Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure of Problem!! HELP=[


  • This topic is locked This topic is locked
37 replies to this topic

#1 Camaro2010

Camaro2010

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 April 2009 - 10:48 AM

Hey guys, the names Camaro and i need some help..

Recently i was trying to download a song called Boten Anna(Polska Version) turns out it was a trojan etc..

I deleted it all yet am still having multiple problems with trojans popping up and malware detections etc through Mcafee Virus Protection and SpyWare Doctor.I delete them every time but they keep coming up..am i doing something wrong? or missing something??

Now with these trojans etc. everytime i open up Mozilla( i dont use IE7) i get about 2 popups from IE7!! it gets very annoying and i know i am infected

Hopefully someone can help me because i am unable to figure it out.

Thanks Very much in advance,

Camaro2010




Heres my HiJackThis Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:41 AM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\McAfee\Common Framework\naPrdMgr.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\NCH Swift Sound\VRS\vrs.exe
D:\Program Files\NCH Swift Sound\Axon\axon.exe
D:\Program Files\Windows Media Player\WMPNetwk.exe
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ltajozunesey] rundll32.exe "D:\WINDOWS\ubukekibehav.dll",e
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: D:\Program Files\RelevantKnowledge\rlai.dll,D:\WINDOWS\System32\cnvfat32.dll
O20 - Winlogon Notify: 3024b7e4573 - D:\WINDOWS\System32\cnvfat32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Axon Virtual PBX (AxonService) - NCH Software - D:\Program Files\NCH Swift Sound\Axon\axon.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - D:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 7805 bytes

BC AdBot (Login to Remove)

 


#2 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 08 April 2009 - 12:01 PM

**BUMP**

Hey guys did you find anything from my log??

Still need some help ...It is GREATLY Appreciated!!!!!! :thumbup2:

#3 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 10 April 2009 - 11:51 AM

hey guys got a new addition to the problem im having..i just recently got something on my virus protection called "CNVFAT32.DLL" problem is whenever i delete it , it wont clean itself so it keeps coming back. Its known as a Generic.dx and its detection type is a Trojan.. PLEASE SOMEONE HELPPPPPP!!!!!!!!

#4 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 10 April 2009 - 01:39 PM

Okay, ive been waiting over a day now and i have yet to recieve any help at all..i know youy all are volunteers etc but cmon i need some help too...please...ANYTHING?!?!?!?!?!?!?

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:45 PM

Posted 20 April 2009 - 12:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#6 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 20 April 2009 - 06:45 PM

Hello KoanYorel,

Thank you for your help and response..here are the logs that you have requested:


DDS Log:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Admin at 19:37:43.89 on Mon 04/20/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.396 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\NCH Swift Sound\VRS\vrs.exe
D:\Program Files\NCH Swift Sound\Axon\axon.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\msiexec.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - d:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [ATICCC] "d:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ArcSoft Connection Service] d:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: 3024b7e4573 - d:\windows\system32\cnvfat32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: d:\program files\relevantknowledge\rlai.dll,d:\windows\system32\cnvfat32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\admin\applic~1\mozilla\firefox\profiles\tv3nkba0.default\
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {D2632EAB-7C79-4A15-A0DD-CBD6821BF83A} - d:\documents and settings\admin\local settings\application data\{D2632EAB-7C79-4A15-A0DD-CBD6821BF83A}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [2009-4-20 12552]
R0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys [2009-4-6 130424]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-4-20 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-4-20 27656]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-4-20 108552]
R1 mferkdk;VSCore mferkdk;\??\d:\program files\mcafee\virusscan enterprise\mferkdk.sys --> d:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-20 298264]
R2 AxonService;Axon Virtual PBX;d:\program files\nch swift sound\axon\axon.exe [2008-11-2 602116]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2008-9-15 24652]
R2 VRSService;VRS Recording System;d:\program files\nch swift sound\vrs\vrs.exe [2008-11-2 651268]
R3 mfehidk;McAfee Inc.;d:\windows\system32\drivers\mfehidk.sys --> d:\windows\system32\drivers\mfehidk.sys [?]
S2 McShield;McAfee McShield;"d:\program files\mcafee\virusscan enterprise\mcshield.exe" --> d:\program files\mcafee\virusscan enterprise\Mcshield.exe [?]
S2 McTaskManager;McAfee Task Manager;"d:\program files\mcafee\virusscan enterprise\vstskmgr.exe" --> d:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [?]
S3 mfeavfk;McAfee Inc.;d:\windows\system32\drivers\mfeavfk.sys --> d:\windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc.;d:\windows\system32\drivers\mfebopk.sys --> d:\windows\system32\drivers\mfebopk.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2009-4-6 348752]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2009-4-6 1095560]

=============== Created Last 30 ================

2009-04-20 19:30 12,552 a------- d:\windows\system32\drivers\avgrkx86.sys
2009-04-20 19:30 10,520 a------- d:\windows\system32\avgrsstx.dll
2009-04-20 19:30 325,640 a------- d:\windows\system32\drivers\avgldx86.sys
2009-04-20 19:30 108,552 a------- d:\windows\system32\drivers\avgtdix.sys
2009-04-20 19:30 <DIR> --d----- d:\windows\system32\drivers\Avg
2009-04-20 19:30 <DIR> --d----- d:\program files\AVG
2009-04-20 19:30 <DIR> --d----- d:\docume~1\alluse~1\applic~1\avg8
2009-04-20 19:19 <DIR> --d----- d:\docume~1\admin\applic~1\AVG8
2009-04-20 12:20 <DIR> --d----- d:\program files\StarCraft
2009-04-16 02:30 284,160 -c------ d:\windows\system32\dllcache\pdh.dll
2009-04-16 02:30 473,600 -c------ d:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:30 401,408 -c------ d:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:30 110,592 -c------ d:\windows\system32\dllcache\services.exe
2009-04-16 02:30 453,120 -c------ d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:30 227,840 -c------ d:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 02:30 729,088 -c------ d:\windows\system32\dllcache\lsasrv.dll
2009-04-16 02:30 714,752 -c------ d:\windows\system32\dllcache\ntdll.dll
2009-04-16 02:30 617,472 -c------ d:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:29 2,560 -------- d:\windows\system32\xpsp4res.dll
2009-04-16 02:29 1,203,922 -c------ d:\windows\system32\dllcache\sysmain.sdb
2009-04-16 02:29 215,552 -c------ d:\windows\system32\dllcache\wordpad.exe
2009-04-14 14:17 41,808 a------- d:\windows\system32\xfcodec.dll
2009-04-13 12:41 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 12:39 <DIR> --d----- d:\docume~1\admin\applic~1\Malwarebytes
2009-04-13 12:38 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-04-13 12:38 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-13 12:38 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-04-10 17:35 13,666 a------- d:\windows\GnuHashes.ini
2009-04-08 11:36 <DIR> --d----- d:\program files\Trend Micro
2009-04-08 11:26 0 a------- d:\windows\Snogutilesol.bin
2009-04-08 11:26 408 a------- d:\windows\Gqabofiwupuc.dat
2009-04-06 13:31 159,600 a------- d:\windows\system32\drivers\pctgntdi.sys
2009-04-06 13:31 130,424 a------- d:\windows\system32\drivers\PCTCore.sys
2009-04-06 13:31 73,840 a------- d:\windows\system32\drivers\PCTAppEvent.sys
2009-04-06 13:31 <DIR> --d----- d:\program files\common files\PC Tools
2009-04-06 13:31 64,392 a------- d:\windows\system32\drivers\pctplsg.sys
2009-04-06 13:30 <DIR> --d----- d:\program files\Spyware Doctor
2009-04-06 13:30 <DIR> --d----- d:\docume~1\alluse~1\applic~1\PC Tools
2009-04-06 13:30 <DIR> --d----- d:\docume~1\admin\applic~1\PC Tools
2009-04-06 13:24 <DIR> -cd-h--- d:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-06 13:24 <DIR> --d----- d:\program files\Lavasoft
2009-04-06 13:06 <DIR> --d----- d:\program files\VS Revo Group
2009-04-04 19:21 1,473 a--sh--- d:\windows\system32\GroupPolicy000.dat
2009-04-04 19:21 615 a------- d:\windows\system32\WzanlXS4FvcPJ.vbs
2009-03-29 19:22 <DIR> --d----- d:\docume~1\admin\applic~1\Wizards of the Coast
2009-03-29 19:21 <DIR> --d----- d:\program files\Wizards of the Coast

==================== Find3M ====================

2009-03-17 21:00 138,376 a------- d:\windows\system32\drivers\PnkBstrK.sys
2009-03-17 21:00 202,448 a------- d:\windows\system32\PnkBstrB.exe
2009-03-09 05:19 410,984 a------- d:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- d:\windows\system32\pdh.dll
2009-03-02 23:21 75,064 a------- d:\windows\system32\PnkBstrA.exe
2009-02-20 04:10 666,112 a------- d:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- d:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- d:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- d:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- d:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- d:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- d:\windows\system32\win32k.sys
2009-02-08 23:47 86,327 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-07 19:02 2,066,048 a------- d:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- d:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- d:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- d:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- d:\windows\system32\secur32.dll
2009-02-02 18:53 21,840 a------- d:\windows\system32\SIntfNT.dll
2009-02-02 18:53 17,212 a------- d:\windows\system32\SIntf32.dll
2009-02-02 18:53 12,067 a------- d:\windows\system32\SIntf16.dll

============= FINISH: 19:38:37.64 ===============







Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskDmVolumes\The-beastDg0\Volume1
Install Date: 9/15/2008 12:07:46 AM
System Uptime: 4/18/2009 10:24:17 PM (45 hours ago)

Motherboard: Intel Corporation | | D845EPT2
Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 13.769 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 71.444 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP258: 4/18/2009 8:04:55 AM - System Checkpoint
RP259: 4/19/2009 8:29:03 AM - System Checkpoint
RP260: 4/20/2009 9:41:04 AM - System Checkpoint
RP261: 4/20/2009 12:21:17 PM - Revo Uninstaller's restore point - McAfee VirusScan Enterprise
RP262: 4/20/2009 12:23:27 PM - Removed McAfee VirusScan Enterprise
RP263: 4/20/2009 12:36:01 PM - Revo Uninstaller's restore point - Atlantica Online
RP264: 4/20/2009 12:36:43 PM - Removed Atlantica Online
RP265: 4/20/2009 7:30:24 PM - Installed AVG 8.5

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
AC3Filter (remove only)
Acoustica Effects Pack
Acoustica Mixcraft 4.2
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer 1.1
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Castles Free Trial
Age of Empires III
Age of Empires III - The WarChiefs
AGEIA PhysX v7.11.13
AIM 6
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArtWonk v2.2.1402
Asterisk Key 8.3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 8.5
Axis and Allies
Axon Virtual PBX
Battlefield 2™ Demo
Bonjour
CCScore
Command & Conquer Red Alert 2
Command & Conquer Renegade
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
EA SPORTS online 2008
Empire Earth II
Empires and Dungeons Free Trial
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Express Scribe
ffdshow (remove only)
fflink
Final Fantasy VII - Ultima Edition
Final Fantasy VII XP Patch
GKLauncher
Half-Life 2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Install(US)2
iTunes
Java™ 6 Update 13
Java™ 6 Update 7
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LimeWire 5.1.2
Madden NFL 08
Magic Online III
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Zoo Tycoon
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
netbrdg
OfotoXMI
PowerISO
Prison Tycoon
QuickTime
Revo Uninstaller 1.80
Sacred 2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SFR
SHASTA
skin0001
SKINXSDK
Source SDK Base
SpyHunter
Spyware Doctor 6.0
StarCraft
staticcr
Station Launcher
Steam
StorYBook
Switch Sound File Converter
System Requirements Lab
TeamSpeak 2 RC2
tooltips
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
VRS Recording System
WavePad Sound Editor
WebFldrs XP
Westwood Shared Internet Components
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 12.0
WIRELESS
World of Warcraft
Xfire (remove only)
Zeus
ZeusDemo
Zombie Panic! Source

==== Event Viewer Messages From Past Week ========

4/18/2009 10:25:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
4/18/2009 10:25:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/17/2009 10:26:36 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s).
4/17/2009 10:01:12 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
4/16/2009 9:54:35 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s).
4/16/2009 9:48:18 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s).
4/16/2009 4:04:04 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).
4/16/2009 3:17:40 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
4/15/2009 8:06:24 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s).
4/14/2009 4:44:33 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).
4/14/2009 4:15:29 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
4/13/2009 2:38:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VRS Recording System service to connect.
4/13/2009 2:38:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
4/13/2009 2:38:16 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/13/2009 12:27:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/13/2009 12:27:55 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
4/13/2009 12:26:25 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================









Thanks for your help again!! :thumbup2: :)

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 21 April 2009 - 04:15 PM

Hi Camaro2010,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (Bitlord, uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see on the log the DAEMON Tools Toolbar is installed on your computer:
    This program is known to be bundled with spyware. You may read more about it here:
    http://vil.mcafeesecurity.com/vil/content/v_133312.htm

    To uninstall DAEMON Tools Toolbar:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    DAEMON Tools Toolbar

    Also remove the folder in bold: C:\Program Files\DAEMON Tools Toolbar

  • You have the latest version of Java (version 6 update 13) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 7

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of just log.txt. No need for info.txt (<<will be maximized) and info.txt (<<will be minimized).

You might want to save this page on your favorites, so you can find it again when you return.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 26 April 2009 - 01:38 PM

I'll wait one more day before closing the topic.

#9 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 26 April 2009 - 03:56 PM

farbar,

i am currently out of internet service on the computer that is causing the problems..what do you recommend so i am able to get the information you have requested to you?? Without the internet service, i cannot access the download for the files etc. any ideas?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 26 April 2009 - 04:50 PM

Please give me detailed information.

Since when you have no internet connection? I assume you have another computer you are posting the reply and that one has a connection and both the computers are on the same connection? If yes we can use another computer to do the fixes.

You had McAfee antivirus and now you have AVG. How did you remove McAfee, did you uninstall it via Add/Remove Programs?

Once you gave me some information I'll post the fix and try to take into account that you don't have a connection. Then our primary aim would be restoring connection.

#11 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 27 April 2009 - 07:44 PM

Farbar,

Back up and running on the main infected computer. Now i am aiming to do everything yuuou have instructed me to do so and i will post again soon with all the information requested.. i appreciate your waiting etc. thank you!

#12 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 27 April 2009 - 08:05 PM

Here is the information you have requested:

Anti Malware MalwareBytes Log:


Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 3

4/27/2009 9:03:28 PM
mbam-log-2009-04-27 (21-03-28).txt

Scan type: Quick Scan
Objects scanned: 80769
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









RSIT Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-04-27 20:54:39
Microsoft Windows XP Professional Service Pack 3
System drive D: has 75 GB (49%) free of 153 GB
Total RAM: 767 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:09 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\Program Files\NCH Swift Sound\Axon\axon.exe
D:\Program Files\NCH Swift Sound\VRS\vrs.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Documents and Settings\Admin\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "D:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\Program Files\RelevantKnowledge\rlai.dll,D:\WINDOWS\System32\cnvfat32.dll
O20 - Winlogon Notify: 3024b7e4573 - D:\WINDOWS\System32\cnvfat32.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Axon Virtual PBX (AxonService) - NCH Software - D:\Program Files\NCH Swift Sound\Axon\axon.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - D:\Program Files\NCH Swift Sound\VRS\vrs.exe

--
End of file - 6789 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\EasyShare Registration Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2009-04-20 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ArcSoft Connection Service"=D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-20 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=D:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
D:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Axon]
D:\Program Files\NCH Swift Sound\Axon\axon.exe [2008-11-02 602116]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ltajozunesey]
D:\WINDOWS\ubukekibehav.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
D:\Program Files\RelevantKnowledge\rlvknlg.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-01-13 864256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\program files\steam\steam.exe [2009-03-12 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
D:\Program Files\NCH Swift Sound\VRS\vrs.exe [2008-11-02 651268]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^Adobe Media Player.lnk]
D:\PROGRA~1\Tools\ADOBEM~1\ADOBEM~1.EXE [2008-09-15 260096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Admin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
D:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
D:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\Program Files\RelevantKnowledge\rlai.dll,D:\WINDOWS\System32\cnvfat32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\3024b7e4573]
D:\WINDOWS\System32\cnvfat32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2006-01-24 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2009-04-20 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Tools\Xfire\xfire.exe"="D:\Program Files\Tools\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Program Files\Tools\Utorrent\uTorrent.exe"="D:\Program Files\Tools\Utorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\WINDOWS\system32\rundll32.exe"="D:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Program Files\Tools\uTorrent.exe"="D:\Program Files\Tools\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe"="D:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater"
"D:\Program Files\World of Warcraft\Launcher.exe"="D:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Program Files\Steam\steamapps\b0on89\zombie panic! source\hl2.exe"="D:\Program Files\Steam\steamapps\b0on89\zombie panic! source\hl2.exe:*:Enabled:hl2"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\Steam\steamapps\b0on89\source sdk base\hl2.exe"="D:\Program Files\Steam\steamapps\b0on89\source sdk base\hl2.exe:*:Enabled:hl2"
"D:\WINDOWS\explorer.exe"="D:\WINDOWS\explorer.exe:*:Enabled:Windows Shell"
"D:\Program Files\AVG\AVG8\avgam.exe"="D:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\AVG8\avgdiag.exe"="D:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"D:\Program Files\AVG\AVG8\avgdiagex.exe"="D:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG8\avgnsx.exe"="D:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-27 20:54:39 ----D---- D:\rsit
2009-04-21 07:55:19 ----HD---- D:\$AVG8.VAULT$
2009-04-20 19:30:44 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2009-04-20 19:30:29 ----D---- D:\Program Files\AVG
2009-04-20 19:30:24 ----D---- D:\Documents and Settings\All Users\Application Data\avg8
2009-04-20 19:19:59 ----D---- D:\Documents and Settings\Admin\Application Data\AVG8
2009-04-20 12:20:31 ----D---- D:\Program Files\StarCraft
2009-04-16 03:07:41 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$
2009-04-16 03:07:20 ----HDC---- D:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:04:05 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:03:39 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:01:46 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:01:26 ----HDC---- D:\WINDOWS\$NtUninstallKB963027$
2009-04-16 03:00:57 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$
2009-04-16 02:29:27 ----N---- D:\WINDOWS\system32\xpsp4res.dll
2009-04-14 14:17:32 ----A---- D:\WINDOWS\system32\xfcodec.dll
2009-04-13 12:39:19 ----D---- D:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-04-13 12:38:35 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-13 12:38:25 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-04-10 17:35:35 ----A---- D:\WINDOWS\GnuHashes.ini
2009-04-08 11:36:43 ----D---- D:\Program Files\Trend Micro
2009-04-06 13:31:07 ----D---- D:\Program Files\Common Files\PC Tools
2009-04-06 13:30:54 ----D---- D:\Program Files\Spyware Doctor
2009-04-06 13:30:54 ----D---- D:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-06 13:30:54 ----D---- D:\Documents and Settings\Admin\Application Data\PC Tools
2009-04-06 13:24:28 ----HDC---- D:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-06 13:24:20 ----D---- D:\Program Files\Lavasoft
2009-04-06 13:06:19 ----D---- D:\Program Files\VS Revo Group
2009-04-05 13:35:36 ----A---- D:\WINDOWS\system32\javaws.exe
2009-04-05 13:35:36 ----A---- D:\WINDOWS\system32\javaw.exe
2009-04-05 13:35:36 ----A---- D:\WINDOWS\system32\java.exe
2009-04-05 13:19:40 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-04 19:21:04 ----A---- D:\WINDOWS\system32\WzanlXS4FvcPJ.vbs
2009-03-29 19:22:00 ----D---- D:\Documents and Settings\Admin\Application Data\Wizards of the Coast
2009-03-29 19:21:23 ----D---- D:\Program Files\Wizards of the Coast
2009-03-17 14:46:22 ----D---- D:\Program Files\iPod
2009-03-17 14:46:19 ----D---- D:\Program Files\iTunes
2009-03-17 14:46:19 ----D---- D:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-17 14:42:22 ----D---- D:\Program Files\QuickTime
2009-03-16 20:30:12 ----SHD---- D:\Config.Msi
2009-03-15 12:31:06 ----D---- D:\WINDOWS\system32\Adobe
2009-03-12 15:01:30 ----D---- D:\Program Files\Steam
2009-03-11 11:51:32 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$
2009-03-11 11:51:22 ----HDC---- D:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 11:51:11 ----HDC---- D:\WINDOWS\$NtUninstallKB958690$
2009-03-11 11:50:02 ----HDC---- D:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-09 19:43:09 ----A---- D:\WINDOWS\GKLauncherInfo.ini
2009-03-09 19:38:50 ----D---- D:\Program Files\GameKiss
2009-02-25 04:00:39 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$
2009-02-19 20:17:58 ----D---- D:\Program Files\Hasbro Interactive
2009-02-17 22:43:08 ----HDC---- D:\WINDOWS\$NtUninstallWdf01005$
2009-02-17 22:29:39 ----D---- D:\Program Files\EA SPORTS
2009-02-13 19:39:29 ----D---- D:\Program Files\Common Files\INCA Shared
2009-02-11 17:43:26 ----D---- D:\AeriaGames
2009-02-11 17:29:57 ----D---- D:\Documents and Settings\Admin\Application Data\InstallShield
2009-02-11 04:01:07 ----HDC---- D:\WINDOWS\$NtUninstallKB960715$
2009-02-10 18:14:47 ----D---- D:\Program Files\EA GAMES
2009-02-10 16:59:22 ----SHD---- D:\WINDOWS\ftpcache
2009-02-10 16:58:58 ----D---- D:\Program Files\AgeOfCastles_at
2009-02-10 04:00:59 ----HDC---- D:\WINDOWS\$NtUninstallKB951978$
2009-02-10 04:00:44 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2009-02-09 02:59:43 ----D---- D:\WINDOWS\Prefetch
2009-02-08 23:54:57 ----HDC---- D:\WINDOWS\$NtUninstallKB960714$
2009-02-08 23:54:45 ----HDC---- D:\WINDOWS\$NtUninstallKB958687$
2009-02-08 23:54:32 ----HDC---- D:\WINDOWS\$NtUninstallKB958644$
2009-02-08 23:54:18 ----HDC---- D:\WINDOWS\$NtUninstallKB958215$
2009-02-08 23:54:06 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2009-02-08 23:53:46 ----HDC---- D:\WINDOWS\$NtUninstallKB957095$
2009-02-08 23:53:31 ----HDC---- D:\WINDOWS\$NtUninstallKB956841$
2009-02-08 23:53:18 ----HDC---- D:\WINDOWS\$NtUninstallKB956803$
2009-02-08 23:53:06 ----HDC---- D:\WINDOWS\$NtUninstallKB956802$
2009-02-08 23:52:48 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2009-02-08 23:52:35 ----HDC---- D:\WINDOWS\$NtUninstallKB954600$
2009-02-08 23:52:22 ----HDC---- D:\WINDOWS\$NtUninstallKB954211$
2009-02-08 23:52:04 ----HDC---- D:\WINDOWS\$NtUninstallKB953838$
2009-02-08 23:51:51 ----HDC---- D:\WINDOWS\$NtUninstallKB952954$
2009-02-08 23:51:39 ----HDC---- D:\WINDOWS\$NtUninstallKB952287$
2009-02-08 23:51:26 ----HDC---- D:\WINDOWS\$NtUninstallKB951748$
2009-02-08 23:51:13 ----HDC---- D:\WINDOWS\$NtUninstallKB951698$
2009-02-08 23:51:01 ----HDC---- D:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-08 23:50:46 ----HDC---- D:\WINDOWS\$NtUninstallKB951066$
2009-02-08 23:50:35 ----HDC---- D:\WINDOWS\$NtUninstallKB950974$
2009-02-08 23:50:23 ----HDC---- D:\WINDOWS\$NtUninstallKB950762$
2009-02-08 23:50:11 ----HDC---- D:\WINDOWS\$NtUninstallKB946648$
2009-02-08 23:50:00 ----HDC---- D:\WINDOWS\$NtUninstallKB938464$
2009-02-08 23:49:46 ----HDC---- D:\WINDOWS\$NtUninstallKB932716-v2$
2009-02-08 23:43:25 ----D---- D:\WINDOWS\system32\scripting
2009-02-08 23:43:24 ----D---- D:\WINDOWS\l2schemas
2009-02-08 23:43:23 ----D---- D:\WINDOWS\system32\en
2009-02-08 23:43:22 ----D---- D:\WINDOWS\system32\bits
2009-02-08 23:38:14 ----D---- D:\WINDOWS\ServicePackFiles
2009-02-08 23:34:15 ----D---- D:\WINDOWS\network diagnostic
2009-02-08 23:24:08 ----HDC---- D:\WINDOWS\$NtServicePackUninstall$
2009-02-06 04:01:01 ----HDC---- D:\WINDOWS\$NtUninstallKB958215_0$
2009-02-06 04:00:43 ----HDC---- D:\WINDOWS\$NtUninstallKB960714_0$
2009-02-05 23:22:17 ----N---- D:\WINDOWS\system32\wlanapi.dll
2009-02-05 23:22:06 ----N---- D:\WINDOWS\system32\tspkg.dll
2009-02-05 23:22:05 ----N---- D:\WINDOWS\system32\tsgqec.dll
2009-02-05 23:21:56 ----N---- D:\WINDOWS\system32\spupdwxp.exe
2009-02-05 23:21:55 ----A---- D:\WINDOWS\system32\spdwnwxp.exe
2009-02-05 23:21:53 ----N---- D:\WINDOWS\system32\slserv.exe
2009-02-05 23:21:53 ----N---- D:\WINDOWS\system32\slrundll.exe
2009-02-05 23:21:53 ----N---- D:\WINDOWS\system32\slgen.dll
2009-02-05 23:21:53 ----N---- D:\WINDOWS\system32\slextspk.dll
2009-02-05 23:21:53 ----N---- D:\WINDOWS\system32\slcoinst.dll
2009-02-05 23:21:53 ----N---- D:\WINDOWS\slrundll.exe
2009-02-05 23:21:50 ----N---- D:\WINDOWS\system32\setupn.exe
2009-02-05 23:21:47 ----N---- D:\WINDOWS\system32\s3gnb.dll
2009-02-05 23:21:45 ----N---- D:\WINDOWS\system32\rhttpaa.dll
2009-02-05 23:21:43 ----N---- D:\WINDOWS\system32\rasqec.dll
2009-02-05 23:21:42 ----N---- D:\WINDOWS\system32\qutil.dll
2009-02-05 23:21:41 ----N---- D:\WINDOWS\system32\qcliprov.dll
2009-02-05 23:21:41 ----N---- D:\WINDOWS\system32\qagentrt.dll
2009-02-05 23:21:41 ----N---- D:\WINDOWS\system32\qagent.dll
2009-02-05 23:21:36 ----N---- D:\WINDOWS\system32\onex.dll
2009-02-05 23:21:33 ----N---- D:\WINDOWS\system32\nv4_disp.dll
2009-02-05 23:21:26 ----N---- D:\WINDOWS\system32\napstat.exe
2009-02-05 23:21:25 ----N---- D:\WINDOWS\system32\napmontr.dll
2009-02-05 23:21:25 ----N---- D:\WINDOWS\system32\napipsec.dll
2009-02-05 23:21:25 ----N---- D:\WINDOWS\system32\mtxparhd.dll
2009-02-05 23:21:24 ----N---- D:\WINDOWS\system32\msxml6r.dll
2009-02-05 23:21:24 ----N---- D:\WINDOWS\system32\msxml6.dll
2009-02-05 23:21:22 ----N---- D:\WINDOWS\system32\msshavmsg.dll
2009-02-05 23:21:22 ----N---- D:\WINDOWS\system32\mssha.dll
2009-02-05 23:21:07 ----N---- D:\WINDOWS\system32\mmcperf.exe
2009-02-05 23:21:07 ----N---- D:\WINDOWS\system32\mmcfxcommon.dll
2009-02-05 23:21:07 ----N---- D:\WINDOWS\system32\mmcex.dll
2009-02-05 23:21:07 ----N---- D:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-05 23:20:55 ----N---- D:\WINDOWS\system32\l2gpstore.dll
2009-02-05 23:20:55 ----N---- D:\WINDOWS\system32\kmsvc.dll
2009-02-05 23:20:54 ----N---- D:\WINDOWS\system32\kbdpash.dll
2009-02-05 23:20:54 ----N---- D:\WINDOWS\system32\kbdnepr.dll
2009-02-05 23:20:54 ----N---- D:\WINDOWS\system32\kbdiultn.dll
2009-02-05 23:20:53 ----N---- D:\WINDOWS\system32\kbdbhc.dll
2009-02-05 23:20:43 ----N---- D:\WINDOWS\system32\smtpapi.dll
2009-02-05 23:20:42 ----N---- D:\WINDOWS\system32\rwnh.dll
2009-02-05 23:20:39 ----N---- D:\WINDOWS\system32\comsdupd.exe
2009-02-05 23:20:26 ----N---- D:\WINDOWS\system32\faxpatch.exe
2009-02-05 23:20:24 ----N---- D:\WINDOWS\system32\eapsvc.dll
2009-02-05 23:20:24 ----N---- D:\WINDOWS\system32\eapqec.dll
2009-02-05 23:20:24 ----N---- D:\WINDOWS\system32\eappprxy.dll
2009-02-05 23:20:23 ----N---- D:\WINDOWS\system32\eapphost.dll
2009-02-05 23:20:23 ----N---- D:\WINDOWS\system32\eappgnui.dll
2009-02-05 23:20:23 ----N---- D:\WINDOWS\system32\eappcfg.dll
2009-02-05 23:20:23 ----N---- D:\WINDOWS\system32\eapp3hst.dll
2009-02-05 23:20:23 ----N---- D:\WINDOWS\system32\eapolqec.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3ui.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3svc.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3msm.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3gpclnt.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3dlg.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3cfg.dll
2009-02-05 23:20:20 ----N---- D:\WINDOWS\system32\dot3api.dll
2009-02-05 23:20:18 ----N---- D:\WINDOWS\system32\dimsroam.dll
2009-02-05 23:20:18 ----N---- D:\WINDOWS\system32\dimsntfy.dll
2009-02-05 23:20:18 ----N---- D:\WINDOWS\system32\dhcpqec.dll
2009-02-05 23:20:14 ----N---- D:\WINDOWS\system32\credssp.dll
2009-02-05 23:20:08 ----N---- D:\WINDOWS\system32\bitsprx4.dll
2009-02-05 23:20:07 ----N---- D:\WINDOWS\system32\azroles.dll
2009-02-05 23:20:05 ----N---- D:\WINDOWS\system32\ativtmxx.dll
2009-02-05 23:20:04 ----N---- D:\WINDOWS\system32\ati2dvaa.dll
2009-02-05 23:19:57 ----N---- D:\WINDOWS\system32\aaclient.dll
2009-02-05 04:00:42 ----HDC---- D:\WINDOWS\$NtUninstallKB929969$
2009-02-02 18:53:01 ----A---- D:\WINDOWS\system32\SIntfNT.dll
2009-02-02 18:53:01 ----A---- D:\WINDOWS\system32\SIntf32.dll
2009-02-02 18:53:01 ----A---- D:\WINDOWS\system32\SIntf16.dll
2009-02-02 17:17:58 ----D---- D:\Program Files\Sierra On-Line
2009-02-02 17:17:19 ----A---- D:\WINDOWS\SIERRA.INI
2009-02-02 17:13:56 ----D---- D:\Documents and Settings\Admin\Application Data\GetRightToGo
2009-02-01 20:27:00 ----D---- D:\Program Files\Common Files\DirectX
2009-02-01 19:31:46 ----D---- D:\nDoors

======List of files/folders modified in the last 3 months======

2009-04-27 20:54:12 ----D---- D:\WINDOWS\Temp
2009-04-27 20:50:35 ----RD---- D:\Program Files
2009-04-27 18:03:32 ----D---- D:\Program Files\Mozilla Firefox
2009-04-21 16:21:20 ----D---- D:\WINDOWS
2009-04-21 16:20:47 ----D---- D:\WINDOWS\system32\CatRoot2
2009-04-21 15:42:46 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-04-21 08:32:24 ----D---- D:\Music
2009-04-20 19:30:44 ----D---- D:\WINDOWS\system32\drivers
2009-04-20 19:30:44 ----D---- D:\WINDOWS\system32
2009-04-20 19:30:13 ----SHD---- D:\WINDOWS\Installer
2009-04-20 19:30:12 ----D---- D:\Program Files\Common Files\Microsoft Shared
2009-04-20 19:28:58 ----SD---- D:\Documents and Settings\Admin\Application Data\Microsoft
2009-04-20 13:09:22 ----D---- D:\Program Files\Common Files\Blizzard Entertainment
2009-04-20 12:48:42 ----HD---- D:\Program Files\InstallShield Installation Information
2009-04-20 12:25:38 ----D---- D:\Program Files\Common Files
2009-04-17 21:35:20 ----D---- D:\WINDOWS\system32\Restore
2009-04-17 15:57:17 ----SHD---- D:\WINDOWS\CSC
2009-04-17 10:14:06 ----D---- D:\Program Files\Common Files\Adobe
2009-04-17 10:01:33 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-04-17 00:26:04 ----D---- D:\Documents and Settings\Admin\Application Data\Xfire
2009-04-16 03:21:58 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 03:15:04 ----D---- D:\WINDOWS\system32\wbem
2009-04-16 03:15:04 ----D---- D:\WINDOWS\AppPatch
2009-04-16 03:07:48 ----HD---- D:\WINDOWS\inf
2009-04-16 03:07:45 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-04-16 03:07:33 ----A---- D:\WINDOWS\imsins.BAK
2009-04-16 03:04:00 ----HD---- D:\WINDOWS\$hf_mig$
2009-04-16 03:03:29 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-15 05:14:09 ----D---- D:\QUARANTINE
2009-04-06 12:42:03 ----A---- D:\WINDOWS\win.ini
2009-04-06 12:42:03 ----A---- D:\WINDOWS\system.ini
2009-04-06 10:57:24 ----A---- D:\WINDOWS\system32\MRT.exe
2009-04-05 14:17:07 ----D---- D:\WINDOWS\pss
2009-04-05 13:35:35 ----D---- D:\Program Files\Java
2009-04-05 13:19:11 ----D---- D:\WINDOWS\WinSxS
2009-04-04 19:22:00 ----D---- D:\Documents and Settings\Admin\Application Data\LimeWire
2009-04-04 19:21:55 ----D---- D:\Incomplete
2009-04-03 17:07:47 ----D---- D:\Program Files\World of Warcraft
2009-03-29 19:29:23 ----D---- D:\WINDOWS\system32\DirectX
2009-03-29 19:29:18 ----RSD---- D:\WINDOWS\assembly
2009-03-29 18:19:44 ----D---- D:\Program Files\EmpiresandDungeons_at
2009-03-25 14:57:42 ----D---- D:\Program Files\LimeWire
2009-03-21 10:06:58 ----A---- D:\WINDOWS\system32\kernel32.dll
2009-03-17 21:00:50 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2009-03-17 14:46:54 ----DC---- D:\WINDOWS\system32\DRVSTORE
2009-03-17 14:46:21 ----D---- D:\Program Files\Common Files\Apple
2009-03-16 20:30:55 ----D---- D:\Documents and Settings\All Users\Application Data\Adobe
2009-03-15 12:39:05 ----D---- D:\Documents and Settings\Admin\Application Data\Adobe
2009-03-09 05:19:08 ----A---- D:\WINDOWS\system32\deploytk.dll
2009-03-06 10:22:18 ----A---- D:\WINDOWS\system32\pdh.dll
2009-03-02 23:21:37 ----A---- D:\WINDOWS\system32\PnkBstrA.exe
2009-03-02 19:04:03 ----A---- D:\WINDOWS\system32\shdocvw.dll
2009-02-20 04:11:01 ----A---- D:\WINDOWS\system32\mshtml.dll
2009-02-20 04:10:59 ----A---- D:\WINDOWS\system32\wininet.dll
2009-02-20 04:10:59 ----A---- D:\WINDOWS\system32\urlmon.dll
2009-02-20 04:10:57 ----A---- D:\WINDOWS\system32\ieencode.dll
2009-02-19 22:41:11 ----D---- D:\Documents and Settings\Admin\Application Data\uTorrent
2009-02-09 19:35:39 ----A---- D:\WINDOWS\OEWABLog.txt
2009-02-09 08:10:49 ----A---- D:\WINDOWS\system32\lsasrv.dll
2009-02-09 08:10:48 ----A---- D:\WINDOWS\system32\rpcss.dll
2009-02-09 08:10:48 ----A---- D:\WINDOWS\system32\ntdll.dll
2009-02-09 08:10:48 ----A---- D:\WINDOWS\system32\advapi32.dll
2009-02-09 02:59:48 ----A---- D:\WINDOWS\setuplog.txt
2009-02-09 02:59:14 ----D---- D:\WINDOWS\system32\Setup
2009-02-09 02:59:13 ----RSD---- D:\WINDOWS\Fonts
2009-02-08 23:55:00 ----D---- D:\WINDOWS\system32\CatRoot
2009-02-08 23:50:13 ----D---- D:\Program Files\Messenger
2009-02-08 23:49:29 ----D---- D:\WINDOWS\security
2009-02-08 23:43:54 ----D---- D:\WINDOWS\system32\inetsrv
2009-02-08 23:43:54 ----D---- D:\WINDOWS\ime
2009-02-08 23:43:54 ----D---- D:\WINDOWS\Help
2009-02-08 23:43:28 ----D---- D:\WINDOWS\system32\usmt
2009-02-08 23:43:28 ----D---- D:\WINDOWS\system32\en-US
2009-02-08 23:43:25 ----D---- D:\Program Files\Internet Explorer
2009-02-08 23:43:22 ----D---- D:\WINDOWS\PeerNet
2009-02-08 23:43:21 ----D---- D:\Program Files\Movie Maker
2009-02-08 23:37:54 ----D---- D:\WINDOWS\system32\npp
2009-02-08 23:37:54 ----D---- D:\WINDOWS\mui
2009-02-08 23:37:51 ----D---- D:\WINDOWS\msagent
2009-02-08 23:37:49 ----D---- D:\WINDOWS\srchasst
2009-02-08 23:37:48 ----D---- D:\Program Files\NetMeeting
2009-02-08 23:37:45 ----D---- D:\WINDOWS\system32\Com
2009-02-08 23:37:41 ----D---- D:\Program Files\Windows Media Player
2009-02-08 23:37:40 ----D---- D:\Program Files\Windows NT
2009-02-08 23:37:40 ----D---- D:\Program Files\Outlook Express
2009-02-08 23:37:34 ----D---- D:\Program Files\Common Files\System
2009-02-08 23:36:59 ----D---- D:\WINDOWS\system32\oobe
2009-02-08 23:36:56 ----D---- D:\WINDOWS\system
2009-02-08 23:31:11 ----D---- D:\WINDOWS\system32\ReinstallBackups
2009-02-08 23:24:03 ----D---- D:\WINDOWS\ehome
2009-02-07 19:02:58 ----A---- D:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 07:11:05 ----A---- D:\WINDOWS\system32\services.exe
2009-02-06 07:08:19 ----A---- D:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 06:39:08 ----A---- D:\WINDOWS\system32\sc.exe
2009-02-05 23:00:01 ----D---- D:\WINDOWS\Debug
2009-02-05 00:31:09 ----D---- D:\WINDOWS\ie8updates
2009-02-05 00:30:22 ----D---- D:\WINDOWS\WBEM
2009-02-03 15:59:07 ----A---- D:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-20 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-20 27656]
R1 AvgTdiX;AVG8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-20 108552]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 aeaudio;aeaudio; D:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-24 1478656]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; D:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; D:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; D:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; D:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 mferkdk;VSCore mferkdk; \??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S3 a2u52fa1;a2u52fa1; D:\WINDOWS\system32\drivers\a2u52fa1.sys []
S3 EagleNT;EagleNT; \??\D:\WINDOWS\system32\drivers\EagleNT.sys []
S3 PnkBstrK;PnkBstrK; \??\D:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 usbscan;Usbscan; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; D:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2006-01-24 405504]
R2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-20 298264]
R2 AxonService;Axon Virtual PBX; D:\Program Files\NCH Swift Sound\Axon\axon.exe [2008-11-02 602116]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2009-03-02 75064]
R2 PnkBstrB;PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [2009-03-17 202448]
R2 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VRSService;VRS Recording System; D:\Program Files\NCH Swift Sound\VRS\vrs.exe [2008-11-02 651268]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-27 654848]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 usprserv;User Privilege Service; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 27 April 2009 - 11:58 PM

Please do all the fixes and tell me how is the current condition of your computer.
  • Please double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored" by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O20 - AppInit_DLLs: D:\Program Files\RelevantKnowledge\rlai.dll,D:\WINDOWS\System32\cnvfat32.dll
    O20 - Winlogon Notify: 3024b7e4573 - D:\WINDOWS\System32\cnvfat32.dll (file missing)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Go to start > Run copy and paste the following lines one by one in the runbox and click OK after each line:

    cmd /c reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\Ltajozunesey" /f
    cmd /c reg delete "HKLM\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge" /f


    A window flashes it is normal.

  • Please give me feedback about the question:

    You had McAfee antivirus and now you have AVG. How did you remove McAfee, did you uninstall it via Add/Remove Programs?


  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • First reboot the computer. Then run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply. Also tell me how is the current condition of your computer.


#14 Camaro2010

Camaro2010
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 28 April 2009 - 12:06 AM

i have noticed an issue with my web browser once i used that program you gave me..everything is in like text and i cant click on hyperlinks etc..its like the GUI(graphic user interface) is gone...is there a problem here? Like the background of bleepingcomputers.com is gone and its all white and just text...issue??

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 28 April 2009 - 12:29 AM

Please reboot and complete the steps, give me the required logs and then we attend to any issues you faced.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users