Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

internet not accessed after installing AntiVirus Programs

Started by soloa , Mar 01 2009 03:59 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 soloa

soloa

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:12:08 AM

Posted 01 March 2009 - 03:59 PM

I have Windows XP Home on my PC. I removed Norton Internet Security 2008. Then after Installing either AVG or AVAST (one at a time) the internet browsers (Internet Explorer ver 7 and 8; and FireFox ver 3.0.5) are unable to access the internet. In either case I have either the Windows Fire wall or COMODO fire wall ON. However, when I Uninstall the antivirus program (AVG or AVSAT) and reboot, the web browsers are able to access the internet. Looking at your forums it seemed that there is some kind of malware on my PC.

I have a WIRED internet connection via cable modem.
The messages that I get by the web browsers are as follows (The outputs of DDS is also included below):

1) Firefox: "The connection to the server was reset while page was loading."; "The network link was interrupted while negotiating a connection. Please try again"

2) Internet Explorer: "Internet Explorer cannot display the webpage"
upon "Diagnose Connection Problems" it reports that it cannot connect using HTTP, HTTPS or FTP, and that the firewall settings should be checked. (which I have verified to be OK. Also after uninstalling antivirus the web browsers work!) The Diagnostic log of the Internet Explorer shows the following:



******************************************************
Diagnostic log
******************************************************
Last diagnostic run time: 03/01/09 15:30:00
HTTP, HTTPS, FTP Diagnostic :
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
info Redirecting user to support call



DNS Client Diagnostic :
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers

DNS failure



Gateway Diagnostic :
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Enabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info Could not get proxy settings via the Automatic Proxy Configuration mechanism
info This computer has the following default gateway entry(ies): 192.168.10.1
info This computer has the following IP address(es): 192.168.10.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 65.55.12.249 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK



IP Layer Diagnostic :
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed




IP Configuration Diagnostic :
Invalid IP address

info Valid IP address detected: 192.168.10.101



Wireless Diagnostic:
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic:
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.




Network Adapter Diagnostic:
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=VIA Rhine II Fast Ethernet Adapter, MediaType=LAN, SubMediaType=LAN
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic :
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.
******************************************************



******************************************************
DDS.TXT
******************************************************



DDS (Ver_09-02-01.01) - NTFSx86
Run by Tiger at 12:01:19.46 on Sun 03/01/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.629 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090228-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Downloads\Computer Setup Stuff\Spyware Help files\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\LaunchPd.exe"
uRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\tiger\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\dtv\EXPLBAR.DLL
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tiger\applic~1\mozilla\firefox\profiles\ab3gd68l.default\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-28 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-28 155160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-28 352920]

=============== Created Last 30 ================

2009-03-01 11:45 <DIR> --dsh--- c:\documents and settings\tiger\IECompatCache
2009-03-01 11:42 <DIR> --dsh--- c:\documents and settings\tiger\PrivacIE
2009-03-01 11:42 <DIR> --dsh--- c:\documents and settings\tiger\IETldCache
2009-03-01 11:23 <DIR> --d----- c:\windows\ie8updates
2009-03-01 11:21 <DIR> -cd-h--- c:\windows\ie8
2009-03-01 11:19 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-02-28 09:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\_comodo_
2009-02-27 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-27 23:35 249,592 a------- c:\windows\system32\cssdll32.dll
2009-02-27 23:35 <DIR> --d----- c:\program files\AskBarDis
2009-02-27 23:34 <DIR> --d----- c:\program files\COMODO
2009-02-15 20:13 <DIR> --d----- c:\docume~1\tiger\applic~1\Printer Info Cache
2009-02-15 20:12 <DIR> --d----- c:\program files\common files\HP
2009-02-08 11:58 103,509 a------- c:\windows\hpoins04.dat
2009-02-08 11:58 17,176 -------- c:\windows\hpomdl04.dat
2009-02-08 11:54 <DIR> --d----- c:\temp\HP_WebRelease
2009-02-08 11:54 <DIR> --d----- C:\temp
2009-02-08 11:14 <DIR> --d----- c:\windows\system32\URTTemp
2009-02-08 10:56 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-08 10:20 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-08 10:01 <DIR> --d----- c:\windows\pss
2009-02-01 21:41 104,534 -------- c:\windows\hpoins04.dat.temp
2009-02-01 21:41 17,176 -------- c:\windows\hpomdl04.dat.temp
2009-02-01 21:05 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-02-01 20:03 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-02-01 20:03 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-02-01 20:03 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-02-01 20:03 <DIR> --d----- c:\program files\Overland
2009-02-01 19:08 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-02-01 19:08 51,088 a----r-- c:\windows\system32\drivers\hpzid412.sys
2009-02-01 19:07 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-02-01 19:07 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-02-01 19:07 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-02-01 19:03 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-02-01 19:03 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-02-01 19:03 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-02-01 19:03 65,536 a------- c:\windows\system32\HPZipm12.exe
2009-02-01 19:03 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-02-01 19:03 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-02-01 19:00 <DIR> --d----- c:\program files\HP
2009-02-01 18:49 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-02-01 18:49 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-02-01 18:45 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-02-01 18:45 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-01 18:19 44,544 a------- c:\windows\system32\msxml4a.dll
2009-02-01 18:19 402 a------- c:\windows\system32\msxml4.inf
2009-02-01 18:19 <DIR> --d----- c:\windows\system32\QuickTime
2009-02-01 18:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-01 18:04 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-01 18:04 <DIR> --d----- c:\program files\iPod
2009-02-01 18:04 <DIR> --d----- c:\program files\iTunes
2009-02-01 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 18:03 <DIR> --d----- c:\program files\Bonjour
2009-02-01 17:52 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-01 17:52 1,409 a------- c:\windows\QTFont.for
2009-02-01 17:51 <DIR> --d----- c:\program files\OLYMPUS
2009-02-01 17:47 361 a------- c:\windows\system32\QuickTime.qtp
2009-02-01 16:07 <DIR> --d----- C:\MATLAB7
2009-02-01 15:55 156 a------- c:\windows\matlab.ini
2009-02-01 15:52 <DIR> --d----- c:\docume~1\tiger\applic~1\MathWorks
2009-02-01 15:03 13,646 a------- c:\windows\system32\wpa.bak
2009-02-01 14:26 <DIR> --d----- c:\docume~1\tiger\applic~1\OpenOffice.org
2009-02-01 13:26 <DIR> --d----- c:\program files\JRE
2009-02-01 12:48 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-02-01 12:48 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-31 19:35 10,963,968 ac------ c:\windows\system32\dllcache\ieframe.dll
2009-01-31 19:35 3,698,040 ac------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-31 19:35 1,975,296 ac------ c:\windows\system32\dllcache\iertutil.dll
2009-01-31 19:35 1,228,800 ac------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-31 19:35 593,920 ac------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-31 19:35 445,440 ac------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-31 19:35 59,904 ac------ c:\windows\system32\dllcache\icardie.dll
2009-01-31 19:35 54,272 ac------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-31 19:35 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-31 19:20 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-31 19:20 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-31 19:20 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-31 18:12 <DIR> --d----- C:\0f7232700a3a77d10be5bd90422422ff
2009-01-31 14:46 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-31 14:46 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-31 14:46 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-31 14:46 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-31 14:31 <DIR> --d----- c:\docume~1\tiger\applic~1\Symantec
2009-01-31 14:27 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-31 14:27 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-31 14:27 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-31 14:27 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-31 14:26 <DIR> --d----- c:\program files\Symantec
2009-01-31 14:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-31 14:24 <DIR> --d----- c:\program files\common files\Symantec Shared

==================== Find3M ====================

2009-01-25 16:15 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-25 15:42 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-01 15:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 15:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 15:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 15:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 15:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 15:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 15:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 15:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 15:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 15:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 15:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 15:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 15:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 15:11 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2008-12-01 15:11 3,107,788 a------- c:\windows\system32\ativva5x.dat
2008-12-01 15:11 887,724 a------- c:\windows\system32\ativva6x.dat
2008-12-01 14:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 14:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 14:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 14:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 14:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 14:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 14:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-12-01 14:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-12-01 14:35 593,920 -------- c:\windows\system32\ati2sgag.exe

============= FINISH: 12:01:56.26 ===============
******************************************************

Attached Files


BC AdBot (Login to Remove)

 

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:08 AM

Posted 12 March 2009 - 05:08 PM

Hi soloa,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 soloa

soloa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:12:08 AM

Posted 12 March 2009 - 06:15 PM

Thanks for the Reply farber:

I recently (about 6 weeks ago) intalled New Windows XP from scratch. Between my post and now I may have unintalled AVAST and reinstalled once. Also I scanned some documents which were lost because computer would shut down on its own. Other than that nothing has changed. As you suggested, I am pasting the log.txt file below.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tiger at 2009-03-12 18:57:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (68%) free of 40 GB
Total RAM: 1023 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{63B61D8E-8DAA-4757-9678-FB89E10EDF18}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-03-02 1797880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [2006-04-05 1622016]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\LaunchPd.exe [2006-10-31 102400]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2006-10-31 57344]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe

C:\Documents and Settings\Tiger\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-03-12 18:57:51 ----D---- C:\Program Files\trend micro
2009-03-12 18:57:50 ----D---- C:\rsit
2009-03-08 22:04:32 ----D---- C:\Documents and Settings\Tiger\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-02 19:45:01 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2009-03-02 19:45:00 ----A---- C:\WINDOWS\system32\guard32.dll
2009-03-01 12:23:45 ----D---- C:\WINDOWS\ie8updates
2009-03-01 12:21:17 ----HDC---- C:\WINDOWS\ie8
2009-02-28 19:08:17 ----D---- C:\Program Files\Mozilla Firefox
2009-02-28 12:14:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-28 12:14:11 ----D---- C:\Program Files\Alwil Software
2009-02-28 10:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\_comodo_
2009-02-28 00:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-28 00:35:54 ----A---- C:\WINDOWS\system32\cssdll32.dll
2009-02-28 00:35:46 ----D---- C:\Program Files\AskBarDis
2009-02-28 00:35:46 ----D---- C:\Documents and Settings\Tiger\Application Data\Mozilla
2009-02-28 00:34:14 ----D---- C:\Program Files\COMODO
2009-02-25 20:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-15 21:13:25 ----D---- C:\Documents and Settings\Tiger\Application Data\Printer Info Cache
2009-02-15 21:13:18 ----D---- C:\Documents and Settings\Tiger\Application Data\Image Zone Express
2009-02-15 21:12:54 ----D---- C:\Program Files\Common Files\HP
2009-02-14 23:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-08 12:54:47 ----D---- C:\temp
2009-02-08 12:14:30 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-08 11:56:39 ----D---- C:\Program Files\MSXML 4.0
2009-02-08 11:40:35 ----SHD---- C:\RECYCLER
2009-02-08 11:20:35 ----D---- C:\WINDOWS\SxsCaPendDel
2009-02-08 11:01:38 ----D---- C:\WINDOWS\pss
2009-02-01 22:05:30 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-02-01 21:03:11 ----RA---- C:\WINDOWS\system32\hpvcp70.dll
2009-02-01 21:03:11 ----RA---- C:\WINDOWS\system32\hpvaut32.dll
2009-02-01 21:03:10 ----RA---- C:\WINDOWS\system32\hpvcr70.dll
2009-02-01 21:03:00 ----D---- C:\Program Files\Overland
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-01 20:03:43 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-01 20:00:55 ----D---- C:\Program Files\HP
2009-02-01 19:24:15 ----D---- C:\Documents and Settings\All Users\Application Data\OLYMPUS
2009-02-01 19:19:24 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-02-01 19:19:21 ----D---- C:\WINDOWS\system32\QuickTime
2009-02-01 19:04:54 ----D---- C:\Documents and Settings\Tiger\Application Data\Apple Computer
2009-02-01 19:04:36 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-02-01 19:04:11 ----D---- C:\Program Files\iPod
2009-02-01 19:04:07 ----D---- C:\Program Files\iTunes
2009-02-01 19:04:07 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 19:03:43 ----D---- C:\Program Files\Bonjour
2009-02-01 19:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-01 19:02:03 ----D---- C:\Program Files\Apple Software Update
2009-02-01 19:01:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-01 19:01:17 ----D---- C:\Program Files\Common Files\Apple
2009-02-01 19:01:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-02-01 18:51:44 ----D---- C:\Program Files\OLYMPUS
2009-02-01 18:47:41 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-02-01 18:47:22 ----D---- C:\Program Files\QuickTime
2009-02-01 17:07:43 ----D---- C:\MATLAB7
2009-02-01 16:55:17 ----A---- C:\WINDOWS\matlab.ini
2009-02-01 16:52:22 ----D---- C:\Documents and Settings\Tiger\Application Data\MathWorks
2009-02-01 16:03:14 ----A---- C:\WINDOWS\system32\wpa.bak
2009-02-01 15:26:29 ----D---- C:\Documents and Settings\Tiger\Application Data\OpenOffice.org
2009-02-01 14:26:31 ----D---- C:\Program Files\JRE
2009-02-01 13:48:41 ----D---- C:\Program Files\OpenOffice.org 3
2009-02-01 13:48:36 ----SHD---- C:\Config.Msi
2009-02-01 13:48:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-01 13:48:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-01 13:48:09 ----A---- C:\WINDOWS\system32\java.exe
2009-02-01 13:46:49 ----D---- C:\Program Files\Java
2009-02-01 13:46:46 ----D---- C:\Program Files\Common Files\Java
2009-02-01 13:46:30 ----D---- C:\Documents and Settings\Tiger\Application Data\Sun
2009-01-31 20:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-31 20:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-31 20:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-31 20:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-31 20:35:16 ----D---- C:\WINDOWS\ie7updates
2009-01-31 20:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-31 20:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-01-31 20:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-31 20:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-31 20:17:59 ----D---- C:\WINDOWS\Minidump
2009-01-31 20:16:38 ----D---- C:\WINDOWS\WBEM
2009-01-31 20:15:30 ----HDC---- C:\WINDOWS\ie7
2009-01-31 20:15:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-31 20:14:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-31 19:12:03 ----D---- C:\0f7232700a3a77d10be5bd90422422ff
2009-01-31 19:11:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-31 19:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-31 19:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-31 19:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-31 19:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-31 19:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-31 19:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-31 19:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-31 19:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-31 19:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-31 19:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-31 19:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-31 19:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-31 19:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-31 19:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-31 19:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-31 19:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-31 19:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-31 19:08:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-31 15:31:40 ----D---- C:\Documents and Settings\Tiger\Application Data\Symantec
2009-01-31 15:27:09 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-01-31 15:26:57 ----D---- C:\Program Files\Symantec
2009-01-31 15:26:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-31 15:24:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-31 15:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-25 22:32:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-25 22:32:26 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-25 22:32:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-25 22:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-25 22:32:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-25 20:21:26 ----D---- C:\Documents and Settings\Tiger\Application Data\ATI MMC
2009-01-25 19:53:10 ----A---- C:\WINDOWS\ATIMMC.INI
2009-01-25 19:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\X10 Settings
2009-01-25 19:47:40 ----D---- C:\Documents and Settings\All Users\Application Data\ATI MMC
2009-01-25 19:20:09 ----D---- C:\Program Files\ATI Multimedia
2009-01-25 19:19:23 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-25 19:09:51 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-01-25 19:06:22 ----D---- C:\Program Files\Common Files\CyberLink
2009-01-25 19:06:22 ----D---- C:\Program Files\Common Files\ATI
2009-01-25 19:02:35 ----D---- C:\Program Files\TitanTV
2009-01-25 19:02:20 ----D---- C:\Program Files\msaccrt
2009-01-25 19:02:00 ----D---- C:\WINDOWS\system32\windows media
2009-01-25 19:01:50 ----HD---- C:\WINDOWS\msdownld.tmp
2009-01-25 19:01:50 ----D---- C:\WINDOWS\RegisteredPackages
2009-01-25 19:01:47 ----D---- C:\Program Files\Windows Media Components
2009-01-25 18:52:23 ----D---- C:\Documents and Settings\Tiger\Application Data\ATI
2009-01-25 18:52:23 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-01-25 18:52:04 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2009-01-25 18:48:55 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-01-25 18:48:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-25 18:48:22 ----D---- C:\Program Files\ATI Technologies
2009-01-25 18:46:13 ----D---- C:\ATI
2009-01-25 18:33:51 ----RSD---- C:\WINDOWS\assembly
2009-01-25 18:33:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-25 18:32:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-25 18:32:00 ----D---- C:\Documents and Settings\Tiger\Application Data\Macromedia
2009-01-25 18:32:00 ----D---- C:\Documents and Settings\Tiger\Application Data\Adobe
2009-01-25 18:31:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-25 18:31:09 ----D---- C:\Program Files\Common Files\Adobe
2009-01-25 18:31:09 ----D---- C:\Program Files\Adobe
2009-01-25 17:48:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-25 17:46:27 ----D---- C:\Program Files\VIA
2009-01-25 17:46:20 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-25 17:40:48 ----A---- C:\WINDOWS\system32\UnAudioNT.dll
2009-01-25 17:40:47 ----D---- C:\Program Files\VIA Technologies, Inc
2009-01-25 17:40:37 ----A---- C:\WINDOWS\IsUninst.exe
2009-01-25 16:54:27 ----D---- C:\Documents and Settings\Tiger\Application Data\Identities
2009-01-25 16:54:25 ----HD---- C:\Program Files\Uninstall Information
2009-01-25 16:54:20 ----ASH---- C:\Documents and Settings\Tiger\Application Data\desktop.ini
2009-01-25 16:54:19 ----SD---- C:\Documents and Settings\Tiger\Application Data\Microsoft
2009-01-25 16:51:45 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-25 16:49:12 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-25 16:49:10 ----D---- C:\WINDOWS\Prefetch
2009-01-25 16:49:09 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-25 16:49:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 16:45:49 ----D---- C:\WINDOWS\system32\xircom
2009-01-25 16:45:49 ----D---- C:\Program Files\xerox
2009-01-25 16:45:49 ----D---- C:\Program Files\microsoft frontpage
2009-01-25 16:45:39 ----A---- C:\WINDOWS\control.ini
2009-01-25 16:45:39 ----A---- C:\AUTOEXEC.BAT
2009-01-25 16:45:20 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-25 16:45:16 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-25 16:44:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-25 16:44:16 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-25 16:44:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-25 16:44:08 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-25 16:44:02 ----HD---- C:\Program Files\WindowsUpdate
2009-01-25 16:43:42 ----D---- C:\WINDOWS\system32\DirectX
2009-01-25 16:43:37 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-25 16:43:35 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-25 16:43:35 ----A---- C:\WINDOWS\desktop.ini
2009-01-25 16:43:29 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-25 16:43:28 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-25 16:43:27 ----D---- C:\Program Files\Common Files\Services
2009-01-25 16:43:25 ----SD---- C:\WINDOWS\Tasks
2009-01-25 16:43:25 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-25 16:43:24 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-25 16:43:21 ----D---- C:\WINDOWS\srchasst
2009-01-25 16:43:20 ----D---- C:\WINDOWS\system32\Macromed
2009-01-25 16:43:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-25 16:43:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-25 16:43:17 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-25 16:43:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-25 16:43:16 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-25 16:43:13 ----D---- C:\Program Files\Movie Maker
2009-01-25 16:42:58 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-25 16:42:58 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-25 16:42:57 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-25 16:42:57 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-25 16:42:55 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-25 16:42:55 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-25 16:42:54 ----D---- C:\WINDOWS\system32\Restore
2009-01-25 16:42:54 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-25 16:42:54 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-25 16:42:54 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-25 16:42:53 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-25 16:42:51 ----D---- C:\Program Files\NetMeeting
2009-01-25 16:42:51 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-25 16:42:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-25 16:42:50 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-25 16:42:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-25 16:42:48 ----D---- C:\Program Files\Outlook Express
2009-01-25 16:42:48 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-25 16:42:48 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-25 16:42:48 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-25 16:42:47 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-25 16:42:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-25 16:42:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-25 16:42:47 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-25 16:42:42 ----D---- C:\Program Files\Common Files\System
2009-01-25 16:42:38 ----D---- C:\Program Files\Internet Explorer
2009-01-25 16:42:26 ----D---- C:\Program Files\ComPlus Applications
2009-01-25 16:42:24 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-25 16:42:24 ----A---- C:\WINDOWS\vb.ini
2009-01-25 16:42:19 ----D---- C:\WINDOWS\Registration
2009-01-25 16:41:38 ----D---- C:\Program Files\Online Services
2009-01-25 16:41:37 ----D---- C:\Program Files\Windows Media Player
2009-01-25 16:41:30 ----D---- C:\Program Files\Messenger
2009-01-25 16:41:26 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-25 16:41:26 ----A---- C:\WINDOWS\system32\write.exe
2009-01-25 16:41:17 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-25 16:41:17 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-25 16:41:17 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-25 16:41:17 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-25 16:41:17 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-25 16:41:16 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-25 16:41:10 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-25 16:41:10 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-25 16:41:10 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-25 16:41:09 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-25 16:41:09 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-25 16:41:09 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-25 16:41:09 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-25 16:41:08 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-25 16:41:07 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-25 16:41:07 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-25 16:41:07 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-25 16:41:07 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-25 16:41:07 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-25 16:41:03 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-25 16:40:54 ----D---- C:\Program Files\MSN
2009-01-25 16:40:53 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-25 16:40:52 ----D---- C:\Program Files\Windows NT
2009-01-25 16:40:52 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-25 16:40:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-25 16:40:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-25 16:40:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-25 16:40:51 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-25 16:40:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-25 16:40:50 ----D---- C:\WINDOWS\system32\en-US
2009-01-25 16:40:50 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-01-25 16:40:50 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-25 16:40:50 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-25 16:40:50 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-25 16:40:49 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-25 16:40:48 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-25 16:40:48 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-25 16:40:47 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-25 16:40:47 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-25 16:40:47 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-25 16:40:47 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-25 16:40:47 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-25 16:40:46 ----D---- C:\WINDOWS\system32\Com
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-25 16:40:46 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-25 16:40:45 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-25 16:40:45 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-25 16:40:45 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-25 16:40:45 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-25 16:40:45 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-25 16:40:44 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-25 16:40:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-25 16:40:44 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-25 16:40:44 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-25 16:40:40 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-25 16:40:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-25 16:40:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-25 16:40:39 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-25 11:36:58 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-25 11:23:10 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-25 11:23:09 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-25 11:22:39 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-25 11:22:39 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-01-25 11:22:39 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-25 11:22:38 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-25 11:22:38 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-25 11:22:16 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-25 11:22:16 ----A---- C:\WINDOWS\system32\HSFCISP2.dll
2009-01-25 11:22:06 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-25 11:21:39 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-25 11:20:29 ----A---- C:\WINDOWS\imsins.BAK
2009-01-25 11:20:27 ----SHD---- C:\WINDOWS\Installer
2009-01-25 11:20:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-25 11:20:26 ----D---- C:\Program Files\Common Files\ODBC
2009-01-25 11:20:26 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-25 11:20:23 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-25 11:20:22 ----RD---- C:\Program Files
2009-01-25 11:20:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-25 11:20:22 ----D---- C:\Program Files\Common Files
2009-01-25 11:20:19 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-25 11:20:18 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-25 11:20:18 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-25 11:20:17 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-25 11:20:15 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-25 11:20:13 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-25 11:20:13 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-25 11:20:13 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-25 11:20:13 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-25 11:20:13 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-25 11:20:12 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-25 11:20:09 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-25 11:20:09 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-25 11:20:09 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-25 11:20:08 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-25 11:20:08 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-25 11:20:06 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-25 11:20:06 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-25 11:20:05 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-25 11:20:05 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-01-25 11:20:04 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-25 11:19:56 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-25 11:19:51 ----RA---- C:\WINDOWS\SET8.tmp
2009-01-25 11:19:48 ----RA---- C:\WINDOWS\SET4.tmp
2009-01-25 11:19:46 ----RA---- C:\WINDOWS\SET3.tmp
2009-01-25 11:19:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-25 11:19:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-25 11:19:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-25 11:19:15 ----A---- C:\WINDOWS\setuplog.txt
2009-01-25 11:19:13 ----D---- C:\Documents and Settings
2009-01-25 11:19:12 ----SHD---- C:\System Volume Information
2009-01-25 11:18:09 ----SH---- C:\boot.ini
2009-01-25 11:11:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-25 11:11:56 ----RSD---- C:\WINDOWS\Fonts
2009-01-25 11:11:56 ----RD---- C:\WINDOWS\Web
2009-01-25 11:11:56 ----HD---- C:\WINDOWS\inf
2009-01-25 11:11:56 ----D---- C:\WINDOWS\WinSxS
2009-01-25 11:11:56 ----D---- C:\WINDOWS\twain_32
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Temp
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\wins
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\wbem
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\usmt
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\spool
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\Setup
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\scripting
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\ras
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\oobe
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\npp
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\mui
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\IME
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\icsxml
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\ias
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\export
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\en
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\drivers
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\dhcp
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\config
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\3076
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\2052
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1054
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1042
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1041
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1037
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1033
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1031
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1028
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32\1025
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system32
2009-01-25 11:11:56 ----D---- C:\WINDOWS\system
2009-01-25 11:11:56 ----D---- C:\WINDOWS\security
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Resources
2009-01-25 11:11:56 ----D---- C:\WINDOWS\repair
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Provisioning
2009-01-25 11:11:56 ----D---- C:\WINDOWS\PeerNet
2009-01-25 11:11:56 ----D---- C:\WINDOWS\pchealth
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Network Diagnostic
2009-01-25 11:11:56 ----D---- C:\WINDOWS\mui
2009-01-25 11:11:56 ----D---- C:\WINDOWS\msapps
2009-01-25 11:11:56 ----D---- C:\WINDOWS\msagent
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Media
2009-01-25 11:11:56 ----D---- C:\WINDOWS\L2Schemas
2009-01-25 11:11:56 ----D---- C:\WINDOWS\java
2009-01-25 11:11:56 ----D---- C:\WINDOWS\ime
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Help
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Driver Cache
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Debug
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Cursors
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Connection Wizard
2009-01-25 11:11:56 ----D---- C:\WINDOWS\Config
2009-01-25 11:11:56 ----D---- C:\WINDOWS\AppPatch
2009-01-25 11:11:56 ----D---- C:\WINDOWS\addins
2009-01-25 11:11:56 ----D---- C:\WINDOWS
2009-01-15 03:22:00 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 03:21:44 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 03:19:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 03:19:02 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui

======List of files/folders modified in the last 3 months======

2009-02-08 18:57:35 ----A---- C:\WINDOWS\win.ini
2009-02-08 18:57:35 ----A---- C:\WINDOWS\system.ini
2009-01-15 03:22:22 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 03:19:22 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 03:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-01-15 03:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 03:12:12 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 03:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-01-15 03:06:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 03:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-01-15 03:06:00 ----A---- C:\WINDOWS\system32\url.dll
2009-01-15 03:05:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-15 03:05:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-01-15 03:05:34 ----A---- C:\WINDOWS\system32\msrating.dll
2009-01-15 03:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-01-15 03:04:28 ----A---- C:\WINDOWS\system32\corpol.dll
2009-01-15 03:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-01-15 03:03:58 ----A---- C:\WINDOWS\system32\jscript.dll
2009-01-15 03:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-01-15 03:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-01-15 03:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-01-15 03:03:32 ----A---- C:\WINDOWS\system32\admparse.dll
2009-01-15 03:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-01-15 03:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-01-15 03:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-01-15 03:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-01-15 03:03:14 ----A---- C:\WINDOWS\system32\inseng.dll
2009-01-15 03:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-01-15 03:03:12 ----A---- C:\WINDOWS\system32\advpack.dll
2009-01-15 03:02:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 03:02:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 03:02:20 ----A---- C:\WINDOWS\system32\mstime.dll
2009-01-15 03:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-01-15 03:01:42 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 03:01:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 03:01:40 ----A---- C:\WINDOWS\system32\icardie.dll
2009-01-15 03:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-01-15 03:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-01-15 03:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-01-15 03:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-01-15 03:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-01-15 03:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-01-15 03:00:38 ----A---- C:\WINDOWS\system32\mshta.exe
2009-01-15 02:50:50 ----A---- C:\WINDOWS\system32\ieui.dll
2009-01-15 02:50:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-01-15 02:35:10 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 19:15:13 ----N---- C:\WINDOWS\system32\extmgr.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-03-02 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-03-02 31504]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2008-05-14 171520]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2008-04-13 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2008-04-13 220032]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-10-20 73856]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2008-04-13 685056]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-03-02 18560]
S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2008-04-13 104960]
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2008-04-13 73216]
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2008-04-13 52224]
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2008-04-13 63488]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2008-04-13 13824]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-03-02 618232]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:08 AM

Posted 13 March 2009 - 06:59 AM

Hi again,

Before anything we need internet connection to be restored. Looking at the logs on face value I don't see any suspicious thing. We take a deeper look at the system anyway later on to make sure there is no hidden malware.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

    You have to decide which product you want to keep. Either you keep Comodo Internet Security (antivirus + firewall) or you uninstall it and later on, when everything is working, install a stand alone firewall beside Avast. After you decided please go to Add/Remove programs and uninstall one of them.

  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar

    Also remove the folder in bold: C:\Program Files\AskSBar

  • You have still some Norton drivers on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

    Please apply the removal tool anyway even if you have already applied it. The if anything is left we will remove it manually.

  • RSIT log was not complete because it couldn't download a Hijackthis. We have to install HijackThis. Click here to download HijackThis Installer.
  • Save HJTInstall.exe to your Desktop.
  • Double click on the HJTInstall.exe icon to start the installation.
  • When a window pops up asking you the directory to install the program please accept the proposed default directory.
The program will automatically place a shortcut on your desktop and if further use of the program is required, you can click on the shortcut to run the program.

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
Please include in your next reply:
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.

#5 soloa

soloa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:12:08 AM

Posted 13 March 2009 - 11:14 PM

Farber:

1) I have only Comodo Firewall and AVAST antivirus so there should be no confilict and therefore, I did not have to do Step 1.

2) I removed the "Ask Toolbar" and after removal there was no "AskBar" folder in C:\Program Files.

3) Downloaded and ran the "Norton Removal Tool" and after computer restart "Internet Explorer" and "Firefox" are able to access the internet.

4) Now that the problem seems to have been resolved (and it was perhaps not a malware issue, not that the remenants of Norton were behaving like one) do I still need to run "HJTInstall.exe"?

Thanks for all your detailed help.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:08 AM

Posted 14 March 2009 - 05:22 AM

Hi soloa,

Glad the issue is resolved.

As Comodo concerns the log shows something more than a firewall. Comodo used to be a firewall, now many people install the Comodo Internet Security and think that is the firewall until it starts to alert them for viruses. This is what I saw on the log, there is a service and a startup referring to COMODO Internet Security:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-03-02 1797880]

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-03-02 618232]


Anyway since you are sure that is only a firewall no problem. No need for a log but just this one should be taken care of:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove:

    Java™ 6 Update 7
  • Reboot your computer.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
Happy surfing!

#7 soloa

soloa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:12:08 AM

Posted 15 March 2009 - 12:34 PM

Hi farber,

Thanks for your suggestion, I have updated with JRE 6 Update 12. Again Thanks for all your help.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:08 AM

Posted 15 March 2009 - 01:04 PM

You are welcome, glad I could help.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·