Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Connect Several Programs or IE to Internet


  • This topic is locked This topic is locked
27 replies to this topic

#16 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 30 December 2008 - 05:37 PM

Hello Td,

Try this link : http://download.softpedia.com/dl/8e024ff4c.../winsockfix.exe

Greetings,
Thunder


Howdi Thunder!

When running, I get following message:

WARNING:
Error saving file
C:\ERDNT\SECURITY !

Continue with the next file.... Y/N


Shall I just continue?

Edited by the doomed, 30 December 2008 - 05:39 PM.


BC AdBot (Login to Remove)

 


#17 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 30 December 2008 - 05:41 PM

Hello Td,

Yes, please continue and see if you can use the FIX button.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#18 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 30 December 2008 - 05:52 PM

Hello Td,

Yes, please continue and see if you can use the FIX button.

Greetings,
Thunder


Got 6 error messages in total. - all much the same.

Rebooted. No change to ie, still same error message,


Really appreciate your efforts here! :thumbsup:

#19 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 30 December 2008 - 06:16 PM

Hello Td,

Let's see if IEFix can't get rid of your problem :
go to this page : http://windowsxp.mvps.org/IEFIX.htm
and follow the instructions.

If that doesn't do it, and disabeling ZoneAlarm has no effect, then :
Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder

Edited by Thunder, 30 December 2008 - 06:18 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#20 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 30 December 2008 - 06:39 PM

IEFIX:

Internet Explorer 7 is currently not supporter


Will I just run combofix?

Thanks Thunder,

Td

#21 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 30 December 2008 - 07:03 PM

Internet explorer is now working....
when I first posted this post it was only bringing up google and wouldnt go to other pages. All url entried redirecting to google. However ive since rebooted and rebooted router.

hijack this log also now available so thought Id post incase it helps.... combox fix log below....


Logfile of random's system information tool 1.04 (written by random/random)
Run by Caroline at 2008-12-31 00:20:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (56%) free of 25 GB
Total RAM: 503 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:45, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Caroline\Desktop\sandy\RSIT.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Caroline.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6520 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-19 1261336]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-30 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-31 00:06:12 ----A---- C:\ComboFix.txt
2008-12-30 23:58:00 ----A---- C:\Boot.bak
2008-12-30 23:57:54 ----RASHD---- C:\cmdcons
2008-12-30 23:52:43 ----A---- C:\WINDOWS\zip.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\VFIND.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\SWREG.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\sed.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\grep.exe
2008-12-30 23:52:43 ----A---- C:\WINDOWS\fdsv.exe
2008-12-30 23:52:35 ----D---- C:\WINDOWS\ERDNT
2008-12-30 23:52:35 ----D---- C:\Qoobox
2008-12-30 22:49:02 ----A---- C:\WINDOWS\resetlog.txt
2008-12-30 22:41:55 ----D---- C:\ERDNT
2008-12-30 21:31:48 ----A---- C:\WINDOWS\gmer.ini
2008-12-30 21:31:47 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-30 21:31:47 ----A---- C:\WINDOWS\gmer.exe
2008-12-30 21:31:47 ----A---- C:\WINDOWS\gmer.dll
2008-12-30 20:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-30 20:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-30 20:27:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-30 20:27:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-30 20:27:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-30 20:27:19 ----A---- C:\WINDOWS\system32\java.exe
2008-12-20 02:21:07 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-20 02:19:50 ----D---- C:\WINDOWS\Prefetch
2008-12-20 02:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-20 02:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-20 02:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-20 02:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-20 02:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-20 02:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-20 02:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-20 02:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-20 02:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-20 02:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-20 02:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-20 02:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-20 02:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-20 02:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-20 02:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-20 02:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-20 02:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-20 02:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-20 02:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-20 02:11:38 ----A---- C:\WINDOWS\setuplog.txt
2008-12-20 02:10:02 ----D---- C:\WINDOWS\system32\scripting
2008-12-20 02:10:02 ----D---- C:\WINDOWS\l2schemas
2008-12-20 02:10:00 ----D---- C:\WINDOWS\system32\en
2008-12-20 02:09:59 ----D---- C:\WINDOWS\system32\bits
2008-12-20 02:04:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-20 01:56:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-20 01:56:17 ----D---- C:\WINDOWS\EHome
2008-12-20 00:26:44 ----D---- C:\Program Files\trend micro
2008-12-20 00:26:43 ----D---- C:\rsit
2008-12-20 00:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-20 00:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-20 00:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-20 00:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-20 00:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-20 00:06:44 ----A---- C:\WINDOWS\imsins.BAK
2008-12-20 00:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-19 22:05:09 ----D---- C:\Program Files\CCleaner
2008-12-19 22:02:10 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 19:56:04 ----HD---- C:\$AVG8.VAULT$
2008-12-19 19:55:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-19 19:55:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 19:32:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-19 19:32:19 ----D---- C:\Program Files\AVG
2008-12-19 19:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-19 19:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

======List of files/folders modified in the last 1 months======

2008-12-31 00:21:45 ----D---- C:\WINDOWS\Temp
2008-12-31 00:20:46 ----D---- C:\WINDOWS
2008-12-31 00:20:24 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-31 00:19:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-31 00:06:21 ----D---- C:\WINDOWS\system32
2008-12-31 00:06:20 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 00:03:01 ----A---- C:\WINDOWS\system.ini
2008-12-31 00:01:05 ----D---- C:\WINDOWS\system32\config
2008-12-30 23:59:46 ----D---- C:\Program Files\Common Files
2008-12-30 23:59:45 ----D---- C:\WINDOWS\AppPatch
2008-12-30 23:58:00 ----RASH---- C:\boot.ini
2008-12-30 20:34:54 ----HD---- C:\WINDOWS\inf
2008-12-30 20:34:52 ----D---- C:\WINDOWS\system32\dllcache
2008-12-30 20:32:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-30 20:29:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 20:26:57 ----SHD---- C:\WINDOWS\Installer
2008-12-30 20:26:50 ----D---- C:\Program Files\Java
2008-12-30 20:10:43 ----RD---- C:\Program Files
2008-12-30 20:08:56 ----D---- C:\WINDOWS\occache
2008-12-30 19:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-20 09:52:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 02:21:27 ----D---- C:\WINDOWS\Debug
2008-12-20 02:19:12 ----D---- C:\WINDOWS\system32\Setup
2008-12-20 02:19:11 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 02:19:10 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 02:19:01 ----D---- C:\Program Files\Google
2008-12-20 02:18:22 ----D---- C:\WINDOWS\security
2008-12-20 02:17:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 02:15:15 ----D---- C:\Program Files\Messenger
2008-12-20 02:10:50 ----D---- C:\WINDOWS\WinSxS
2008-12-20 02:10:33 ----D---- C:\WINDOWS\network diagnostic
2008-12-20 02:10:32 ----D---- C:\WINDOWS\ime
2008-12-20 02:10:32 ----D---- C:\WINDOWS\Help
2008-12-20 02:10:05 ----D---- C:\WINDOWS\system32\en-US
2008-12-20 02:10:04 ----D---- C:\WINDOWS\system32\usmt
2008-12-20 02:09:59 ----D---- C:\WINDOWS\PeerNet
2008-12-20 02:09:58 ----D---- C:\Program Files\Movie Maker
2008-12-20 02:04:21 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 02:04:21 ----D---- C:\WINDOWS\system32\npp
2008-12-20 02:04:16 ----D---- C:\WINDOWS\msagent
2008-12-20 02:04:14 ----D---- C:\WINDOWS\srchasst
2008-12-20 02:04:13 ----D---- C:\Program Files\NetMeeting
2008-12-20 02:04:11 ----D---- C:\WINDOWS\system32\Com
2008-12-20 02:04:08 ----D---- C:\Program Files\Windows Media Player
2008-12-20 02:04:07 ----D---- C:\Program Files\Windows NT
2008-12-20 02:04:07 ----D---- C:\Program Files\Outlook Express
2008-12-20 02:04:02 ----D---- C:\Program Files\Common Files\System
2008-12-20 02:03:40 ----D---- C:\WINDOWS\system32\oobe
2008-12-20 02:03:36 ----D---- C:\WINDOWS\system
2008-12-20 01:59:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-20 01:39:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 01:38:31 ----D---- C:\Program Files\Windows Live
2008-12-20 01:36:42 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-20 01:36:14 ----SD---- C:\WINDOWS\Tasks
2008-12-20 01:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-20 00:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-12-20 00:13:11 ----D---- C:\Program Files\Internet Explorer
2008-12-19 22:10:02 ----D---- C:\WINDOWS\Minidump
2008-12-19 22:03:15 ----D---- C:\Documents and Settings\Caroline\Application Data\Mozilla
2008-12-19 21:41:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-19 21:16:06 ----D---- C:\WINDOWS\system32\813686
2008-12-19 19:51:39 ----D---- C:\Program Files\Dl_cats
2008-12-19 19:31:18 ----SD---- C:\Documents and Settings\Caroline\Application Data\Microsoft
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-19 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-19 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2006-09-19 15664]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-30 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-14 21035]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-29 8552]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-19 76040]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
R2 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
S3 CPTWGU(TalkTalk);TalkTalk SNU5630NS/05 Wireless USB Adapter(TalkTalk); C:\WINDOWS\system32\DRIVERS\CPTWGU.sys [2006-10-16 408064]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-19 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-30 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 dlcf_device;dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe [2005-09-29 491520]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------








ComboFix 08-12-29.02 - Caroline 2008-12-30 23:58:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.247 [GMT 0:00]
Running from: c:\documents and settings\Caroline\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Apple Software Update\bin\isrdbg32.exe
c:\windows\fmark2.dat
F:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_LOCATION_AWARENESS_(NLA)_(NLA)_
-------\Legacy_PACKET
-------\Service_Network Location Awareness (NLA) (Nla)
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-30 22:49 . 2008-12-30 22:49 268 --ah----- C:\sqmdata11.sqm
2008-12-30 22:49 . 2008-12-30 22:49 244 --ah----- C:\sqmnoopt11.sqm
2008-12-30 22:41 . 2008-12-30 22:57 <DIR> d-------- C:\ERDNT
2008-12-30 21:38 . 2008-12-30 21:38 268 --ah----- C:\sqmdata10.sqm
2008-12-30 21:38 . 2008-12-30 21:38 244 --ah----- C:\sqmnoopt10.sqm
2008-12-30 21:31 . 2008-12-30 21:40 345 --a------ c:\windows\gmer.ini
2008-12-30 21:11 . 2008-12-30 21:11 268 --ah----- C:\sqmdata09.sqm
2008-12-30 21:11 . 2008-12-30 21:11 244 --ah----- C:\sqmnoopt09.sqm
2008-12-30 20:47 . 2008-12-30 20:47 268 --ah----- C:\sqmdata08.sqm
2008-12-30 20:47 . 2008-12-30 20:47 244 --ah----- C:\sqmnoopt08.sqm
2008-12-30 20:27 . 2008-12-30 20:27 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-30 20:27 . 2008-12-30 20:27 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-30 20:27 . 2008-12-30 20:27 268 --ah----- C:\sqmdata07.sqm
2008-12-30 20:27 . 2008-12-30 20:27 244 --ah----- C:\sqmnoopt07.sqm
2008-12-30 20:10 . 2008-12-30 20:10 268 --ah----- C:\sqmdata06.sqm
2008-12-30 20:10 . 2008-12-30 20:10 244 --ah----- C:\sqmnoopt06.sqm
2008-12-30 20:06 . 2008-12-30 20:06 268 --ah----- C:\sqmdata05.sqm
2008-12-30 20:06 . 2008-12-30 20:06 244 --ah----- C:\sqmnoopt05.sqm
2008-12-30 19:55 . 2008-12-30 19:55 268 --ah----- C:\sqmdata04.sqm
2008-12-30 19:55 . 2008-12-30 19:55 244 --ah----- C:\sqmnoopt04.sqm
2008-12-20 02:10 . 2008-12-20 02:10 <DIR> d-------- c:\windows\system32\scripting
2008-12-20 02:10 . 2008-12-20 02:10 <DIR> d-------- c:\windows\system32\en
2008-12-20 02:10 . 2008-12-20 02:10 <DIR> d-------- c:\windows\l2schemas
2008-12-20 02:09 . 2008-12-20 02:09 <DIR> d-------- c:\windows\system32\bits
2008-12-20 02:04 . 2008-12-20 02:10 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-20 01:56 . 2008-12-20 01:56 <DIR> d-------- c:\windows\EHome
2008-12-20 00:26 . 2008-12-20 00:26 <DIR> d-------- C:\rsit
2008-12-20 00:26 . 2008-12-20 00:26 <DIR> d-------- c:\program files\trend micro
2008-12-20 00:15 . 2008-12-20 00:15 268 --ah----- C:\sqmdata03.sqm
2008-12-20 00:15 . 2008-12-20 00:15 244 --ah----- C:\sqmnoopt03.sqm
2008-12-20 00:06 . 2008-12-30 20:34 1,393 --a------ c:\windows\imsins.BAK
2008-12-19 23:59 . 2008-12-19 23:59 268 --ah----- C:\sqmdata02.sqm
2008-12-19 23:59 . 2008-12-19 23:59 244 --ah----- C:\sqmnoopt02.sqm
2008-12-19 22:05 . 2008-12-19 22:05 <DIR> d-------- c:\program files\CCleaner
2008-12-19 21:39 . 2008-12-19 21:39 268 --ah----- C:\sqmdata01.sqm
2008-12-19 21:39 . 2008-12-19 21:39 244 --ah----- C:\sqmnoopt01.sqm
2008-12-19 19:56 . 2008-12-30 23:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-19 19:55 . 2008-12-30 19:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-19 19:55 . 2008-12-30 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 19:53 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-19 19:32 . 2008-12-30 20:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-19 19:32 . 2008-12-19 19:32 <DIR> d-------- c:\program files\AVG
2008-12-19 19:32 . 2008-12-19 19:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-19 19:32 . 2008-12-19 19:32 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-19 19:32 . 2008-12-19 19:32 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-19 19:32 . 2008-12-19 19:32 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-19 19:28 . 2008-12-19 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:26 --------- d-----w c:\program files\Java
2008-12-30 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-20 02:19 --------- d-----w c:\program files\Google
2008-12-20 01:38 --------- d-----w c:\program files\Windows Live
2008-12-20 01:36 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-20 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-19 21:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 19:51 --------- d-----w c:\program files\Dl_cats
2008-11-03 20:25 --------- d-----w c:\documents and settings\Caroline\Application Data\McAfee.com Personal Firewall
2008-11-03 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2008-10-30 12:03 --------- d-----w c:\program files\Apple Software Update
2007-04-23 14:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 14:11 224,896 ----a-w c:\windows\inf\WG111v3\wg111v3.sys
2007-03-27 12:36 60 ----a-w c:\documents and settings\Caroline\Application Data\wklnhst.dat
2006-12-15 11:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 11:30 66,048 ----a-w c:\windows\inf\WG111v3\EAPPkt.sys
2006-12-15 11:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 11:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2006-12-15 11:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 11:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 11:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
2007-11-21 15:05 56 --sh--r c:\windows\system32\07861B5FCE.sys
2008-09-08 11:03 88 --sh--r c:\windows\system32\A81306D26D.sys
2008-09-08 11:03 6,996 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-19 1261336]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 1527808]
TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk - c:\program files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe [2006-06-09 466944]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8484:TCP"= 8484:TCP:TINYPROXY
"53:TCP"= 53:TCP:TINYPROXY

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-19 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-19 76040]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
S3 CPTWGU(TalkTalk);TalkTalk SNU5630NS/05 Wireless USB Adapter(TalkTalk);c:\windows\system32\DRIVERS\CPTWGU.sys [2006-10-16 408064]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Caroline\Application Data\Mozilla\Firefox\Profiles\79f4m12b.default\
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 00:02:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-31 0:06:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 00:06:07

Pre-Run: 14,771,630,080 bytes free
Post-Run: 14,737,121,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

207 --- E O F --- 2008-12-30 20:34:54





:thumbsup:

Edited by the doomed, 30 December 2008 - 07:17 PM.


#22 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 31 December 2008 - 05:06 AM

Hello Td,

All logs look fine now. :thumbsup:

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#23 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 31 December 2008 - 05:08 AM

Hello Td,

All logs look fine now. :)

Are you still having problems ?

Greetings,
Thunder


Nope - only the viruses flashing up from the system restore.

Quick question - Ill make you a donation (small - but im scottish :thumbsup: ) - does it go to you or this website or another place/person?

#24 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 31 December 2008 - 05:28 AM

Hello Td,

A donation using the button in my sig, goes to me. :thumbsup:

As for those system restore points now :
You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Reboot your system, and check if anything is still found. :)

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#25 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 31 December 2008 - 05:48 AM

Hello Td,

A donation using the button in my sig, goes to me. :)

As for those system restore points now :
You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Reboot your system, and check if anything is still found. :)

Greetings,
Thunder


Hi Thunder,

Sounds superb. Will try it tomorrow and update you to confirm all is clean - sadly Im still stuck at work (31st Dec is a big day in Scotand!) .

Donation sent - hopefully with the poor GBP exchange rate you should do not too badly :thumbsup:

Many, many thanks! :) :)

Posted Image

Best regards,

The doomed

#26 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 31 December 2008 - 05:52 AM

Hello Td,

Will try it tomorrow and update you to confirm all is clean - sadly Im still stuck at work (31st Dec is a big day in Scotland!) .

31st Dec is a big day almost everywhere I should think :)

I'll look out for your confirmation. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#27 the doomed

the doomed
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 31 December 2008 - 10:23 AM

Hello Td,

Will try it tomorrow and update you to confirm all is clean - sadly Im still stuck at work (31st Dec is a big day in Scotland!) .

31st Dec is a big day almost everywhere I should think :)

I'll look out for your confirmation. :)

Greetings,
Thunder

Woooo

Howdi Thunder,

All seems to be spot on! Many thanks! Get yourself a few beers tonight :)


The doomed :thumbsup:

#28 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 31 December 2008 - 11:19 AM

Glad we could help, Td :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users