Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running verrry slow, please help


  • This topic is locked This topic is locked
11 replies to this topic

#1 wvuguy11

wvuguy11

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 23 December 2008 - 05:54 PM

Hi, I posted my scans in another forum and they refused to look at it because they said I had an illegal copy of Windows and they closed my thread. However, last summer my mom got a proffessional computer technician to help with our computer and he reloaded windows with the cd's that Dell gave us. I do not know why this is showing up as illegal. Well anyways, here is my scan, maybe it just messed up on the other forums. Thank you in advance.

-----------------------------------------------------------------------------------------------------------------------------------------
DDS (Version 1.1.0) - NTFSx86
Run by Owner at 17:43:47.49 on Tue 12/23/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.133 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.verizon.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SFCDisable=-99 (0xffffff9d)
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Browser Helper Object: {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\program files\common\helper.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EPSON PictureMate PM 260] c:\windows\system32\spool\drivers\w32x86\3\e_faticga.exe /fu "c:\windows\temp\E_SA0.tmp" /EF "HKCU"
uRun: [Aim6]
uRun: [DeleteHistoryFree] c:\program files\deletehistoryfree\dhf.exe
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.explorelearning.com/index.cfm?method=cResource.dspView&ResourceID=395&ClassID=1195302"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Norton Ghost 12.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet v series\bin\hpoant07.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - f:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - f:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/html - {b0a2ba31-f205-475e-a3d5-416df6b995ff} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: Antiwpa - antiwpa.dll
AppInit_DLLs: avgrsstx.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-11 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-11 26824]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-11 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-11 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-11 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-9-13 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-8-18 31592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2008-9-6 29744]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [2004-3-26 107648]

=============== Created Last 30 ================

2008-12-15 11:34 250 a------- c:\windows\gmer.ini
2008-12-05 23:10 <DIR> --d----- c:\docume~1\owner\applic~1\Any DVD Converter Professional
2008-12-05 23:10 <DIR> --d----- c:\program files\Any DVD Converter Professional
2008-12-05 23:07 24,064 a------- c:\windows\system32\msxml3a.dll
2008-12-05 23:06 <DIR> --d----- c:\program files\AnvSoft Movie DVD Maker
2008-12-04 09:10 <DIR> --d----- c:\program files\Common
2008-12-03 21:38 57,840 a------- c:\documents and settings\owner\nah_log.dat
2008-11-29 22:57 0 a------- c:\windows\system32\wertyu.dll
2008-11-29 22:57 0 a------- c:\windows\system32\getwn32.dll
2008-11-29 22:57 0 a------- c:\windows\system32\av.exe
2008-11-29 22:52 2,271 a------- c:\windows\system32\TDSSxnhr.dll
2008-11-29 22:52 527 a------- c:\windows\system32\TDSSweat.dat
2008-11-26 23:52 <DIR> --d----- c:\docume~1\owner\applic~1\RTPlayer
2008-11-26 23:39 <DIR> --d----- c:\program files\PixiePack Codec Pack
2008-11-26 23:36 26,784 a------- c:\windows\system32\drivers\tbhsd.sys
2008-11-26 23:35 <DIR> --d----- c:\program files\RapidSolution
2008-11-26 23:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2008-11-25 11:54 <DIR> --d----- c:\program files\iTunes
2008-11-25 11:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 11:51 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-11-29 22:51 507,904 a------- c:\windows\system32\winlogon.exe
2008-11-29 22:51 295,424 a------- c:\windows\system32\termsrv.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

============= FINISH: 17:44:58.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 31 December 2008 - 02:09 AM

Hi wvuguy11,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of log.txt

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#3 wvuguy11

wvuguy11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 31 December 2008 - 04:43 PM

Hello Farbar, thanks in advance
Since the last post, the computers situation has gotten far worse. Last night the computer got the virus that says you have Antivirus 2009 and tons of pop ups come up. After a lot of trouble we finally got that virus deleted. Now, there are a lot of pop ups. The program I used to get rid of the virus was MalwareBytes anti malware. I have run a scan using AVG and Spybot search and Destroy.

Here is the log.txt file.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-31 16:37:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 250 GB (82%) free of 305 GB
Total RAM: 511 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:33 PM, on 12/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1DABDA85-4BBF-4E67-904D-476C387D4CE1} - C:\WINDOWS\system32\efcDTNDU.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE /FU "C:\WINDOWS\TEMP\E_SA0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DeleteHistoryFree] C:\Program Files\DeleteHistoryFree\dhf.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {b0a2ba31-f205-475e-a3d5-416df6b995ff} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: iifCVMGA - iifCVMGA.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10600 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\tpexpxip.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DABDA85-4BBF-4E67-904D-476C387D4CE1}]
C:\WINDOWS\system32\efcDTNDU.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-06 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-31 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-05-07 2037088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-06 185896]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-31 68856]
"EPSON PictureMate PM 260"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE [2007-03-16 182272]
"Aim6"= []
"DeleteHistoryFree"=C:\Program Files\DeleteHistoryFree\dhf.exe []
"Tunebite"=C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [2008-02-01 4998448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HPAiODevice(hp officejet v series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
antiwpa.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifCVMGA]
iifCVMGA.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcDTNDU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\AIM\aim.exe"="F:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25da58f4-6a2b-11dd-b809-0007e9635038}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2008-12-31 16:37:15 ----D---- C:\Program Files\trend micro
2008-12-31 16:37:13 ----D---- C:\rsit
2008-12-30 21:21:34 ----D---- C:\Avenger
2008-12-30 21:05:36 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-30 21:05:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-30 21:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-30 20:45:21 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-15 11:34:07 ----A---- C:\WINDOWS\gmer.ini
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer.exe
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer.dll
2008-12-10 20:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-05 23:12:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-05 23:10:55 ----D---- C:\Documents and Settings\Owner\Application Data\Any DVD Converter Professional
2008-12-05 23:10:49 ----D---- C:\Program Files\Any DVD Converter Professional
2008-12-05 23:07:12 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-12-05 23:06:52 ----D---- C:\Program Files\AnvSoft Movie DVD Maker
2008-12-04 09:10:58 ----D---- C:\Program Files\Common

======List of files/folders modified in the last 1 months======

2008-12-31 16:37:15 ----RD---- C:\Program Files
2008-12-31 16:33:45 ----D---- C:\WINDOWS\Temp
2008-12-31 15:00:24 ----D---- C:\WINDOWS\system32
2008-12-31 12:22:21 ----D---- C:\WINDOWS\Prefetch
2008-12-31 11:45:12 ----D---- C:\WINDOWS\Help
2008-12-31 10:58:16 ----SD---- C:\WINDOWS\Tasks
2008-12-31 10:54:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-31 10:38:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 02:21:52 ----HD---- C:\$AVG8.VAULT$
2008-12-30 21:21:34 ----D---- C:\WINDOWS\system32\drivers
2008-12-30 20:48:38 ----D---- C:\WINDOWS
2008-12-30 20:46:35 ----D---- C:\Documents and Settings\Owner\Application Data\Tunebite
2008-12-30 20:45:28 ----A---- C:\WINDOWS\setuplog.txt
2008-12-28 13:26:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-23 23:18:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 23:17:56 ----HD---- C:\WINDOWS\inf
2008-12-23 11:04:09 ----D---- C:\Program Files\MSN
2008-12-18 12:43:41 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 12:43:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 12:43:33 ----D---- C:\WINDOWS\ie7updates
2008-12-18 12:43:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:28:27 ----D---- C:\Program Files\Norton PC Checkup
2008-12-17 20:28:09 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 20:25:51 ----SHD---- C:\WINDOWS\Installer
2008-12-10 20:25:08 ----A---- C:\WINDOWS\win.ini
2008-12-10 20:23:32 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 13:34:08 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-11 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-11 76040]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2008-08-11 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-05-07 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2007-12-11 26784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-15 85969]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver; C:\WINDOWS\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-07-31 14072]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-05-07 3425632]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 01 January 2009 - 08:40 AM

Hi again,
  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Open Windows Defender.
    • Click on Tools, Options.
    • Scroll down the list of options to select "Real-time Protection Options."
    • Uncheck "Use Real-Time Protection (Recommended)".
    • After you uncheck this, click on the Save button and close Windows Defender.

      Note:After all of the fixes are complete and I give you the clean sign you enable Real-time Protection again.
  • Open notepad (start-all programs-accessories-notepad). Copy and paste the text in the code box into the notepad.

    @ECHO OFF
    attrib -h -r -s C:\WINDOWS\tasks\tpexpxip.job
    del /q C:\WINDOWS\tasks\tpexpxip.job
    del remove.bat
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: (no name) - {1DABDA85-4BBF-4E67-904D-476C387D4CE1} - C:\WINDOWS\system32\efcDTNDU.dll (file missing)
    O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
    O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
    O20 - Winlogon Notify: iifCVMGA - iifCVMGA.dll (file missing)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note:the logs are saved by default under the Logs tab.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 wvuguy11

wvuguy11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 January 2009 - 01:47 PM

Hi, the scans all went as planned.

MBAM log:

Malwarebytes' Anti-Malware 1.31
Database version: 1589
Windows 5.1.2600 Service Pack 3

1/1/2009 1:05:55 PM
mbam-log-2009-01-01 (13-05-55).txt

Scan type: Quick Scan
Objects scanned: 55714
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\seneka29f1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabivfxtaa.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaucduxrsp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaoxukfkqe.sys (Trojan.Agent) -> Quarantined and deleted successfully.


Combofix log:

ComboFix 08-12-31.01 - Owner 2009-01-01 13:30:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.141 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\nah_log.dat
c:\program files\Common\helper.sig
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\av.exe
c:\windows\system32\TDSSweat.dat
G:\Autorun.inf

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\winlogon.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-31 16:37 . 2008-12-31 16:37 <DIR> d-------- C:\rsit
2008-12-31 16:37 . 2009-01-01 12:37 <DIR> d-------- c:\program files\trend micro
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 21:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 21:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 20:45 . 2008-12-30 20:45 2,422 --a------ c:\windows\system32\wpa.bak
2008-12-30 20:37 . 2008-12-30 20:37 5,208 --a------ c:\windows\system32\pid.PNF
2008-12-30 19:23 . 2008-12-30 19:23 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMDU2NDR8_
2008-12-15 11:34 . 2008-12-15 11:37 250 --a------ c:\windows\gmer.ini
2008-12-05 23:12 . 2008-12-05 23:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 23:10 . 2008-12-05 23:12 <DIR> d-------- c:\program files\Any DVD Converter Professional
2008-12-05 23:10 . 2008-12-05 23:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\Any DVD Converter Professional
2008-12-05 23:07 . 2001-03-08 19:30 24,064 --a------ c:\windows\system32\msxml3a.dll
2008-12-05 23:06 . 2008-12-05 23:07 <DIR> d-------- c:\program files\AnvSoft Movie DVD Maker
2008-12-04 09:10 . 2009-01-01 13:30 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 18:28 --------- d-----w c:\documents and settings\Owner\Application Data\Tunebite
2008-12-28 18:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-18 01:28 --------- d-----w c:\program files\Norton PC Checkup
2008-12-03 18:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-30 05:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-27 04:52 --------- d-----w c:\documents and settings\Owner\Application Data\RTPlayer
2008-11-27 04:40 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-27 04:39 --------- d-----w c:\program files\PixiePack Codec Pack
2008-11-27 04:35 --------- d-----w c:\program files\RapidSolution
2008-11-25 16:59 --------- d-----w c:\program files\Apple Software Update
2008-11-25 16:54 --------- d-----w c:\program files\iTunes
2008-11-25 16:54 --------- d-----w c:\program files\iPod
2008-11-25 16:54 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 16:51 --------- d-----w c:\program files\Bonjour
2008-11-25 16:50 --------- d-----w c:\program files\QuickTime
2008-11-14 15:00 --------- d-----w c:\documents and settings\Owner\Application Data\Sibelius Software
2008-11-10 21:56 --------- d-----w c:\program files\Microsoft Silverlight
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"EPSON PictureMate PM 260"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE" [2007-03-16 182272]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 4998448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2037088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-04-25 487487]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 10:43 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 10:35 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 10:37 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 10:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-11 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-11 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-13 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S0 abfy;abfy;c:\windows\system32\drivers\hybyepha.sys []
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-18 31592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-31 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 20:28]

2008-12-28 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 20:28]

2009-01-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DeleteHistoryFree - c:\program files\DeleteHistoryFree\dhf.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 13:35:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-861567501-884357618-682003330-1003
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-861567501-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-861567501-884357618-682003330-1003
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-861567501-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-861567501-884357618-682003330-1003
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\windows\system32\hpoipm07.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-01-01 13:40:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 18:40:48

Pre-Run: 262,055,972,864 bytes free
Post-Run: 261,964,046,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

226 --- E O F --- 2008-12-29 17:48:20


Fresh Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:17 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE /FU "C:\WINDOWS\TEMP\E_SA0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9616 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 01 January 2009 - 02:37 PM

Well done. :thumbsup:
  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/188848/computer-running-verrry-slow-please-help/?p=1070880
    
    Collect::[66]
    C:\msiconf.exe
    C:\windows\msiconf.exe
    C:\windows\system32\msiconf.exe
    c:\windows\system32\drivers\hybyepha.sys
    
    Driver::
    abfy
    TDSSSERV.SYS
    
    Dirlook::
    c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMDU2NDR8_

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Please run the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!
    Follow the Instruction here for installation.
    Accept the License Agreement.
    Once the ActiveX installs,Click Full System Scan
    Once the download completes, the scan will begin automatically.
    The scan will take some time to finish, so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.
    Click the Show Report button and Copy&Paste the entire report in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The F-Secure scan result.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#7 wvuguy11

wvuguy11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 January 2009 - 08:57 PM

When I finished the combofix scan the message to capture files to submit for analysis never came up.

Here is the combofix log:

ComboFix 08-12-31.01 - Owner 2009-01-01 18:40:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.195 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_abfy


((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2008-12-31 16:37 . 2008-12-31 16:37 <DIR> d-------- C:\rsit
2008-12-31 16:37 . 2009-01-01 13:43 <DIR> d-------- c:\program files\trend micro
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-30 21:05 . 2008-12-30 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 21:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 21:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 20:45 . 2008-12-30 20:45 2,422 --a------ c:\windows\system32\wpa.bak
2008-12-30 20:37 . 2008-12-30 20:37 5,208 --a------ c:\windows\system32\pid.PNF
2008-12-30 19:23 . 2008-12-30 19:23 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMDU2NDR8_
2008-12-15 11:34 . 2008-12-15 11:37 250 --a------ c:\windows\gmer.ini
2008-12-05 23:12 . 2008-12-05 23:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 23:10 . 2008-12-05 23:12 <DIR> d-------- c:\program files\Any DVD Converter Professional
2008-12-05 23:10 . 2008-12-05 23:21 <DIR> d-------- c:\documents and settings\Owner\Application Data\Any DVD Converter Professional
2008-12-05 23:07 . 2001-03-08 19:30 24,064 --a------ c:\windows\system32\msxml3a.dll
2008-12-05 23:06 . 2008-12-05 23:07 <DIR> d-------- c:\program files\AnvSoft Movie DVD Maker
2008-12-04 09:10 . 2009-01-01 13:30 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 18:36 --------- d-----w c:\documents and settings\Owner\Application Data\Tunebite
2009-01-01 18:32 502,272 ----a-w c:\windows\system32\winlogon.exe
2008-12-28 18:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-18 01:28 --------- d-----w c:\program files\Norton PC Checkup
2008-12-03 18:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-30 05:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-30 03:51 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-27 04:52 --------- d-----w c:\documents and settings\Owner\Application Data\RTPlayer
2008-11-27 04:40 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2008-11-27 04:39 --------- d-----w c:\program files\PixiePack Codec Pack
2008-11-27 04:35 --------- d-----w c:\program files\RapidSolution
2008-11-25 16:59 --------- d-----w c:\program files\Apple Software Update
2008-11-25 16:54 --------- d-----w c:\program files\iTunes
2008-11-25 16:54 --------- d-----w c:\program files\iPod
2008-11-25 16:54 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 16:54 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 16:51 --------- d-----w c:\program files\Bonjour
2008-11-25 16:50 --------- d-----w c:\program files\QuickTime
2008-11-14 15:00 --------- d-----w c:\documents and settings\Owner\Application Data\Sibelius Software
2008-11-10 21:56 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMDU2NDR8_ ----

2008-12-30 19:23 4400 --a------ c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMDU2NDR8_\spl.ini


((((((((((((((((((((((((((((( snapshot@2009-01-01_13.38.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-01 23:44:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
+ 2009-01-01 23:44:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_738.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-31 68856]
"EPSON PictureMate PM 260"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE" [2007-03-16 182272]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 4998448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2037088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-04-25 487487]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 10:43 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 10:35 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 10:37 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 10:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-11 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-11 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-11 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-13 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-18 31592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-31 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 20:28]

2008-12-28 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 20:28]

2009-01-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 18:45:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-861567501-884357618-682003330-1003
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-861567501-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-861567501-884357618-682003330-1003
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
@Allowed: (Full) (S-1-5-21-861567501-884357618-682003330-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-861567501-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-861567501-884357618-682003330-1003
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\windows\system32\hpoipm07.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
c:\program files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-01-01 18:50:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 23:50:26
ComboFix2.txt 2009-01-01 18:40:58

Pre-Run: 261,860,782,080 bytes free
Post-Run: 261,899,722,752 bytes free

231 --- E O F --- 2009-01-01 19:02:31


F-scan result

Computer name: OWNER-2F76E1B45
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\ G:\


--------------------------------------------------------------------------------

Result: 13 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adrevolver (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Specificclick (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System
Trojan-Downloader.JS.Psyme.amv (virus)
C:\PROGRAM FILES\NORTON PC CHECKUP\EXECUTABLES\PRODUCTSCANNER\DOWNLOADER.VBS (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 41310
System: 3905
Not scanned: 13
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 12
Submitted: 1
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAO
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBEAM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBEAO
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\HP

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Hydra: 2.8.8110, 2009-01-01
F-Secure AVP: 7.0.171, 2009-01-01
F-Secure Pegasus: 1.20.0, 2008-11-17
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics


New Hijakthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:09 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE /FU "C:\WINDOWS\TEMP\E_SA0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9888 bytes

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 01 January 2009 - 09:20 PM

Thanks for the feedback. The prompt didn't come up because there were no file on the system to send. They were already removed.

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java or Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Tell me also how is your computer running.


#9 wvuguy11

wvuguy11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 01 January 2009 - 10:57 PM

Hi, thanks for everything. The computer seems to be running in much better shape. It is old so, it is always a little slow. At least I can now navigate through the internet and not get redirected. I have one question and that is if there is a free antivirus software that you would reccomend. I looked it up and it seemed that AVIRA is highly rated. I'm sure you guys get this question a lot. Anyways, here is my RSIT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-01 22:48:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 250 GB (82%) free of 305 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:08 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON PictureMate PM 260] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE /FU "C:\WINDOWS\TEMP\E_SA0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9406 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-06 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-31 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-09-06 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-05-07 2037088]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-06 185896]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-01 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-31 68856]
"EPSON PictureMate PM 260"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICGA.EXE [2007-03-16 182272]
"Tunebite"=C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [2008-02-01 4998448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HPAiODevice(hp officejet v series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\AIM\aim.exe"="F:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-01 22:47:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-01 22:47:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-01 22:47:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-01 22:47:10 ----A---- C:\WINDOWS\system32\java.exe
2009-01-01 22:42:33 ----SHD---- C:\RECYCLER
2009-01-01 18:55:27 ----D---- C:\fsaua.data
2009-01-01 18:50:32 ----A---- C:\ComboFix.txt
2009-01-01 13:30:09 ----A---- C:\Boot.bak
2009-01-01 13:30:03 ----RASHD---- C:\cmdcons
2009-01-01 13:28:15 ----A---- C:\WINDOWS\zip.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\VFIND.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\SWSC.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\SWREG.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\sed.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\grep.exe
2009-01-01 13:28:15 ----A---- C:\WINDOWS\fdsv.exe
2009-01-01 13:13:24 ----D---- C:\WINDOWS\ERDNT
2009-01-01 13:13:24 ----D---- C:\Qoobox
2008-12-31 21:07:07 ----D---- C:\WINDOWS\Minidump
2008-12-31 16:37:15 ----D---- C:\Program Files\trend micro
2008-12-31 16:37:13 ----D---- C:\rsit
2008-12-30 21:05:36 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-30 21:05:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-30 21:05:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-30 20:45:21 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-15 11:34:07 ----A---- C:\WINDOWS\gmer.ini
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer.exe
2008-12-15 11:34:05 ----A---- C:\WINDOWS\gmer.dll
2008-12-10 20:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-05 23:12:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-05 23:10:55 ----D---- C:\Documents and Settings\Owner\Application Data\Any DVD Converter Professional
2008-12-05 23:10:49 ----D---- C:\Program Files\Any DVD Converter Professional
2008-12-05 23:07:12 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-12-05 23:06:52 ----D---- C:\Program Files\AnvSoft Movie DVD Maker

======List of files/folders modified in the last 1 months======

2009-01-01 22:49:08 ----D---- C:\WINDOWS\Temp
2009-01-01 22:48:44 ----D---- C:\WINDOWS\Prefetch
2009-01-01 22:47:18 ----SHD---- C:\WINDOWS\Installer
2009-01-01 22:47:11 ----D---- C:\WINDOWS\system32
2009-01-01 22:46:39 ----D---- C:\Program Files\Java
2009-01-01 22:43:52 ----SD---- C:\WINDOWS\Tasks
2009-01-01 22:42:36 ----RD---- C:\Program Files
2009-01-01 22:39:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 22:38:16 ----D---- C:\Program Files\Common Files
2009-01-01 22:31:41 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-01 18:59:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-01 18:55:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 18:50:43 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 18:50:38 ----D---- C:\WINDOWS
2009-01-01 18:45:34 ----A---- C:\WINDOWS\system.ini
2009-01-01 18:43:01 ----D---- C:\WINDOWS\system32\config
2009-01-01 18:41:42 ----D---- C:\WINDOWS\AppPatch
2009-01-01 13:36:13 ----D---- C:\Documents and Settings\Owner\Application Data\Tunebite
2009-01-01 13:32:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-01 13:32:13 ----A---- C:\WINDOWS\system32\winlogon.exe
2009-01-01 13:30:09 ----RASH---- C:\boot.ini
2009-01-01 12:43:01 ----D---- C:\WINDOWS\Registration
2008-12-31 11:45:12 ----D---- C:\WINDOWS\Help
2008-12-31 02:21:52 ----HD---- C:\$AVG8.VAULT$
2008-12-30 20:45:28 ----A---- C:\WINDOWS\setuplog.txt
2008-12-28 13:26:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-23 23:18:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 23:17:56 ----HD---- C:\WINDOWS\inf
2008-12-23 11:04:09 ----D---- C:\Program Files\MSN
2008-12-18 12:43:41 ----A---- C:\WINDOWS\imsins.BAK
2008-12-18 12:43:33 ----D---- C:\WINDOWS\ie7updates
2008-12-18 12:43:25 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:28:27 ----D---- C:\Program Files\Norton PC Checkup
2008-12-17 20:28:09 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 20:25:08 ----A---- C:\WINDOWS\win.ini
2008-12-10 20:23:32 ----D---- C:\Program Files\Internet Explorer
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-03 13:34:08 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-11 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-11 76040]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2008-08-11 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-05-07 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2007-12-11 26784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-15 85969]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver; C:\WINDOWS\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-07-31 14072]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-01 152984]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-05-07 3425632]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-06 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 02 January 2009 - 04:41 AM

Your log looks clean.

AVIRA is good, AVG too. Some people prefer one upon another.

The slowness is partly due to too many (perhaps unneeded) applications running on the computer. I see Norton Ghost and Norton live update service. I see a few programs are scheduled to run. Some program run at startup without needing to do that. You need also regular fragmentation of the computer.

I wanted to recommend using a firewall but see that the computer is already slow.

++++++++++++++

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

++++++++++++++

I recommend using Site Advisor for safe surfing. It is an extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how save a site is: http://www.siteadvisor.com/

I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link here.


Do you have any question?

#11 wvuguy11

wvuguy11
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 02 January 2009 - 01:58 PM

No, thank you farbar for everything!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 PM

Posted 02 January 2009 - 02:31 PM

You are welcome wvuguy11. Happy surfing!

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users