Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VUNDO.H infection/possibly others!


  • Please log in to reply
18 replies to this topic

#1 texjim

texjim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 December 2008 - 03:42 AM

Not sure how to handle this problem, it's causing multiple pop-ups and even causing random BSOD.
I tried adaware and spybot-s&d, but both seem to freeze up during the process,and won't work in safe mode. Tried Malwarebytes and it cleaned up a few problems but the VUNDO. H seems to keep coming back.Im sure i have other problems as well, Please i need an expert opinion any help would be appreciated thanks!
Included is a hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:12 AM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [RCScheduleCheck] "C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE" -CHECK
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\WINDOWS\system32\Shdocvw.dll (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - https://coe.amerisourcebergen.com/coeweb/bin/iftwclix.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197014432484
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198573710593
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab40972.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...284/mcfscan.cab
O20 - AppInit_DLLs: jvauaj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FHTNJSHSF - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\FHTNJSHSF.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 1: Ocean Aquarium Standard v1.0 Active Desktop - (no file)

--
End of file - 9514 bytes

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 06 January 2009 - 09:24 PM

texjim

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 January 2009 - 02:53 AM

Hi, and thanks for the reply I really need some help. I Ran combofix and followed steps as posted problem is when combofix scanned and rebooted computer i got a BSOD stop error :0x0000008E (0xC0000009A, 0x8054BD45, 0xB93DF3D4, 0x00000000). Had to manually restart computer and BSOD another stop error 0x00000050 Page Fault in nonpaged area. Then it booted with no BSOD and now the computer shows a new internet explorer icon and the time is messed up. But I don't see a log from combofix so I guess It didn't work. Should I try running combofix again? Guess I'll just wait for your reply. Lately I've been getting Random BSOD with the stop error message relating to the Win32K.sys not sure if it has to do with malware etc, or something else. I tried updating my device drivers and tested the memory but nothing seems to be working out. What to do?? please let me know. thanks for your time

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 07 January 2009 - 08:46 AM

texjim

Those BSOD errors are not likely the result of an infection. Do you have the XP OS (operating System) disk that came with the PC?
Posted Image
Microsoft MVP - Windows Security

#5 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 January 2009 - 02:11 PM

No, sorry I don't. what else could i try??

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 07 January 2009 - 02:37 PM

texjim

Our options are very limited.

Are you able to boot into Safe mode?
Posted Image
Microsoft MVP - Windows Security

#7 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 07 January 2009 - 03:11 PM

yes I am able boot in safe mode. Also my avg free edition keeps finding a trojan horse generic 12 ADHR located in my C:\ System Volume Information\ restore. Also a trojan with SHeur2.GRY prunnet.exe, gadcom.exe. I tried to heal them but seem to pop up every so often especially the one with system volume information\restore. Is there a way we can confront this problem first then the bsod or what? Sorry for the trouble it's driving me nuts.

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 January 2009 - 09:40 AM

texjim

Let's work in Safe Mode with Networking for the time being.

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#9 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 08 January 2009 - 09:16 PM

Thank you for taking the time out to help me! I Really appreciate it :thumbsup:
Here's the log you requested.


+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.5
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 2009-01-08 7:57:21 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\System32\CScript.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

BHO: (NO NAME) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"RCScheduleCheck"="\"C:\\Program Files\\VCOM\\Recovery Commander\\RCSCHED.EXE\" -CHECK"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LTMSG"="LTMSG.exe 7"
"nwiz"="nwiz.exe /install"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"combofix"="C:\\WINDOWS\\system32\\CF12880.exe /c C:\\ComboFix\\Combobatch.bat"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

2009-01-06 9:55:06 PM 8108131 C:\cmdcons
2009-01-06 9:55:12 PM 860672 C:\cmdcons\SYSTEM32
2009-01-06 9:51:19 PM 37332110 C:\ComboFix
2009-01-06 9:51:21 PM 4308 C:\ComboFix\N_
2009-01-06 9:54:55 PM 8941872 C:\ComboFix\RC
2009-01-06 9:51:21 PM 1113651 C:\Qoobox
2009-01-06 9:51:21 PM 17831 C:\Qoobox\BackEnv
2009-01-06 9:51:21 PM 2328 C:\Qoobox\LastRun
2009-01-06 9:51:21 PM 1092940 C:\Qoobox\Quarantine
2009-01-06 9:58:01 PM 1082472 C:\Qoobox\Quarantine\C
2009-01-06 9:58:31 PM 0 C:\Qoobox\Quarantine\C\DOCUME~1
2009-01-06 9:58:31 PM 0 C:\Qoobox\Quarantine\C\DOCUME~1\Owner
2009-01-06 9:58:31 PM 0 C:\Qoobox\Quarantine\C\DOCUME~1\Owner\LOCALS~1
2009-01-06 9:58:31 PM 0 C:\Qoobox\Quarantine\C\DOCUME~1\Owner\LOCALS~1\Temp
2009-01-06 9:58:31 PM 1082472 C:\Qoobox\Quarantine\C\WINDOWS
2009-01-06 9:58:31 PM 503 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM
2009-01-06 9:58:31 PM 1081930 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32
2009-01-06 10:01:43 PM 42512 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\drivers
2009-01-06 9:51:21 PM 10410 C:\Qoobox\Quarantine\Registry_backups
2009-01-06 9:51:21 PM 0 C:\Qoobox\Test
2009-01-06 9:51:21 PM 0 C:\Qoobox\TestC
2009-01-06 9:55:21 PM 201 32 C:\Boot.bak
2009-01-06 9:55:14 PM 260272 32 C:\cmldr
2009-01-08 7:57:22 PM 1953 32 C:\Files.txt
2009-01-08 6:15:39 PM 536449024 38 C:\hiberfil.sys
2008-12-24 10:47:48 AM 73728 32 C:\tstk.exe
2008-12-24 8:22:34 PM 418 32 C:\VundoFix.txt
2008-12-27 6:46:09 PM 956399 C:\WINDOWS\$NtUninstallKB958644$
2008-12-27 6:46:09 PM 624111 C:\WINDOWS\$NtUninstallKB958644$\spuninst
2008-12-23 2:49:11 PM 0 32 C:\WINDOWS\0.log
2008-12-27 6:46:16 PM 2056 32 C:\WINDOWS\comsetup.log
2008-12-27 6:46:15 PM 6159 32 C:\WINDOWS\FaxSetup.log
2009-01-06 9:51:30 PM 89504 32 C:\WINDOWS\fdsv.exe
2009-01-06 9:51:30 PM 80412 32 C:\WINDOWS\grep.exe
2008-12-27 6:46:16 PM 1008 32 C:\WINDOWS\iis6.log
2008-12-27 6:46:17 PM 1393 32 C:\WINDOWS\imsins.log
2008-12-27 6:41:14 PM 8883 32 C:\WINDOWS\KB958644.log
2008-12-27 6:46:17 PM 309 32 C:\WINDOWS\msgsocm.log
2009-01-06 9:51:30 PM 28672 32 C:\WINDOWS\NIRCMD.exe
2008-12-29 7:23:58 PM 368198 32 C:\WINDOWS\ntbtlog.txt
2008-12-27 6:46:16 PM 1247 32 C:\WINDOWS\ntdtcsetup.log
2008-12-27 6:46:14 PM 2916 32 C:\WINDOWS\ocgen.log
2008-12-27 6:46:18 PM 342 32 C:\WINDOWS\ocmsn.log
2009-01-06 10:03:09 PM 53248 32 C:\WINDOWS\PSEXESVC.EXE
2009-01-06 9:51:30 PM 98816 32 C:\WINDOWS\sed.exe
2008-12-26 5:58:41 PM 82 32 C:\WINDOWS\setupact.log
2008-12-24 2:28:24 PM 79946 32 C:\WINDOWS\setupapi.log
2008-12-26 5:58:41 PM 0 32 C:\WINDOWS\setuperr.log
2008-12-26 5:55:19 PM 113479 32 C:\WINDOWS\svcpack.log
2009-01-06 9:51:30 PM 161792 32 C:\WINDOWS\SWREG.exe
2009-01-06 9:51:30 PM 136704 32 C:\WINDOWS\SWSC.exe
2009-01-06 9:51:30 PM 212480 32 C:\WINDOWS\SWXCACLS.exe
2008-12-27 6:46:17 PM 2359 32 C:\WINDOWS\tsoc.log
2008-12-27 6:46:12 PM 501 32 C:\WINDOWS\updspapi.log
2009-01-06 9:51:30 PM 49152 32 C:\WINDOWS\VFIND.exe
2008-12-23 2:44:49 PM 1697211 32 C:\WINDOWS\WindowsUpdate.log
2009-01-06 9:51:30 PM 68096 32 C:\WINDOWS\zip.exe
2008-12-23 1:45:25 PM 0 32 C:\WINDOWS\SYSTEM32\6b6aed1c-.txt
2009-01-06 9:51:18 PM 388608 32 C:\WINDOWS\SYSTEM32\CF12880.exe
2008-12-29 7:20:21 PM 410984 32 C:\WINDOWS\SYSTEM32\deploytk.dll
2008-12-24 2:52:30 PM 12288 32 C:\WINDOWS\SYSTEM32\hlinkprx.dll
2008-12-29 7:20:21 PM 144792 32 C:\WINDOWS\SYSTEM32\java.exe
2008-12-29 7:20:21 PM 73728 32 C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-12-29 7:20:21 PM 144792 32 C:\WINDOWS\SYSTEM32\javaw.exe
2008-12-29 7:20:21 PM 148888 32 C:\WINDOWS\SYSTEM32\javaws.exe
2008-12-15 6:44:12 PM 88566 32 C:\WINDOWS\SYSTEM32\nvapps.xml
2008-12-15 6:44:08 PM 17056 32 C:\WINDOWS\SYSTEM32\nvdisp.nvu
2008-12-15 6:44:06 PM 208896 32 C:\WINDOWS\SYSTEM32\nvudisp.exe
2008-12-15 6:43:17 PM 208896 32 C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-12-23 9:38:56 PM 1 32 C:\WINDOWS\SYSTEM32\za.dat

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

2009-01-08 1:43:09 PM 403542 C:\Program Files\FileLister
2008-12-28 1:18:22 PM 19410643 C:\Program Files\Lavasoft
2008-12-28 1:18:22 PM 19410643 C:\Program Files\Lavasoft\Ad-Aware
2008-12-28 1:18:28 PM 2146934 C:\Program Files\Lavasoft\Ad-Aware\Help
2008-12-28 1:18:31 PM 709483 C:\Program Files\Lavasoft\Ad-Aware\Lang
2008-12-28 1:18:31 PM 3498834 C:\Program Files\Lavasoft\Ad-Aware\Skin
2008-12-24 11:54:23 AM 4074921 C:\Program Files\Malwarebytes' Anti-Malware
2008-12-24 11:54:24 AM 349316 C:\Program Files\Malwarebytes' Anti-Malware\Languages

====== Files under "\System32\Drivers" Last 60 Days======

2008-12-24 11:54:28 AM 15504 32 C:\WINDOWS\SYSTEM32\drivers\mbam.sys
2008-12-24 11:54:25 AM 38496 32 C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Owner\LOCALS~1\Temp\50c1_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\8d86_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\List of C.html
C:\DOCUME~1\Owner\LOCALS~1\Temp\List of C.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\List of Desktop.html
C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata__755.dat
C:\DOCUME~1\Owner\LOCALS~1\Temp\SWV4.tmp

8 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2008-12-24 11:54:23 AM 1428068 C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 11:54:23 AM 1428068 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
2008-12-30 2:26:59 PM 0 C:\Documents and Settings\All Users\Application Data\nView_Profiles

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== Services ( Services that are Whitelisted are not shown) ======

Lavasoft Ad-Aware Service (aawservice) "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" - Auto
Alerter (Alerter) C:\WINDOWS\System32\svchost.exe -k LocalService - Auto
Application Layer Gateway Service (ALG) C:\WINDOWS\System32\alg.exe - Manual
Application Management (AppMgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
ASP.NET State Service (aspnet_state) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - Manual
Windows Audio (AudioSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
AVG7 Alert Manager Server (Avg7Alrt) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe - Auto
AVG7 Update Service (Avg7UpdSvc) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe - Auto
Background Intelligent Transfer Service (BITS) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Computer Browser (Browser) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Indexing Service (cisvc) C:\WINDOWS\System32\cisvc.exe - Manual
ClipBook (ClipSrv) C:\WINDOWS\system32\clipsrv.exe - Disabled
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - Manual
COM+ System Application (COMSysApp) C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - Manual
Cryptographic Services (CryptSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
DCOM Server Process Launcher (DcomLaunch) C:\WINDOWS\system32\svchost -k DcomLaunch - Auto
DHCP Client (Dhcp) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Logical Disk Manager Administrative Service (dmadmin) C:\WINDOWS\System32\dmadmin.exe /com - Manual
Logical Disk Manager (dmserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
DNS Client (Dnscache) C:\WINDOWS\System32\svchost.exe -k NetworkService - Disabled
Error Reporting Service (ERSvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Event Log (Eventlog) C:\WINDOWS\system32\services.exe - Auto
COM+ Event System (EventSystem) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Fast User Switching Compatibility (FastUserSwitchingCompatibility) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Fax (Fax) C:\WINDOWS\system32\fxssvc.exe - Auto
FHTNJSHSF (FHTNJSHSF) C:\DOCUME~1\Owner\LOCALS~1\Temp\FHTNJSHSF.exe - Manual
FLEXnet Licensing Service (FLEXnet Licensing Service) "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" - Manual
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - Manual
Google Updater Service (gusvc) "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Auto
Help and Support (helpsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
HID Input Service (HidServ) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
HTTP SSL (HTTPFilter) C:\WINDOWS\System32\svchost.exe -k HTTPFilter - Manual
InstallDriver Table Manager (IDriverT) "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" - Manual
Windows CardSpace (idsvc) "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - Manual
IMAPI CD-Burning COM Service (ImapiService) C:\WINDOWS\system32\Imapi.exe - Manual
Java Quick Starter (JavaQuickStarterService) "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - Auto
Server (lanmanserver) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Workstation (lanmanworkstation) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
LexBce Server (LexBceS) C:\WINDOWS\system32\LEXBCES.EXE - Disabled
TCP/IP NetBIOS Helper (LmHosts) C:\WINDOWS\System32\svchost.exe -k LocalService - Auto
Machine Debug Manager (MDM) "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" - Auto
Messenger (Messenger) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
NetMeeting Remote Desktop Sharing (mnmsrvc) C:\WINDOWS\System32\mnmsrvc.exe - Manual
Distributed Transaction Coordinator (MSDTC) C:\WINDOWS\System32\msdtc.exe - Manual
Windows Installer (MSIServer) C:\WINDOWS\system32\msiexec.exe /V - Manual
NBService (NBService) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - Manual
Network DDE (NetDDE) C:\WINDOWS\system32\netdde.exe - Disabled
Network DDE DSDM (NetDDEdsdm) C:\WINDOWS\system32\netdde.exe - Disabled
Net Logon (Netlogon) C:\WINDOWS\System32\lsass.exe - Manual
Network Connections (Netman) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Net.Tcp Port Sharing Service (NetTcpPortSharing) "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" - Disabled
Network Location Awareness (NLA) (Nla) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
NMIndexingService (NMIndexingService) "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" - Manual
NT LM Security Support Provider (NtLmSsp) C:\WINDOWS\System32\lsass.exe - Manual
Removable Storage (NtmsSvc) C:\WINDOWS\system32\svchost.exe -k netsvcs - Manual
NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe - Auto
Plug and Play (PlugPlay) C:\WINDOWS\system32\services.exe - Auto
IPSEC Services (PolicyAgent) C:\WINDOWS\System32\lsass.exe - Auto
Protected Storage (ProtectedStorage) C:\WINDOWS\system32\lsass.exe - Auto
Remote Access Auto Connection Manager (RasAuto) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
Remote Access Connection Manager (RasMan) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Remote Desktop Help Session Manager (RDSessMgr) C:\WINDOWS\system32\sessmgr.exe - Manual
Routing and Remote Access (RemoteAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs - Disabled
Remote Procedure Call (RPC) Locator (RpcLocator) C:\WINDOWS\System32\locator.exe - Manual
Remote Procedure Call (RPC) (RpcSs) C:\WINDOWS\system32\svchost -k rpcss - Auto
QoS RSVP (RSVP) C:\WINDOWS\System32\rsvp.exe - Manual
Security Accounts Manager (SamSs) C:\WINDOWS\system32\lsass.exe - Auto
Smart Card (SCardSvr) C:\WINDOWS\System32\SCardSvr.exe - Manual
Task Scheduler (Schedule) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Secondary Logon (seclogon) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
System Event Notification (SENS) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Shell Hardware Detection (ShellHWDetection) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Print Spooler (Spooler) C:\WINDOWS\system32\spoolsv.exe - Auto
System Restore Service (srservice) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
SSDP Discovery Service (SSDPSRV) C:\WINDOWS\System32\svchost.exe -k LocalService - Manual
Windows Image Acquisition (WIA) (stisvc) C:\WINDOWS\System32\svchost.exe -k imgsvc - Auto
MS Software Shadow Copy Provider (SwPrv) C:\WINDOWS\System32\dllhost.exe /Processid:{629945EB-4822-491D-8085-B2A660303DEE} - Manual
Performance Logs and Alerts (SysmonLog) C:\WINDOWS\system32\smlogsvc.exe - Manual
Telephony (TapiSrv) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
Terminal Services (TermService) C:\WINDOWS\System32\svchost -k DComLaunch - Manual
Themes (Themes) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Distributed Link Tracking Client (TrkWks) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Universal Plug and Play Device Host (upnphost) C:\WINDOWS\System32\svchost.exe -k LocalService - Manual
Uninterruptible Power Supply (UPS) C:\WINDOWS\System32\ups.exe - Manual
Volume Shadow Copy (VSS) C:\WINDOWS\System32\vssvc.exe - Manual
Windows Time (W32Time) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
WebClient (WebClient) C:\WINDOWS\System32\svchost.exe -k LocalService - Auto
Windows Management Instrumentation (winmgmt) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Portable Media Serial Number Service (WmdmPmSN) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual
WMI Performance Adapter (WmiApSrv) C:\WINDOWS\System32\wbem\wmiapsrv.exe - Manual
Windows Media Player Network Sharing Service (WMPNetworkSvc) "C:\Program Files\Windows Media Player\WMPNetwk.exe" - Manual
Security Center (wscsvc) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Automatic Updates (wuauserv) C:\WINDOWS\system32\svchost.exe -k netsvcs - Auto
Wireless Zero Configuration (WZCSVC) C:\WINDOWS\System32\svchost.exe -k netsvcs - Auto
Network Provisioning Service (xmlprov) C:\WINDOWS\System32\svchost.exe -k netsvcs - Manual

====== Uninstall List From Registry ======

Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
Adobe ExtendScript Toolkit 2
Adobe Color Common Settings
Adobe Photoshop CS3
Audacity 1.2.4
AVG Free Edition
CCleaner (remove only)
Data Access Objects (DAO) 3.0
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp WavPack Codec
dBpoweramp [Calculate Audio CRC] Codec
DVD Shrink 3.2
FLV Player 2.0, build 24
Free Window Registry Repair
Free Windows Registry Cleaner 1.1
Google Updater
Google Video Player
HijackThis 2.0.2
HP Instant Support
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Samsung USB Driver (MCCI 4.16)
QuickTime
JGoodies JDiskReport 1.3.0
Kaspersky Online Scanner
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Microsoft Data Access Components KB870669
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB890923
Windows Installer 3.1 (KB893803)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB905915)
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Windows XP (KB912812)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB928090)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows XP (KB931768)
Security Update for Windows Internet Explorer 7 (KB931768)
Update for Windows XP (KB932823-v3)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows Internet Explorer 7 (KB960714)
Enhanced Multimedia Keyboard Solution
LimeWire PRO 4.14.8
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
iConcepts Music Express
PokerStars
PowerDesk 5.0
Intel® PRO Network Adapters and Drivers
Quicken Financial Center
RealPlayer
Reason 3.0
Recovery Commander
Recuva (remove only)
ReCycle 2.1
Spybot - Search & Destroy 1.4
Steinberg Cubase LE
System Requirements Lab
threefifteen jukebox 2.42
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
WinAVI Video Converter
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
WinZip
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Works and Money 2001 Setup Launcher
Microsoft Works Setup Launcher
Microsoft User-Mode Driver Framework Feature Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XviD MPEG4 Video Codec (remove only)
Adobe Help Viewer CS3
Adobe Bridge Start Meeting
Samsung USB Driver (MCCI 4.16)
Microsoft .NET Framework 3.0
Adobe WinSoft Linguistics Plugin
MSXML 6 Service Pack 2 (KB954459)
Adobe ExtendScript Toolkit 2
Google Earth
Java™ 6 Update 11
Nero 7 Premium
Adobe Stock Photos CS3
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Adobe Photoshop CS3
Windows Communication Foundation
Adobe Color EU Extra Settings
Adobe Linguistics CS3
neroxml
Windows Genuine Advantage v1.3.0254.0
Adobe Setup
GameTap
Adobe Fonts All
Adobe Color Common Settings
Adobe Asset Services CS3
Microsoft Visual C++ 2005 Redistributable
DivX Codec
Windows Workflow Foundation
Adobe XMP Panels CS3
Caere Scan Manager 5.1
HP RecordNow
MSXML 4.0 SP2 (KB954430)
Easy CD Creator 5 Platinum
DivX Player
Adobe Device Central CS3
Adobe Type Support
Adobe Anchor Service CS3
Microsoft Office XP Professional
QuickTime
Adobe Color NA Recommended Settings
PowerCDR Express
Adobe Bridge CS3
Adobe CMaps
Adobe Color - Photoshop Specific
PDF Settings
Adobe Reader 7.0.7
DivX Converter
Adobe Camera Raw 4.0
Microsoft .NET Framework 2.0 Service Pack 1
DivX Web Player
Adobe Default Language CS3
Windows Presentation Foundation
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
DivX Content Uploader
Adobe Version Cue CS3 Client
ABBYY FineReader 5.0 Sprint Plus
Adobe PDF Library Files
Full Tilt Poker
Adobe Setup
Detto Migration Kit
Adobe Color JA Extra Settings
Ad-Aware
Adobe Update Manager CS3
ScanToWeb
Microsoft Works 6.0
Works Suite OS Pack
Adobe Setup

======== Other Info ========

TOTAL PHYSICAL RAM: 536 MB

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 January 2009 - 09:20 AM

texjim

I see no signs of active infection in your logs.
The warnings you are getting about infected System Restore files are not a concern at this time, and we will address those later.
From what I see the problem is system file related. It could be that some of the system files were damaged by the infection you had. But without the OS CD we have to do this carefully.

You indicated that you tested the RAM, how did that turn out, and what did you use to test it?
Posted Image
Microsoft MVP - Windows Security

#11 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 January 2009 - 02:14 PM

yeah I tried with memtest86 for a couple of hours and i didn't see any indication of any problems. Should I have run the program Longer (overnight)?

#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 January 2009 - 02:37 PM

texjim

No. Shouldn't need to.

Let's take a look at the Win32K.sys file. I want to see if it is corrupted.

1. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps: Right click on Start and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.
2. Please go HERE

Put Your Name, and BC HJT forum

and In the file to submit box, click Browse.Using Windows Explorer
Locate the fileC:\WINDOWS\System32\Win32K.sys
In the comments tell them that I asked you to upload the file
Then Select Send File.

Then reply that you sent the file please.
Posted Image
Microsoft MVP - Windows Security

#13 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 January 2009 - 02:53 PM

my(win32k.sys) was successfully submitted. thank-you

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 January 2009 - 03:59 PM

texjim

That file seems to be o.k. However I am somewhat suspect of the results of the memtest tool you used. Let's use the MS version.

The tool, download, and instructions are HERE.

When complete. Reply with the results.
Posted Image
Microsoft MVP - Windows Security

#15 texjim

texjim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 January 2009 - 08:04 PM

I ran the Windows Memory Diagnostic test as posted. It succeeded in three test runs, then the program seemed to just hang(freeze) I waited awhile to see if it was just the program but nothing happend. I tried a second time, It passed the first few tests then froze up again. This computer hates me. What do u think?Lol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users