Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have some rootkit problems etc.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Chemosh

Chemosh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 May 2009 - 10:07 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/228655/cant-run-spybot-or-malware-bytes/ ~ OB

I have been trying to remove some malware/viruses using Malware Bytes but it won't go away.
It has also prevented spybot S&D from running. prevented me from downloading/running anti-spyware. My computer is also recieving blue screens with stop errors. Also im currently running in safe mode as I have been having trouble getting back into regular windows. Having problems removing uacinit.dll
here is my DDS


DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Tim at 22:58:20.67 on Fri 05/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1.#QNAN.1661 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {455ae7b9-05fb-433b-9395-99ffae169fb1} - c:\windows\system32\fcccBrSL.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellHelp] c:\dell\dellhelp\DellHelp.exe /c
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\myscan.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182354732109
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5396/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,ydhjaq.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\fcccBrSL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\tim\application data\mozilla\firefox\profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 paih;paih;c:\windows\system32\drivers\kycpcq.sys --> c:\windows\system32\drivers\kycpcq.sys [?]
S2 rfou;rfou;c:\windows\system32\drivers\woewi.sys --> c:\windows\system32\drivers\woewi.sys [?]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S2 uzeilch;uzeilch;c:\windows\system32\drivers\bxpedbct.sys --> c:\windows\system32\drivers\bxpedbct.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\tim\locals~1\temp\cpuz.sys --> c:\docume~1\tim\locals~1\temp\cpuz.sys [?]

=============== Created Last 30 ================

2009-05-22 22:15 61,440 a------- c:\windows\system32\drivers\kcdzant.sys
2009-05-22 21:33 --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-22 09:57 --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-05-22 09:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 09:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 09:46 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 09:46 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 09:05 --d----- c:\documents and settings\tim\DoctorWeb
2009-05-22 08:54 --d----- c:\docume~1\tim\applic~1\Uniblue
2009-05-22 03:41 56,988 a---h--- c:\windows\system32\mlfcache.dat
2009-05-22 03:16 71,712 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-22 02:29 3,705 a------- C:\rollback.ini
2009-05-22 02:24 --d----- c:\program files\common files\ParetoLogic
2009-05-22 02:24 --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic

==================== Find3M ====================

2009-05-22 22:15 286 a------- c:\program files\vtje.txt
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2007-02-24 17:17 88 ---shr-- c:\windows\system32\40A634BE56.sys
2007-06-12 16:20 8 ---shr-- c:\windows\system32\E6F6A2867E.sys
2007-06-12 16:23 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 03:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-12-22 04:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 22:59:51.03 ===============

Attached Files


Edited by Orange Blossom, 23 May 2009 - 03:24 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 24 May 2009 - 09:03 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 May 2009 - 09:22 AM

when i try and run combofix it wont run. in the process screen it says its running but im not getting any prompts. Should i rename it something or? I also keep seeing Iexplorer in the process and i have gotten wierd errors.

Edited by Chemosh, 24 May 2009 - 09:53 AM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 24 May 2009 - 10:04 AM

Delete ComboFix, download a fresh one >> rename it to kfc >> run it and post the log here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 May 2009 - 06:46 PM

heres the Combotext log

ComboFix 09-05-23.04 - Tim 05/24/2009 12:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1604 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\kfc.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\008CBEA3
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\Need2Find\bar\Settings\WoW-2.2.3.7359-to-0.3.0.7382-enUS-patch.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\UACbymmwuoaigffxed.sys
c:\windows\system32\lcboakrs.ini
c:\windows\system32\ppatch~1
c:\windows\system32\UACcfqukubjxkuhtwc.dll
c:\windows\system32\UACcndxyctkwuvleqj.dll
c:\windows\system32\UAChijdscaaafajbov.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnqjxnyvcuxtsnwi.dll
c:\windows\system32\UACnxlujvgnyjpwuob.log
c:\windows\system32\UACpxrlmxysupeaohl.dll
c:\windows\system32\UACvapqktbhynmnyqb.log
c:\windows\system32\UACxtubvpsgbuutpwp.log
c:\windows\system32\UACynulmceiuemoswc.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 02:15 . 2009-05-23 02:15 61440 ----a-w c:\windows\system32\drivers\kcdzant.sys
2009-05-23 01:33 . 2009-05-23 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-22 06:21 . 2009-05-22 06:21 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Downloaded Installations
2009-05-22 06:01 . 2009-05-22 06:01 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-05-22 02:46 . 2009-05-22 02:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-19 12:56 . 2009-05-02 12:24 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:56 . 2009-05-02 12:23 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:56 . 2009-05-02 12:23 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:56 . 2009-05-02 12:23 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:56 . 2009-05-02 12:23 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:56 . 2009-05-02 12:24 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:55 . 2009-05-02 12:23 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 12:55 . 2009-05-02 12:23 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-13 19:03 . 2009-05-02 12:23 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-13 19:03 . 2009-05-02 12:23 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-08 02:30 . 2009-05-08 02:30 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 23:23 . 2009-04-21 18:06 -------- d-----w c:\program files\Steam
2009-05-24 16:26 . 2008-09-30 00:02 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-23 01:41 . 2008-10-02 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 15:24 . 2009-05-22 07:16 71712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-22 15:09 . 2009-05-22 13:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 13:57 . 2009-05-22 13:57 -------- d-----w c:\documents and settings\Tim\Application Data\Malwarebytes
2009-05-22 13:46 . 2009-05-22 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 12:54 . 2009-05-22 12:54 -------- d-----w c:\documents and settings\Tim\Application Data\Uniblue
2009-05-22 07:41 . 2009-05-22 07:41 56988 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-22 02:53 . 2008-10-02 02:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-21 23:59 . 2008-09-30 00:02 -------- d-----w c:\documents and settings\Tim\Application Data\AVGTOOLBAR
2009-05-19 18:05 . 2007-07-08 00:25 -------- d-----w c:\program files\World of Warcraft
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\documents and settings\Tim\Application Data\RenPy
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\program files\Heileen Demo
2009-04-08 04:30 . 2009-04-08 04:30 392900 ----a-w c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000004.exe
2009-04-08 04:30 . 2008-08-15 18:59 -------- d-----w c:\documents and settings\Tim\Application Data\Move Networks
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\program files\iTunes
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 04:06 . 2009-04-07 04:06 -------- d-----w c:\program files\iPod
2009-04-07 04:06 . 2007-09-23 22:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 04:02 . 2009-04-07 04:02 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 19:32 . 2009-05-22 13:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-05-22 13:46 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2007-02-24 21:17 . 2007-02-23 21:32 88 --sh--r c:\windows\system32\40A634BE56.sys
2007-06-12 20:20 . 2007-06-12 20:20 8 --sh--r c:\windows\system32\E6F6A2867E.sys
2007-06-12 20:23 . 2007-02-23 21:32 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-24 169984]
"DellHelp"="c:\dell\DellHelp\DellHelp.exe" [2004-04-01 1589248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-04-19 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-23 24576]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tim\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17379:TCP"= 17379:TCP:PORT_17379
"47755:TCP"= 47755:TCP:PORT_47755
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizz
"6882:TCP"= 6882:TCP:blizz
"6883:TCP"= 6883:TCP:blizz2

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 9:47 AM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 9:47 AM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 9:47 AM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 9:47 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 9:47 AM 262215]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 paih;paih;c:\windows\system32\drivers\kycpcq.sys --> c:\windows\system32\drivers\kycpcq.sys [?]
S2 rfou;rfou;c:\windows\system32\drivers\woewi.sys --> c:\windows\system32\drivers\woewi.sys [?]
S2 uzeilch;uzeilch;c:\windows\system32\drivers\bxpedbct.sys --> c:\windows\system32\drivers\bxpedbct.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{455AE7B9-05FB-433B-9395-99FFAE169FB1} - c:\windows\system32\fcccBrSL.dll
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 19:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Tim\Application Data\AVGTOOLBAR\noneprotection.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglinks.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglogo.bmp 2648 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus_error.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg 18315 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0503.cfg 17095 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\brandlogo.bmp 47094 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\COMBOSEARCH.acs 8 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\ErrorLog.txt 4847 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\fullprotection.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\NewCfg
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\p_yahoo.bmp 7854 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_off.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_on.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_off.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_on.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\slider.bmp 630 bytes

scan completed successfully
hidden files: 20

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4a,81,51,ba,a3,3a,f6,71,93,cc,4f,65,84,e1,2d,1f,1a,c0,77,5e,33,c4,c2,
96,09,29,2c,72,a5,d2,be,07,aa,2e,f9,39,9b,41,fc,17,47,bc,d4,b9,3c,a8,cf,68,\
"??"=hex:39,93,62,53,94,06,bb,6f,0a,82,ee,1c,6b,65,73,47

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\License information*]
"datasecu"=hex:22,7b,b9,69,fe,a9,d7,25,f7,4f,f2,a4,f2,17,2b,23,ac,5a,7a,67,e1,
07,1e,af,32,bd,47,a3,2a,84,50,6a,5e,98,46,a5,70,05,4f,56,49,10,95,bb,28,27,\
"rkeysecu"=hex:f0,f5,47,a3,49,18,97,c7,e3,77,31,15,e3,f6,77,37
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2940)
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-24 19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 23:33

Pre-Run: 148,765,298,688 bytes free
Post-Run: 148,822,622,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

299 --- E O F --- 2009-05-23 18:39


and the DDS
Attached File  Attach.txt   11.93KB   12 downloads

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 19:43:22.45 on Sun 05/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1373 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellHelp] c:\dell\dellhelp\DellHelp.exe /c
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182354732109
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5396/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\tim\application data\mozilla\firefox\profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 paih;paih;c:\windows\system32\drivers\kycpcq.sys --> c:\windows\system32\drivers\kycpcq.sys [?]
S2 rfou;rfou;c:\windows\system32\drivers\woewi.sys --> c:\windows\system32\drivers\woewi.sys [?]
S2 uzeilch;uzeilch;c:\windows\system32\drivers\bxpedbct.sys --> c:\windows\system32\drivers\bxpedbct.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\tim\locals~1\temp\cpuz.sys --> c:\docume~1\tim\locals~1\temp\cpuz.sys [?]

=============== Created Last 30 ================

2009-05-24 12:32 <DIR> a-dshr-- C:\cmdcons
2009-05-24 12:31 161,792 a------- c:\windows\SWREG.exe
2009-05-24 12:31 139,776 a------- c:\windows\PEV.exe
2009-05-24 12:31 98,816 a------- c:\windows\sed.exe
2009-05-22 22:15 61,440 a------- c:\windows\system32\drivers\kcdzant.sys
2009-05-22 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-22 09:57 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-05-22 09:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 09:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 09:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 09:05 <DIR> --d----- c:\documents and settings\tim\DoctorWeb
2009-05-22 08:54 <DIR> --d----- c:\docume~1\tim\applic~1\Uniblue
2009-05-22 03:41 56,988 a---h--- c:\windows\system32\mlfcache.dat
2009-05-22 03:16 71,712 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-22 02:29 3,705 a------- C:\rollback.ini
2009-05-22 02:24 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-05-22 02:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic

==================== Find3M ====================

2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2007-02-24 17:17 88 ---shr-- c:\windows\system32\40A634BE56.sys
2007-06-12 16:20 8 ---shr-- c:\windows\system32\E6F6A2867E.sys
2007-06-12 16:23 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 03:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-12-22 04:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 19:43:36.75 ===============

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 24 May 2009 - 10:43 PM

You have two antivirus (AVG and TrendMicro).. Uninstall one of them..


1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
paih
rfou
uzeilch

Rootkit::
c:\windows\system32\drivers\kycpcq.sys
c:\windows\system32\drivers\woewi.sys
c:\windows\system32\drivers\bxpedbct.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17379:TCP"=-
"47755:TCP"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 May 2009 - 12:44 AM

Not sure why AVG is still listed, i used the uninstall utility etc. and have been stopping the process for Trend micro

ComboFix 09-05-23.04 - Tim 05/25/2009 1:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1390 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\kfc.exe
Command switches used :: c:\documents and settings\Tim\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAIH
-------\Legacy_RFOU
-------\Legacy_UZEILCH
-------\Service_paih
-------\Service_rfou
-------\Service_uzeilch


((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-23 02:15 . 2009-05-23 02:15 61440 ----a-w c:\windows\system32\drivers\kcdzant.sys
2009-05-23 01:33 . 2009-05-23 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-22 06:21 . 2009-05-22 06:21 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Downloaded Installations
2009-05-22 06:01 . 2009-05-22 06:01 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-05-22 02:46 . 2009-05-22 02:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-19 12:56 . 2009-05-02 12:24 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 12:56 . 2009-05-02 12:23 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 12:56 . 2009-05-02 12:23 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 12:56 . 2009-05-02 12:23 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 12:56 . 2009-05-02 12:23 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 12:56 . 2009-05-02 12:24 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 12:55 . 2009-05-02 12:23 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 12:55 . 2009-05-02 12:23 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-13 19:03 . 2009-05-02 12:23 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-13 19:03 . 2009-05-02 12:23 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-08 02:30 . 2009-05-08 02:30 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 05:28 . 2009-04-21 18:06 -------- d-----w c:\program files\Steam
2009-05-25 05:05 . 2008-09-30 00:02 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-23 01:41 . 2008-10-02 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 15:24 . 2009-05-22 07:16 71712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-22 15:09 . 2009-05-22 13:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 13:57 . 2009-05-22 13:57 -------- d-----w c:\documents and settings\Tim\Application Data\Malwarebytes
2009-05-22 13:46 . 2009-05-22 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 12:54 . 2009-05-22 12:54 -------- d-----w c:\documents and settings\Tim\Application Data\Uniblue
2009-05-22 07:41 . 2009-05-22 07:41 56988 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-22 02:53 . 2008-10-02 02:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-21 23:59 . 2008-09-30 00:02 -------- d-----w c:\documents and settings\Tim\Application Data\AVGTOOLBAR
2009-05-19 18:05 . 2007-07-08 00:25 -------- d-----w c:\program files\World of Warcraft
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\documents and settings\Tim\Application Data\RenPy
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\program files\Heileen Demo
2009-04-08 04:30 . 2009-04-08 04:30 392900 ----a-w c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000004.exe
2009-04-08 04:30 . 2008-08-15 18:59 -------- d-----w c:\documents and settings\Tim\Application Data\Move Networks
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\program files\iTunes
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 04:06 . 2009-04-07 04:06 -------- d-----w c:\program files\iPod
2009-04-07 04:06 . 2007-09-23 22:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 04:02 . 2009-04-07 04:02 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 19:32 . 2009-05-22 13:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-05-22 13:46 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2007-02-24 21:17 . 2007-02-23 21:32 88 --sh--r c:\windows\system32\40A634BE56.sys
2007-06-12 20:20 . 2007-06-12 20:20 8 --sh--r c:\windows\system32\E6F6A2867E.sys
2007-06-12 20:23 . 2007-02-23 21:32 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-24 169984]
"DellHelp"="c:\dell\DellHelp\DellHelp.exe" [2004-04-01 1589248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-04-19 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-23 24576]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tim\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizz
"6882:TCP"= 6882:TCP:blizz
"6883:TCP"= 6883:TCP:blizz2

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 9:47 AM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 9:47 AM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 9:47 AM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 9:47 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 9:47 AM 262215]
S3 cpuz126;cpuz126;\??\c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 01:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Tim\Application Data\AVGTOOLBAR\noneprotection.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglinks.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglogo.bmp 2648 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus_error.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg 18315 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0503.cfg 17095 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\brandlogo.bmp 47094 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\COMBOSEARCH.acs 8 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\ErrorLog.txt 4847 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\fullprotection.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\NewCfg
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\p_yahoo.bmp 7854 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_off.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_on.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_off.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_on.bmp 824 bytes
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\slider.bmp 630 bytes

scan completed successfully
hidden files: 20

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4a,81,51,ba,a3,3a,f6,71,93,cc,4f,65,84,e1,2d,1f,1a,c0,77,5e,33,c4,c2,
96,09,29,2c,72,a5,d2,be,07,aa,2e,f9,39,9b,41,fc,17,47,bc,d4,b9,3c,a8,cf,68,\
"??"=hex:39,93,62,53,94,06,bb,6f,0a,82,ee,1c,6b,65,73,47

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\License information*]
"datasecu"=hex:22,7b,b9,69,fe,a9,d7,25,f7,4f,f2,a4,f2,17,2b,23,ac,5a,7a,67,e1,
07,1e,af,32,bd,47,a3,2a,84,50,6a,5e,98,46,a5,70,05,4f,56,49,10,95,bb,28,27,\
"rkeysecu"=hex:f0,f5,47,a3,49,18,97,c7,e3,77,31,15,e3,f6,77,37
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-25 1:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-25 05:41
ComboFix2.txt 2009-05-24 23:33

Pre-Run: 148,733,898,752 bytes free
Post-Run: 148,721,741,824 bytes free

260 --- E O F --- 2009-05-23 18:39


DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 1:43:22.18 on Mon 05/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1391 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellHelp] c:\dell\dellhelp\DellHelp.exe /c
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182354732109
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5396/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\tim\application data\mozilla\firefox\profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S3 cpuz126;cpuz126;\??\c:\docume~1\tim\locals~1\temp\cpuz.sys --> c:\docume~1\tim\locals~1\temp\cpuz.sys [?]

=============== Created Last 30 ================

2009-05-24 12:32 <DIR> a-dshr-- C:\cmdcons
2009-05-24 12:31 161,792 a------- c:\windows\SWREG.exe
2009-05-24 12:31 139,776 a------- c:\windows\PEV.exe
2009-05-24 12:31 98,816 a------- c:\windows\sed.exe
2009-05-22 22:15 61,440 a------- c:\windows\system32\drivers\kcdzant.sys
2009-05-22 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-22 09:57 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-05-22 09:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 09:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 09:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 09:05 <DIR> --d----- c:\documents and settings\tim\DoctorWeb
2009-05-22 08:54 <DIR> --d----- c:\docume~1\tim\applic~1\Uniblue
2009-05-22 03:41 56,988 a---h--- c:\windows\system32\mlfcache.dat
2009-05-22 03:16 71,712 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-22 02:29 3,705 a------- C:\rollback.ini
2009-05-22 02:24 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-05-22 02:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic

==================== Find3M ====================

2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2007-02-24 17:17 88 ---shr-- c:\windows\system32\40A634BE56.sys
2007-06-12 16:20 8 ---shr-- c:\windows\system32\E6F6A2867E.sys
2007-06-12 16:23 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 03:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-12-22 04:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 1:43:36.45 ===============

Attached Files


Edited by Chemosh, 25 May 2009 - 12:46 AM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2009 - 12:50 AM

Not sure why AVG is still listed, i used the uninstall utility etc. and have been stopping the process for Trend micro


Just double-check with you, you're not using AVG anymore right? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 May 2009 - 01:17 AM

that is correct :thumbup2:

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2009 - 02:02 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
kcdzant

Rootkit::
c:\windows\system32\drivers\kcdzant.sys

File::
c:\windows\system32\drivers\kcdzant.sys

Folder::
c:\documents and settings\Tim\Application Data\AVGTOOLBAR
c:\documents and settings\All Users\Application Data\avg8

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 May 2009 - 11:06 AM

ComboFix 09-05-23.04 - Tim 05/25/2009 11:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\kfc.exe
Command switches used :: c:\documents and settings\Tim\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

FILE ::
c:\windows\system32\drivers\kcdzant.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\Dumps\avgnsx.exe_128849474032218579.dmp
c:\documents and settings\All Users\Application Data\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg8\Log\033d2eeb-b73f-40d2-9b00-bf2aa2fcdedc
c:\documents and settings\All Users\Application Data\avg8\Log\1a8975fa-bcf5-4418-85f2-8375df548920
c:\documents and settings\All Users\Application Data\avg8\Log\26d47aae-109d-4803-92d3-32dfe7546c3c
c:\documents and settings\All Users\Application Data\avg8\Log\47e863cc-3965-47b3-9758-7ccae011d37c
c:\documents and settings\All Users\Application Data\avg8\Log\8d5611c9-573c-4465-958b-8b92da988b5f
c:\documents and settings\All Users\Application Data\avg8\Log\999bd360-4759-41e1-a562-81ce1b0a6ab1
c:\documents and settings\All Users\Application Data\avg8\Log\a846ebf6-9271-4e9d-915d-6c9ab1792779
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.11
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.12
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.13
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.14
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.15
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.16
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.17
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.18
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.19
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.20
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrmac.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrmac.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\b4cc483c-1794-42da-b87d-7f35d5df6d71
c:\documents and settings\All Users\Application Data\avg8\Log\c4c207e7-eae9-4abe-87ea-38ddf3923e0b
c:\documents and settings\All Users\Application Data\avg8\Log\cbdb9693-3ec4-4d55-8491-4e5b9c10bf81
c:\documents and settings\All Users\Application Data\avg8\Log\ce4447fb-d3e0-4a69-812e-7dfb73a7e391
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\e15cc3fc-3549-4268-b3d2-a2144b7342f2
c:\documents and settings\All Users\Application Data\avg8\Log\f005dcc5-ac44-44dd-b4fd-674a2e0b44de
c:\documents and settings\All Users\Application Data\avg8\Log\f547ed95-800c-4443-ae14-1cc731a2710c
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000054.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000055.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000056.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000057.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000058.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000059.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000060.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000061.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000062.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000065.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000066.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000067.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000068.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000069.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000070.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000071.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000072.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000073.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000074.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000075.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000076.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000077.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000078.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000079.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000080.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000081.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000082.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000083.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000084.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000085.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000086.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000087.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000088.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000089.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000090.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000091.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000092.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000093.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000094.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000095.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000096.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000097.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000098.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000099.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000100.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000101.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000102.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000103.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000104.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000105.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000106.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000107.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000108.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000109.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000110.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000111.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000112.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000113.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000114.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000115.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000116.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000117.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000118.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000119.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000120.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000121.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000122.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000123.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000124.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000125.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000126.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000127.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000128.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000129.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000130.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000131.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000132.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000133.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000134.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000135.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000136.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000137.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000138.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000139.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000140.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000141.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000142.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000143.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000144.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000145.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000146.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000147.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000148.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000149.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000150.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000151.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000152.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000153.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000154.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000155.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000156.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000157.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000158.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000159.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000160.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000161.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000162.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000163.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000164.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000165.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000166.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000167.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000168.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000169.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000170.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000171.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000172.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000173.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000174.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000175.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000176.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000177.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000178.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000179.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000180.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000181.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000182.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000183.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000184.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000185.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000186.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000187.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000188.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000189.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000190.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000191.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000192.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000193.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000194.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000195.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000196.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000197.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000198.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000199.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000200.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000201.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000202.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000203.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000204.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000205.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000206.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000207.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000208.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000209.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000210.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000211.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000212.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000213.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000214.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000215.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000216.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000217.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000218.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000219.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000220.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000221.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000222.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000223.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000224.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\temp\6a9abd2e-7c21-4f01-8b1b-cfb9181487ed.tmp
c:\documents and settings\All Users\Application Data\avg8\temp\7f57caad-bb1a-46cc-9b8a-5cf9584552e1-ac0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\update\backup\avg8us.lng
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\ph.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
c:\documents and settings\All Users\Application Data\avg8\update\backup\setupus.lns
c:\documents and settings\All Users\Application Data\avg8\update\prepare\avgxch32.dll.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002331.dll
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002332.dll
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002333.ini
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002334.EXE
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002335.DLL
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002336.DLL
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002337.dll
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002338.DLL
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002339.dll
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002340.dll
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002341.ini
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002342.ini
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002343.lnk
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002344.exe
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002345.cmd
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002346.exe
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002347.exe
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglinks.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avglogo.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgstatus_error.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\avgtoolbartb0503.cfg
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\brandlogo.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\COMBOSEARCH.acs
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\ErrorLog.txt
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\fullprotection.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\noneprotection.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\p_yahoo.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_off.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesearch_on.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_off.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\safesurf_on.bmp
c:\documents and settings\Tim\Application Data\AVGTOOLBAR\slider.bmp
c:\windows\system32\drivers\kcdzant.sys
c:\documents and settings\Tim\Application Data\AVGTOOLBAR . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-25 15:12 . 2009-04-25 03:07 2743 ----a-w c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002345.cmd
2009-05-24 16:31 . 2009-05-24 08:48 139776 ----a-w c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002347.exe
2009-05-24 16:31 . 2000-08-31 12:00 161792 ----a-w c:\documents and settings\Tim\Application Data\AVGTOOLBAR\A0002346.exe
2009-05-23 01:33 . 2009-05-23 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-22 06:21 . 2009-05-22 06:21 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Downloaded Installations
2009-05-22 06:01 . 2009-05-22 06:01 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-05-22 02:46 . 2009-05-22 02:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-08 02:30 . 2009-05-08 02:30 -------- d-----w c:\documents and settings\Tim\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 15:45 . 2009-04-21 18:06 -------- d-----w c:\program files\Steam
2009-05-25 15:40 . 2008-09-30 00:02 -------- d-----w c:\documents and settings\Tim\Application Data\AVGTOOLBAR
2009-05-23 01:41 . 2008-10-02 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 15:24 . 2009-05-22 07:16 71712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-22 15:24 . 2009-05-22 07:16 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-22 15:22 . 2009-05-22 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-22 15:09 . 2009-05-22 13:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 13:57 . 2009-05-22 13:57 -------- d-----w c:\documents and settings\Tim\Application Data\Malwarebytes
2009-05-22 13:46 . 2009-05-22 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 12:54 . 2009-05-22 12:54 -------- d-----w c:\documents and settings\Tim\Application Data\Uniblue
2009-05-22 07:41 . 2009-05-22 07:41 56988 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-22 02:53 . 2008-10-02 02:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 18:05 . 2007-07-08 00:25 -------- d-----w c:\program files\World of Warcraft
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\documents and settings\Tim\Application Data\RenPy
2009-04-21 04:50 . 2009-04-21 04:50 -------- d-----w c:\program files\Heileen Demo
2009-04-08 04:30 . 2009-04-08 04:30 392900 ----a-w c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000004.exe
2009-04-08 04:30 . 2008-08-15 18:59 -------- d-----w c:\documents and settings\Tim\Application Data\Move Networks
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\program files\iTunes
2009-04-07 04:07 . 2009-04-07 04:06 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 04:06 . 2009-04-07 04:06 -------- d-----w c:\program files\iPod
2009-04-07 04:06 . 2007-09-23 22:44 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 04:02 . 2009-04-07 04:02 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 19:32 . 2009-05-22 13:46 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-05-22 13:46 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2007-02-24 21:17 . 2007-02-23 21:32 88 --sh--r c:\windows\system32\40A634BE56.sys
2007-06-12 20:20 . 2007-06-12 20:20 8 --sh--r c:\windows\system32\E6F6A2867E.sys
2007-06-12 20:23 . 2007-02-23 21:32 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-24 169984]
"DellHelp"="c:\dell\DellHelp\DellHelp.exe" [2004-04-01 1589248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-04-19 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-23 24576]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tim\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizz
"6882:TCP"= 6882:TCP:blizz
"6883:TCP"= 6883:TCP:blizz2

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 9:47 AM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 9:47 AM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 9:47 AM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 9:47 AM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 9:47 AM 262215]
S3 cpuz126;cpuz126;\??\c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Tim\LOCALS~1\Temp\cpuz.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 11:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4a,81,51,ba,a3,3a,f6,71,93,cc,4f,65,84,e1,2d,1f,1a,c0,77,5e,33,c4,c2,
96,09,29,2c,72,a5,d2,be,07,aa,2e,f9,39,9b,41,fc,17,47,bc,d4,b9,3c,a8,cf,68,\
"??"=hex:39,93,62,53,94,06,bb,6f,0a,82,ee,1c,6b,65,73,47

[HKEY_USERS\S-1-5-21-1998225719-1008410186-550224895-1006\Software\SecuROM\License information*]
"datasecu"=hex:22,7b,b9,69,fe,a9,d7,25,f7,4f,f2,a4,f2,17,2b,23,ac,5a,7a,67,e1,
07,1e,af,32,bd,47,a3,2a,84,50,6a,5e,98,46,a5,70,05,4f,56,49,10,95,bb,28,27,\
"rkeysecu"=hex:f0,f5,47,a3,49,18,97,c7,e3,77,31,15,e3,f6,77,37
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-25 12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-25 16:01
ComboFix2.txt 2009-05-25 05:41
ComboFix3.txt 2009-05-24 23:33

Pre-Run: 148,695,855,104 bytes free
Post-Run: 148,655,079,424 bytes free

661 --- E O F --- 2009-05-25 07:00


DDS


DDS (Ver_09-05-14.01) - NTFSx86
Run by Tim at 12:05:05.25 on Mon 05/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1384 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dell Support\DSAgnt.exe
svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellHelp] c:\dell\dellhelp\DellHelp.exe /c
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182354732109
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5396/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\g3kt69g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\tim\application data\mozilla\firefox\profiles\g3kt69g8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
S3 cpuz126;cpuz126;\??\c:\docume~1\tim\locals~1\temp\cpuz.sys --> c:\docume~1\tim\locals~1\temp\cpuz.sys [?]

=============== Created Last 30 ================

2009-05-24 12:32 <DIR> a-dshr-- C:\cmdcons
2009-05-24 12:31 161,792 a------- c:\windows\SWREG.exe
2009-05-24 12:31 139,776 a------- c:\windows\PEV.exe
2009-05-24 12:31 98,816 a------- c:\windows\sed.exe
2009-05-22 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-22 09:57 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-05-22 09:46 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 09:46 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 09:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-22 09:05 <DIR> --d----- c:\documents and settings\tim\DoctorWeb
2009-05-22 08:54 <DIR> --d----- c:\docume~1\tim\applic~1\Uniblue
2009-05-22 03:41 56,988 a---h--- c:\windows\system32\mlfcache.dat
2009-05-22 03:16 71,712 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-22 03:16 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-22 02:29 3,705 a------- C:\rollback.ini
2009-05-22 02:24 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-05-22 02:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic

==================== Find3M ====================

2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2007-02-24 17:17 88 ---shr-- c:\windows\system32\40A634BE56.sys
2007-06-12 16:20 8 ---shr-- c:\windows\system32\E6F6A2867E.sys
2007-06-12 16:23 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-17 03:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-12-22 04:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122220081223\index.dat

============= FINISH: 12:05:20.09 ===============

Attached Files



#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2009 - 12:06 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 25 May 2009 - 02:15 PM

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent19.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent49.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\lcboakrs.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002032.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

Seems to be working much better, just hope thats the last of it :thumbup2:

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2009 - 10:40 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Chemosh

Chemosh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 May 2009 - 12:09 AM

Computers is working great, better than it has in months. I think AVG was lagging it down BIG TIME not to mention all the malware, thankyou so much much for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users