|03:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[02/29/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GridIron Software
[11/07/2007|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HotSync
[08/23/2005|04:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[09/20/2005|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[01/06/2009|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/23/2008|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/03/2005|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Minnetonka Audio Software
[06/12/2008|11:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[12/15/2005|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PACE Anti-Piracy
[10/14/2005|03:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[12/02/2007|03:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/13/2005|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Retrospect
[10/17/2005|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Rimage
[12/12/2007|10:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[04/23/2008|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[12/17/2008|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[09/20/2005|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[10/25/2005|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/18/2008|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WebcamMax
[01/06/2009|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> x3watch

[08/23/2005|04:28] C:\DOCUME~1\Brian\APPLIC~1\<DIR> Identities
[06/11/2008|01:16] C:\DOCUME~1\Brian\APPLIC~1\<DIR> Microsoft

[03/07/2008|11:58] C:\DOCUME~1\brianp\APPLIC~1\<DIR> 3DFileSystemProfile
[11/18/2008|01:11] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Adobe
[10/10/2007|01:34] C:\DOCUME~1\brianp\APPLIC~1\<DIR> AdobeUM
[03/06/2008|03:14] C:\DOCUME~1\brianp\APPLIC~1\<DIR> ameCache
[01/18/2008|01:56] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Apple Computer
[10/23/2007|03:09] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Arcsoft
[12/16/2005|11:35] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Azureus
[10/14/2008|10:01] C:\DOCUME~1\brianp\APPLIC~1\<DIR> CoreFTP
[12/12/2008|12:34] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Digsby
[01/06/2009|04:56] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Dropbox
[12/03/2008|06:17] C:\DOCUME~1\brianp\APPLIC~1\<DIR> dvdcss
[10/17/2008|03:07] C:\DOCUME~1\brianp\APPLIC~1\<DIR> FileZilla
[12/15/2008|05:15] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Flock
[06/17/2008|04:06] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Free Download Manager
[12/04/2008|01:02] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Gbridge
[12/07/2005|05:45] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Google
[10/11/2007|12:34] C:\DOCUME~1\brianp\APPLIC~1\<DIR> GridIron
[12/16/2008|12:46] C:\DOCUME~1\brianp\APPLIC~1\<DIR> HandBrake
[03/06/2008|11:24] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Help
[11/07/2007|11:46] C:\DOCUME~1\brianp\APPLIC~1\<DIR> HotSync
[08/23/2005|04:28] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Identities
[03/03/2008|12:47] C:\DOCUME~1\brianp\APPLIC~1\<DIR> InstallShield
[10/20/2005|12:19] C:\DOCUME~1\brianp\APPLIC~1\<DIR> IsolatedStorage
[12/19/2007|10:53] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Launchy
[09/30/2005|01:19] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Leadertech
[12/02/2008|04:30] C:\DOCUME~1\brianp\APPLIC~1\<DIR> LEAPS
[12/14/2005|12:30] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Lionhead Studios
[10/17/2005|11:01] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Macromedia
[01/06/2009|10:57] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Malwarebytes
[05/21/2008|03:26] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Media Player Classic
[11/13/2008|03:40] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Microsoft
[12/05/2008|04:27] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Mozilla
[08/11/2008|02:33] C:\DOCUME~1\brianp\APPLIC~1\<DIR> MPEG Streamclip
[10/18/2005|11:09] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Opera
[12/15/2005|01:20] C:\DOCUME~1\brianp\APPLIC~1\<DIR> PACE Anti-Piracy
[12/02/2008|02:38] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Pegasys Inc
[05/21/2008|03:26] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Real
[01/02/2008|12:16] C:\DOCUME~1\brianp\APPLIC~1\<DIR> SecuROM
[12/01/2008|06:40] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Skype
[12/01/2008|05:50] C:\DOCUME~1\brianp\APPLIC~1\<DIR> skypePM
[10/03/2005|03:17] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Sonic
[09/29/2005|04:04] C:\DOCUME~1\brianp\APPLIC~1\<DIR> SorensonMedia
[09/30/2005|01:53] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Sun
[11/01/2007|01:30] C:\DOCUME~1\brianp\APPLIC~1\<DIR> SystemRequirementsLab
[12/10/2005|12:51] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Talkback
[11/26/2007|01:04] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Torrent Episode Downloader
[12/12/2007|11:41] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Unyte
[01/05/2009|12:11] C:\DOCUME~1\brianp\APPLIC~1\<DIR> uTorrent
[12/02/2008|02:29] C:\DOCUME~1\brianp\APPLIC~1\<DIR> vlc
[11/17/2008|04:26] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Webcammax
[10/09/2007|04:32] C:\DOCUME~1\brianp\APPLIC~1\<DIR> x3watch
[05/21/2008|03:01] C:\DOCUME~1\brianp\APPLIC~1\<DIR> Xi

[08/23/2005|04:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/23/2005|04:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[06/11/2008|01:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[06/11/2008|01:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/06/2009 03:48 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-226152523-2219648877-2619398298-1006.job
[01/06/2009 04:56 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[10/25/2008 07:47 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/06/2009 04:55 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 01:00 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/15/2005|01:20] C:\Program Files\<DIR> {DF9668B9-9B16-4869-962B-7FDD183654F7}
[11/26/2007|05:15] C:\Program Files\<DIR> 7-Zip
[10/14/2005|12:08] C:\Program Files\<DIR> AC3Filter
[11/26/2007|05:38] C:\Program Files\<DIR> Activision
[11/18/2008|01:11] C:\Program Files\<DIR> Adobe
[10/06/2005|02:06] C:\Program Files\<DIR> Ahead
[09/29/2005|12:37] C:\Program Files\<DIR> Altiris
[08/23/2005|04:38] C:\Program Files\<DIR> Analog Devices
[03/24/2008|02:25] C:\Program Files\<DIR> AnalogX
[07/31/2008|04:15] C:\Program Files\<DIR> Apple Software Update
[11/17/2005|01:08] C:\Program Files\<DIR> AsfTools 3.1
[04/21/2008|01:27] C:\Program Files\<DIR> Avaya
[06/09/2008|02:18] C:\Program Files\<DIR> AVG
[10/11/2005|03:55] C:\Program Files\<DIR> Avid
[10/15/2008|05:40] C:\Program Files\<DIR> BOINC
[01/17/2008|11:40] C:\Program Files\<DIR> Bonjour
[09/06/2005|03:23] C:\Program Files\<DIR> Boris FX, Inc
[02/05/2008|11:01] C:\Program Files\<DIR> BUFFALO
[12/17/2008|11:16] C:\Program Files\<DIR> CCleaner
[11/15/2005|06:15] C:\Program Files\<DIR> CDisplay
[10/27/2008|01:37] C:\Program Files\<DIR> Common Files
[08/23/2005|04:28] C:\Program Files\<DIR> ComPlus Applications
[03/06/2008|11:24] C:\Program Files\<DIR> CoreFTP
[11/26/2007|05:36] C:\Program Files\<DIR> DAEMON Tools
[08/23/2005|04:42] C:\Program Files\<DIR> Dantz
[12/17/2008|11:52] C:\Program Files\<DIR> Digsby
[09/06/2005|03:29] C:\Program Files\<DIR> directx
[02/20/2008|03:14] C:\Program Files\<DIR> DivX
[07/18/2008|04:18] C:\Program Files\<DIR> Dropbox
[04/23/2008|11:35] C:\Program Files\<DIR> DVD Decrypter
[03/27/2008|03:20] C:\Program Files\<DIR> dvd43
[09/20/2005|03:40] C:\Program Files\<DIR> DVKeyboard
[10/09/2007|03:36] C:\Program Files\<DIR> EA GAMES
[11/01/2007|05:01] C:\Program Files\<DIR> Electronic Arts
[06/11/2008|01:37] C:\Program Files\<DIR> ESET
[10/14/2008|10:02] C:\Program Files\<DIR> FileZilla FTP Client
[03/06/2008|10:59] C:\Program Files\<DIR> FileZilla Server
[11/10/2005|05:09] C:\Program Files\<DIR> Fisher
[03/06/2008|11:30] C:\Program Files\<DIR> FlashFXP
[12/16/2008|02:09] C:\Program Files\<DIR> Flock
[02/06/2008|11:38] C:\Program Files\<DIR> FLV Player
[11/29/2007|06:01] C:\Program Files\<DIR> Free Download Manager
[03/03/2008|12:52] C:\Program Files\<DIR> Futuremark
[12/04/2008|01:01] C:\Program Files\<DIR> Gbridge LLC
[12/05/2008|03:58] C:\Program Files\<DIR> Google
[03/11/2008|02:44] C:\Program Files\<DIR> Grisoft
[10/14/2005|12:07] C:\Program Files\<DIR> GSpot
[12/16/2008|12:37] C:\Program Files\<DIR> Handbrake
[08/23/2005|04:43] C:\Program Files\<DIR> Hewlett-Packard
[08/23/2005|04:42] C:\Program Files\<DIR> Hewlett-Packard Company
[06/25/2008|10:58] C:\Program Files\<DIR> Hothead Games
[08/23/2005|04:42] C:\Program Files\<DIR> HPQ
[05/13/2008|04:24] C:\Program Files\<DIR> InstallShield Installation Information
[08/23/2005|04:40] C:\Program Files\<DIR> Intel
[11/29/2007|02:12] C:\Program Files\<DIR> Internet Explorer
[07/31/2008|04:23] C:\Program Files\<DIR> iPod
[11/25/2008|11:51] C:\Program Files\<DIR> iTunes
[10/09/2007|03:38] C:\Program Files\<DIR> Jap
[07/14/2008|10:13] C:\Program Files\<DIR> Java
[01/29/2008|05:02] C:\Program Files\<DIR> Labtec
[12/19/2007|10:52] C:\Program Files\<DIR> Launchy
[10/10/2005|09:45] C:\Program Files\<DIR> Lionhead Studios
[11/14/2005|01:28] C:\Program Files\<DIR> Lionhead Studios Ltd
[11/20/2008|02:36] C:\Program Files\<DIR> LooksBuilder
[11/21/2005|04:00] C:\Program Files\<DIR> LucasArts
[01/06/2009|10:57] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[06/12/2008|04:08] C:\Program Files\<DIR> Mediafour
[12/15/2005|01:24] C:\Program Files\<DIR> MediaMover PC 2.6
[08/23/2005|04:28] C:\Program Files\<DIR> Messenger
[09/29/2005|03:45] C:\Program Files\<DIR> Microsoft ActiveSync
[08/23/2005|04:28] C:\Program Files\<DIR> microsoft frontpage
[09/29/2005|03:45] C:\Program Files\<DIR> Microsoft Office
[02/13/2008|05:13] C:\Program Files\<DIR> Microsoft Silverlight
[08/23/2005|04:28] C:\Program Files\<DIR> Movie Maker
[01/06/2009|04:58] C:\Program Files\<DIR> Mozilla Firefox
[04/23/2008|12:41] C:\Program Files\<DIR> Mozilla Firefox 3 Beta 4
[10/27/2008|01:43] C:\Program Files\<DIR> MSBuild
[11/07/2007|12:45] C:\Program Files\<DIR> MSECACHE
[08/23/2005|04:28] C:\Program Files\<DIR> MSN
[08/23/2005|04:28] C:\Program Files\<DIR> MSN Gaming Zone
[10/09/2008|11:14] C:\Program Files\<DIR> My Company Name
[10/11/2005|03:53] C:\Program Files\<DIR> National Instruments
[10/09/2007|05:13] C:\Program Files\<DIR> Netflix
[08/23/2005|04:28] C:\Program Files\<DIR> NetMeeting
[06/04/2008|12:22] C:\Program Files\<DIR> Nvidia Omega Drivers
[08/23/2005|04:28] C:\Program Files\<DIR> Online Services
[12/15/2005|01:20] C:\Program Files\<DIR> Outlook Express
[01/29/2008|05:03] C:\Program Files\<DIR> palmOne
[11/07/2007|12:38] C:\Program Files\<DIR> palmOne2
[11/10/2008|01:12] C:\Program Files\<DIR> Panasonic P2
[08/23/2005|04:40] C:\Program Files\<DIR> PDF Complete
[12/16/2008|02:50] C:\Program Files\<DIR> PeerGuardian2
[12/02/2008|02:33] C:\Program Files\<DIR> Pegasys Inc
[11/13/2008|04:15] C:\Program Files\<DIR> Privoxy
[09/06/2005|02:40] C:\Program Files\<DIR> Program Shortcuts
[07/31/2008|04:22] C:\Program Files\<DIR> QuickTime
[05/21/2008|03:25] C:\Program Files\<DIR> Real Alternative
[06/16/2008|09:23] C:\Program Files\<DIR> RealVNC
[10/27/2008|01:40] C:\Program Files\<DIR> Reference Assemblies
[10/17/2005|11:02] C:\Program Files\<DIR> Rimage
[08/23/2005|04:41] C:\Program Files\<DIR> Roxio
[09/06/2005|03:12] C:\Program Files\<DIR> SafeNet Sentinel
[12/10/2008|10:39] C:\Program Files\<DIR> Samurize
[05/21/2008|02:56] C:\Program Files\<DIR> SDP Multimedia
[12/12/2007|11:34] C:\Program Files\<DIR> Skype
[10/10/2005|09:29] C:\Program Files\<DIR> Smart Projects
[04/23/2008|12:40] C:\Program Files\<DIR> Sonic
[09/06/2005|03:21] C:\Program Files\<DIR> Sorenson Media
[11/29/2008|01:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/05/2009|05:33] C:\Program Files\<DIR> Steam
[09/20/2005|10:47] C:\Program Files\<DIR> Symantec
[10/27/2008|01:44] C:\Program Files\<DIR> TechSmith
[04/22/2008|01:54] C:\Program Files\<DIR> The GodFather
[10/09/2007|03:39] C:\Program Files\<DIR> Tor
[11/26/2007|01:01] C:\Program Files\<DIR> Torrent Episode Downloader
[03/03/2008|01:53] C:\Program Files\<DIR> TwitBox
[08/23/2005|04:28] C:\Program Files\<DIR> Uninstall Information
[12/19/2007|12:32] C:\Program Files\<DIR> uTorrent
[10/23/2007|04:20] C:\Program Files\<DIR> VideoLAN
[11/17/2008|04:19] C:\Program Files\<DIR> WebCamDV
[11/17/2008|04:26] C:\Program Files\<DIR> WebcamMax
[11/07/2007|12:46] C:\Program Files\<DIR> Windows Installer Clean Up
[12/07/2005|07:21] C:\Program Files\<DIR> Windows Media Components
[12/10/2008|10:39] C:\Program Files\<DIR> Windows Media Player
[08/23/2005|04:28] C:\Program Files\<DIR> Windows NT
[08/23/2005|04:28] C:\Program Files\<DIR> WindowsUpdate
[10/10/2005|09:43] C:\Program Files\<DIR> WinRAR
[12/09/2008|12:35] C:\Program Files\<DIR> X3watch
[08/23/2005|04:28] C:\Program Files\<DIR> xerox
[05/21/2008|03:01] C:\Program Files\<DIR> Xi

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/13/2008|03:29] C:\Program Files\Common Files\<DIR> Adobe
[10/06/2005|02:06] C:\Program Files\Common Files\<DIR> Ahead
[12/10/2007|11:49] C:\Program Files\Common Files\<DIR> Apple
[10/11/2005|03:48] C:\Program Files\Common Files\<DIR> Avid
[10/01/2008|12:26] C:\Program Files\Common Files\<DIR> BioWare
[09/29/2005|03:45] C:\Program Files\Common Files\<DIR> Designer
[09/06/2005|03:13] C:\Program Files\Common Files\<DIR> Digidesign
[10/10/2005|02:53] C:\Program Files\Common Files\<DIR> EasyInfo
[03/03/2008|12:47] C:\Program Files\Common Files\<DIR> Futuremark Shared
[05/13/2008|04:24] C:\Program Files\Common Files\<DIR> InstallShield
[10/28/2005|11:59] C:\Program Files\Common Files\<DIR> Java
[01/29/2008|05:02] C:\Program Files\Common Files\<DIR> Labtec
[08/23/2005|04:40] C:\Program Files\Common Files\<DIR> LightScribe
[01/29/2008|05:02] C:\Program Files\Common Files\<DIR> LogiShrd
[09/02/2008|03:14] C:\Program Files\Common Files\<DIR> Macrovision Shared
[06/12/2008|04:08] C:\Program Files\Common Files\<DIR> Mediafour
[11/29/2007|02:12] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/23/2005|04:28] C:\Program Files\Common Files\<DIR> MSSoap
[08/23/2005|04:28] C:\Program Files\Common Files\<DIR> ODBC
[09/20/2005|01:03] C:\Program Files\Common Files\<DIR> PACE Anti-Piracy
[09/06/2005|03:12] C:\Program Files\Common Files\<DIR> SafeNet Sentinel
[08/23/2005|04:28] C:\Program Files\Common Files\<DIR> Services
[12/12/2007|10:45] C:\Program Files\Common Files\<DIR> Skype
[09/06/2005|03:26] C:\Program Files\Common Files\<DIR> Sonic Shared
[05/13/2008|04:24] C:\Program Files\Common Files\<DIR> Sony Shared
[08/23/2005|04:28] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/20/2005|10:47] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/15/2005|01:20] C:\Program Files\Common Files\<DIR> System
[10/27/2008|01:37] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 17:03:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..




[F:454][D:56]-> C:\DOCUME~1\brianp\LOCALS~1\Temp
[F:8][D:0]-> C:\DOCUME~1\brianp\Cookies
[F:1][D:0]-> C:\DOCUME~1\brianp\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 01/06/2009|17:04 - Option : [1]

--------------------\\ Scan completed at 17:04:42

#12 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 January 2009 - 09:49 PM

Zybergod,

Aha. I think we've got it now. :thumbsup:

Download HostsXpert v4.3 and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.
Visit the Website for more information.

Now give it a test drive and let me know how you do.
Posted Image

#13 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 08 January 2009 - 04:26 PM

Hi Tom,

I ran the hostsXpert program then went in an manually added a block against 007guard.com. Are we going to be able to remove whatever is causing that? Do I need to uninstall Firefox? Here is my hosts file now:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com

#14 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 08 January 2009 - 04:33 PM

Zybergod,

How does netstat look now.

Are we going to be able to remove whatever is causing that?

I believe that we already did with Malwarebytes.

As I understand this infection, localhost in your host file is replaced with www.007guard.com. We've fixed that and removed the installer so hopefully you are good now.

Lets do an online scan:

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Posted Image

#15 Zybergod

Zybergod
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 12 January 2009 - 03:14 AM

Back in the office. Running scan. Will get back to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users