Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just started getting bombarded with virus warnings


  • This topic is locked This topic is locked
3 replies to this topic

#1 scootter82

scootter82

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 25 March 2009 - 10:57 AM

I opened up a file and my AVG Resident sheild went nuts.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:54 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKUS\S-1-5-21-515967899-839522115-46831656-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Scott')
O4 - HKUS\S-1-5-21-515967899-839522115-46831656-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Scott')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236741533226
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236746404859
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

--
End of file - 6595 bytes

Thanks

BC AdBot (Login to Remove)

 


#2 scootter82

scootter82
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 25 March 2009 - 11:41 AM

I ran a combofix and here is the log:

ComboFix 09-03-23.01 - Administrator 2009-03-25 11:27:30.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.716 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Install.txt
C:\WINDOWS\system32\dxonool32.sys
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\lowsec
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec\user.ds.lll
C:\WINDOWS\system32\sdra64.exe
C:\WINDOWS\system32\vfp6rcze.dll
C:\WINDOWS\system32\vfp6rrus.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_SOPIDKC
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 11:22 . 2009-03-25 11:22 90 --a------ C:\WINDOWS\wininit.ini
2009-03-25 10:50 . 2009-03-25 10:50 <DIR> d--hs---- C:\Documents and Settings\Administrator\IETldCache
2009-03-25 10:49 . 2009-03-25 10:52 <DIR> d-------- C:\Documents and Settings\Administrator
2009-03-25 10:41 . 2009-03-25 10:41 <DIR> d--hs---- C:\Documents and Settings\LocalService\IETldCache
2009-03-25 10:39 . 2009-03-25 10:39 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\IETldCache
2009-03-25 10:39 . 2009-03-25 15:35 8,467 --a------ C:\WINDOWS\system32\wf.exe
2009-03-25 10:39 . 2009-03-25 10:39 40 --a------ C:\WINDOWS\system32\D.tmp
2009-03-25 10:39 . 2009-03-25 10:39 0 --a------ C:\WINDOWS\system32\10.tmp
2009-03-25 09:53 . 2009-03-25 09:53 <DIR> d--hs---- C:\Documents and Settings\NetworkService\IETldCache
2009-03-24 09:06 . 2009-03-24 09:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2009-03-23 14:02 . 2009-03-23 14:02 <DIR> d-------- C:\Program Files\Adobe Media Player
2009-03-23 13:58 . 2009-03-23 13:58 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2009-03-19 15:53 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2009-03-19 12:25 . 2009-03-19 12:25 <DIR> d-------- C:\WINDOWS\ie8updates
2009-03-19 12:20 . 2009-03-19 12:22 <DIR> d--h-c--- C:\WINDOWS\ie8
2009-03-19 12:17 . 2009-02-27 23:55 105,984 -----c--- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-03-18 12:22 . 2009-03-18 12:22 <DIR> d-------- C:\Program Files\DemoForge
2009-03-18 12:21 . 2009-03-18 12:22 <DIR> d--h----- C:\Program Files\Zero G Registry
2009-03-17 11:21 . 2009-03-17 11:21 <DIR> d-------- C:\Program Files\Common Files\ZUD Drivers
2009-03-17 10:37 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2009-03-17 10:37 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2009-03-17 09:27 . 2009-03-17 09:27 <DIR> d-------- C:\Program Files\PowerISO
2009-03-15 05:25 . 2009-03-15 05:25 56,268 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2009-03-14 21:01 . 2008-04-14 05:42 168,448 --a------ C:\WINDOWS\system32\irftp.exe
2009-03-14 21:01 . 2008-04-14 05:42 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2009-03-14 21:01 . 2008-04-14 05:41 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2009-03-14 21:01 . 2008-04-14 05:41 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2009-03-14 21:01 . 2008-04-14 05:42 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2009-03-14 21:01 . 2008-04-14 05:42 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2009-03-14 20:56 . 2009-03-14 20:56 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2009-03-14 20:56 . 2008-12-04 11:34 27,784 --a------ C:\WINDOWS\system32\drivers\point32.sys
2009-03-13 12:44 . 2009-03-13 12:44 <DIR> d-------- C:\Program Files\iSkysoft
2009-03-13 12:00 . 2009-03-13 12:00 <DIR> d-------- C:\Program Files\iTunes
2009-03-13 12:00 . 2009-03-13 12:00 <DIR> d-------- C:\Program Files\iPod
2009-03-13 12:00 . 2009-03-13 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 12:00 . 2008-04-17 12:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2009-03-13 12:00 . 2009-01-15 12:19 23,848 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2009-03-13 11:59 . 2009-03-13 11:59 <DIR> d-------- C:\Program Files\QuickTime
2009-03-13 11:59 . 2009-03-13 11:59 <DIR> d-------- C:\Program Files\Bonjour
2009-03-13 11:59 . 2009-03-13 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-13 11:58 . 2009-03-13 11:58 <DIR> d-------- C:\Program Files\Apple Software Update
2009-03-13 11:58 . 2009-03-05 23:59 1,900,544 --a------ C:\WINDOWS\system32\usbaaplrc.dll
2009-03-13 11:58 . 2009-03-05 23:59 36,864 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2009-03-13 11:57 . 2009-03-13 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2009-03-13 11:57 . 2009-03-13 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2009-03-13 10:00 . 2008-04-14 05:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2009-03-13 10:00 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2009-03-13 10:00 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2009-03-13 10:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2009-03-13 09:40 . 2009-03-13 09:40 <DIR> d-------- C:\m2mbats
2009-03-13 00:40 . 2009-03-13 00:40 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-03-13 00:01 . 2009-03-13 00:01 <DIR> d-------- C:\Program Files\Google
2009-03-12 09:52 . 2009-03-12 09:52 <DIR> d-------- C:\Program Files\Symantec
2009-03-12 09:52 . 2009-03-12 09:53 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2009-03-12 09:52 . 2009-03-12 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2009-03-12 09:49 . 2009-03-12 09:50 <DIR> d-------- C:\Program Files\M2MWin
2009-03-12 09:49 . 2000-02-29 15:46 5,582,897 --------- C:\WINDOWS\system32\mso9.dll
2009-03-12 09:47 . 2009-03-12 09:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2009-03-12 09:44 . 2009-03-12 09:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2009-03-12 09:44 . 2009-03-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-03-12 09:31 . 2009-03-24 08:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2009-03-12 00:42 . 2009-03-25 10:54 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-12 00:02 . 2004-05-20 00:58 379,456 -ra------ C:\WINDOWS\system32\drivers\PRISMA02.sys
2009-03-11 23:07 . 2004-07-20 10:14 192,512 --a------ C:\WINDOWS\system32\stac97co.dll
2009-03-11 23:07 . 2004-08-17 16:34 102,481 -r------- C:\WINDOWS\system32\stac97.cpl
2009-03-11 19:00 . 2009-03-11 19:00 <DIR> d-------- C:\Program Files\VideoLAN
2009-03-11 18:55 . 2009-03-11 18:55 <DIR> d-------- C:\Program Files\uTorrent
2009-03-11 18:55 . 2009-03-11 18:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2009-03-11 16:55 . 2009-03-11 16:55 <DIR> d-------- C:\WINDOWS\tiinst
2009-03-11 16:55 . 2006-04-06 15:49 88,192 --a------ C:\WINDOWS\system32\drivers\gtipci21.sys
2009-03-11 16:55 . 2004-03-23 11:45 28,672 --a------ C:\WINDOWS\cttib1.dll
2009-03-11 16:55 . 2005-01-14 17:28 17,120 --a------ C:\WINDOWS\system32\drivers\tiscfw.deb
2009-03-11 16:54 . 2009-03-11 16:54 <DIR> d-------- C:\Program Files\DIFX
2009-03-11 16:51 . 2009-03-14 20:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2009-03-11 16:51 . 2007-02-12 11:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2009-03-11 16:51 . 2008-01-07 13:36 2,216,064 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2009-03-11 16:51 . 2007-02-12 11:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2009-03-11 16:50 . 2006-09-15 16:49 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2009-03-11 16:48 . 2009-03-11 16:48 <DIR> d-------- C:\Program Files\Apoint
2009-03-11 16:48 . 2006-09-15 16:50 184,320 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2009-03-11 16:48 . 2005-09-28 20:57 113,847 -ra------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2009-03-11 16:48 . 2005-03-04 20:31 95,511 -ra------ C:\WINDOWS\system32\Vxdif.dll
2009-03-11 16:48 . 2006-09-15 17:08 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4693.dll
2009-03-11 16:46 . 2009-03-11 16:51 <DIR> d-------- C:\Program Files\Intel
2009-03-11 04:30 . 2008-10-16 14:06 268,648 --a------ C:\WINDOWS\system32\mucltui.dll
2009-03-11 04:30 . 2008-10-16 14:06 27,496 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2009-03-11 02:34 . 2008-09-09 20:14 1,307,648 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2009-03-11 02:34 . 2008-04-13 22:57 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2009-03-11 02:34 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2009-03-11 02:34 . 2008-04-14 00:15 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2009-03-11 02:34 . 2008-04-14 00:13 26,624 --------- C:\WINDOWS\system32\comsdupd.exe
2009-03-11 02:34 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2009-03-11 02:34 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2009-03-11 02:32 . 2009-03-11 02:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2009-03-11 02:31 . 2009-03-11 02:31 <DIR> d-------- C:\WINDOWS\system32\bits
2009-03-11 02:26 . 2009-01-09 14:19 1,089,593 -----c--- C:\WINDOWS\system32\dllcache\ntprint.cat
2009-03-11 02:23 . 2009-03-11 02:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2009-03-11 02:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\004552_.tmp
2009-03-11 00:33 . 2009-03-11 00:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2009-03-11 00:32 . 2009-03-11 00:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2009-03-11 00:32 . 2009-03-11 00:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2009-03-11 00:25 . 2009-03-11 23:07 <DIR> d-------- C:\Program Files\Sigmatel
2009-03-11 00:20 . 2009-03-11 00:20 <DIR> d-------- C:\Program Files\CONEXANT
2009-03-11 00:16 . 2009-03-11 00:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2009-03-10 23:28 . 2009-03-10 23:28 <DIR> d-------- C:\Program Files\Windows Defender
2009-03-10 23:08 . 2009-03-12 09:49 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2009-03-10 23:08 . 2009-03-11 17:21 <DIR> d-------- C:\Program Files\Broadcom
2009-03-10 23:08 . 2008-04-14 05:42 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2009-03-10 23:08 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2009-03-10 23:08 . 2008-04-14 05:42 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2009-03-10 23:07 . 2009-03-11 23:07 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2009-03-10 23:06 . 2009-03-19 12:34 <DIR> d-------- C:\Documents and Settings\Scott
2009-03-10 23:05 . 2009-03-10 23:05 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2009-03-10 23:05 . 2009-03-25 09:53 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2009-03-10 23:05 . 2009-03-10 23:05 <DIR> d--hs---- C:\Documents and Settings\LocalService
2009-03-10 23:03 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2009-03-10 23:02 . 2009-03-10 23:02 <DIR> d-------- C:\WINDOWS\system32\xircom
2009-03-10 23:02 . 2009-03-10 23:02 <DIR> d-------- C:\Program Files\microsoft frontpage
2009-03-10 23:01 . 2009-03-11 00:22 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2009-03-10 23:01 . 2009-03-11 00:33 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2009-03-10 23:01 . 2009-03-11 00:33 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2009-03-10 23:01 . 2009-03-10 23:01 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2009-03-10 23:01 . 2009-03-10 23:01 0 --a------ C:\WINDOWS\control.ini
2009-03-10 23:00 . 2009-03-24 09:06 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2009-03-10 23:00 . 2009-03-10 23:00 <DIR> d-------- C:\Program Files\Microsoft Works

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2009-03-22 20:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2009-03-11 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-11 03:39 325,640 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2009-03-11 03:39 107,912 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2009-03-11 03:38 --------- d-----w C:\Program Files\AVG
2009-03-11 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-11 03:28 --------- d-----w C:\Program Files\Trend Micro
2009-03-10 18:58 --------- d-----w C:\Program Files\MSXML 6.0
2009-03-10 18:04 --------- d-----w C:\Program Files\Reference Assemblies
2009-03-10 18:04 --------- d-----w C:\Program Files\MSBuild
.

------- Sigcheck -------

2008-04-14 05:42 1050624 1b989d837ca835cb8004fa188494df31 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1050624 34c863bc7239100a80964bcafed711b5 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1050112 f1e0c6c22a8e40310339183a8d1fa6ac C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 07:00 1049088 d90ca3b90f3c6017e63bdbe1505a6339 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1050624 e0a878251bd1cc502ec046c9c375bbd7 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-04 07:00 32768 a28028bf070726646493f0f5b8314754 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 32256 af0c356a065b12ee41aff3fa6c37703e C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 32768 38550ef70805c0c0d3f041b76a6183ad C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 75264 7e9216f639a326ed072f331ab8212205 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 74752 65a090270b18fd494c2423881b01fdda C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 07:00 74752 becf57433df74f0bdc7804d443feaaae C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 05:42 75264 9db78298d78ea4b133115693909f53b9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 05:42 75264 0e5c6ac235a9655a8e8bc88ab544041c C:\WINDOWS\system32\spoolsv.exe

2004-08-04 07:00 41472 ac6e6af8034ffca72d8d2f20845a86b7 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 05:42 43520 8833feca91729890221d350498598ef6 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 05:42 43008 2b92faea67066c361b92e46d5e108f82 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD344"="del" [X]
"SpybotDeletingB8421"="command.com" [2004-08-04 07:00 50620 C:\WINDOWS\system32\command.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-03-10 22:39 1932568]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 196608]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-15 16:53 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-15 16:50 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-15 16:54 139264]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 12:56 1406024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-10 22:39 10520 C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 12:10 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 20:19:58 13592]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2009-03-10 22:39:31 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2009-03-10 22:39:31 107912]
S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-10 22:39:26 908056]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 22:39:25 298264]
S2 tdctxte;tdctxte Service;C:\WINDOWS\system32\tdctxte.exe --> C:\WINDOWS\system32\tdctxte.exe [?]
S3 dfmirage;dfmirage;C:\WINDOWS\system32\drivers\dfmirage.sys [2005-11-25 17:43:48 31896]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\drivers\gtipci21.sys [2009-03-11 16:55:13 88192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

2009-03-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

2009-03-20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 16:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
.

Thanks!

#3 scootter82

scootter82
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 27 March 2009 - 10:18 AM

Never mind. I formatted and reinstalled

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:13 PM

Posted 27 March 2009 - 03:50 PM

Thank you for letting us know. This topic is now closed. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users