Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER Unusable


  • This topic is locked This topic is locked
16 replies to this topic

#1 bstarduk

bstarduk

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 09 May 2010 - 12:13 PM

Good afternoon
I suspect that my PC hasd been hijacked.
I have looked at you prep sheet and followed it until the part where it says to use a GMER scan.
When I use this particular software my PC locks up and I have to reboot.
I have managed to get a DDS scan and a scan from Hijack this.

Can you please help

Regards
Alistair Offer

Thanks for the rapid reply.
Please see both logs below

Thanks

Alistair





DDS (Ver_10-03-17.01) - NTFSx86
Run by Alistair Offer at 22:43:16.87 on Sat 05/08/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1243 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ali\My Documents\Downloads\BitTorrent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spotmau\secretary\Spotmau_S.exe
C:\Documents and Settings\Alistair Offer\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CoTGT_BHO Class: {c333cf63-767f-4831-94ac-e683d962c63c} - c:\program files\tgtsoft\stylexp\TGT_BHO.dll
BHO: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [BitTorrent] "c:\documents and settings\ali\my documents\downloads\BitTorrent.exe"
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alista~1\applic~1\mozilla\firefox\profiles\2xz7cwn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-7 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-2 311568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-4-18 354176]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-4-23 56352]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-7 215936]

=============== Created Last 30 ================

2010-05-08 21:40:34 0 d-----w- c:\docume~1\alista~1\applic~1\Malwarebytes
2010-05-08 21:40:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 21:40:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 21:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 21:40:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 21:38:37 0 ----a-w- c:\documents and settings\alistair offer\defogger_reenable
2010-05-07 17:26:15 0 d-----w- c:\docume~1\alista~1\applic~1\IObit
2010-05-07 16:41:49 0 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.lock
2010-05-07 13:20:08 77377 ----a-w- c:\windows\hpqins05.dat
2010-05-07 09:57:33 0 d-----w- c:\docume~1\alista~1\applic~1\URSE Games
2010-05-06 10:59:49 163851 ----a-w- c:\windows\system32\nvapps.xml
2010-05-06 10:59:43 0 d-----w- c:\windows\nview
2010-05-06 10:45:00 13815 ----a-w- c:\windows\Ascd_tmp.ini
2010-05-06 10:41:23 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-05-06 10:41:23 197120 ----a-r- c:\windows\system32\fdco1.dll
2010-05-06 10:41:17 5815 ----a-w- c:\windows\system32\nvnrm.nvu
2010-05-06 10:41:16 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-05-06 10:41:14 35328 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-06 10:41:13 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-06 10:41:13 9216 ----a-r- c:\windows\system32\bdco1.dll
2010-05-06 10:41:13 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-06 09:40:33 0 d-----w- c:\docume~1\alista~1\applic~1\Wildfire
2010-05-06 09:25:42 0 d-----w- c:\docume~1\alista~1\applic~1\Intuit
2010-05-05 12:32:50 0 d-----w- c:\docume~1\alista~1\applic~1\NETGEAR
2010-05-05 11:10:22 0 d-----w- c:\docume~1\alista~1\applic~1\MetaProducts
2010-05-05 11:07:55 57305126 ----a-w- c:\docume~1\alista~1\applic~1\hkey_local_machine.reg
2010-05-05 10:42:17 0 d-----w- c:\docume~1\alista~1\applic~1\spotmau
2010-05-05 10:39:02 0 d-----w- c:\docume~1\alista~1\applic~1\BitTorrent
2010-05-05 10:09:59 26112 -c--a-w- c:\windows\system32\dllcache\romanime.ime
2010-05-05 10:08:59 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2010-05-05 10:06:31 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-05-05 10:06:26 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-05-05 10:06:26 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-05-05 10:06:26 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-05-05 10:06:26 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-05-05 10:06:26 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-05-05 10:06:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-05 10:06:06 774144 -c--a-w- c:\windows\system32\dllcache\setup_wm.exe
2010-05-05 10:05:58 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 09:36:54 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-04 12:26:11 0 d-----w- c:\windows\pss
2010-05-04 12:17:29 0 d-----w- C:\Inetpub
2010-05-04 12:10:03 0 d-----w- c:\windows\setup.pss
2010-05-04 12:07:04 0 d-----w- c:\windows\setupupd
2010-04-29 10:16:54 0 d-----w- c:\windows\Magic Ball 4
2010-04-29 10:16:54 0 d-----w- c:\program files\Magic Ball 4
2010-04-29 08:45:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-04-29 08:44:40 0 d-----w- c:\program files\Alawar
2010-04-26 12:09:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-26 12:09:26 38 ----a-w- c:\windows\avisplitter.ini
2010-04-26 12:09:25 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-26 12:09:25 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-25 07:51:54 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-25 07:51:54 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-04-25 07:51:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-04-25 07:51:54 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-04-25 07:51:54 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-04-25 07:51:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-04-25 07:51:53 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-04-25 07:51:53 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-04-25 07:48:21 0 d-----w- c:\program files\MP3 Rocket
2010-04-24 20:03:23 8352 ----a-w- c:\windows\wininit.ini
2010-04-24 19:26:08 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-24 12:32:31 0 d-----w- c:\program files\Trend Micro
2010-04-24 12:06:56 223 --sha-r- C:\BOOT.BKK
2010-04-24 10:32:34 56 ----a-w- c:\windows\SEADRE~1.ini
2010-04-24 10:30:51 789588 ----a-w- c:\windows\SEADREAMSS.SCR
2010-04-24 10:23:09 0 d-----w- c:\program files\TGTSoft
2010-04-24 09:51:47 0 d-----w- c:\program files\FileSubmit
2010-04-23 09:23:32 64 ----a-w- c:\windows\GPlrLanc.dat
2010-04-23 09:23:32 37033 ----a-w- c:\windows\FRGT.ico
2010-04-23 09:23:31 0 d-----w- C:\Remote Programs
2010-04-23 09:23:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2010-04-23 09:23:20 53314 ----a-w- c:\windows\ExentInfo.exe
2010-04-23 09:23:19 0 d-----w- c:\program files\Free Ride Games
2010-04-22 07:32:49 331184 ------w- c:\windows\system32\difxapi.dll
2010-04-21 07:07:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-21 07:07:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 14:17:06 0 d-----r- c:\windows\AsDmiHtm
2010-04-20 14:08:47 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-04-20 14:08:47 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-04-20 14:08:20 670 ----a-w- c:\windows\setup.iss
2010-04-20 14:08:03 24576 ----a-r- c:\windows\system32\AsIO.dll
2010-04-20 14:08:03 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2010-04-20 14:08:01 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-04-20 14:08:01 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-04-20 14:08:01 0 d-----w- c:\program files\ASUS
2010-04-20 13:58:05 497 ----a-w- c:\windows\system32\msupdte.exe
2010-04-20 12:45:15 0 d-----w- C:\Download
2010-04-20 11:29:53 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-19 13:50:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Kristanix Games
2010-04-19 10:01:51 0 d-----w- c:\program files\FreeGamePick.com
2010-04-19 09:51:30 0 d-----w- c:\program files\Ask.com
2010-04-19 09:11:16 156 ---h--w- C:\spotmau_backup.cfg
2010-04-18 10:39:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spotmau
2010-04-18 10:39:28 681472 ----a-w- c:\windows\system32\wxmsw28u_adv_vc_custom.dll
2010-04-18 10:39:28 61440 ----a-w- c:\windows\system32\verify.dll
2010-04-18 10:39:28 492032 ----a-w- c:\windows\system32\wxmsw28u_xrc_vc_custom.dll
2010-04-18 10:39:28 470528 ----a-w- c:\windows\system32\wxmsw28u_html_vc_custom.dll
2010-04-18 10:39:28 354176 ----a-w- c:\windows\system32\drivers\supersafer.sys
2010-04-18 10:39:28 2771968 ----a-w- c:\windows\system32\wxmsw28u_core_vc_custom.dll
2010-04-18 10:39:28 14336 ----a-w- c:\windows\system32\config.dll
2010-04-18 10:39:28 119808 ----a-w- c:\windows\system32\wxbase28u_net_vc_custom.dll
2010-04-18 10:39:28 118784 ----a-w- c:\windows\system32\wxbase28u_xml_vc_custom.dll
2010-04-18 10:39:28 1163776 ----a-w- c:\windows\system32\wxbase28u_vc_custom.dll
2010-04-18 10:39:13 0 d-----w- c:\program files\Spotmau
2010-04-18 10:38:22 0 d-----w- C:\BootCare_CD
2010-04-17 16:13:21 0 d-----w- c:\docume~1\alluse~1\applic~1\FileCure
2010-04-17 15:00:25 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-04-17 14:08:29 0 d-----w- c:\program files\NETGEAR
2010-04-15 08:33:42 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-04-15 08:33:42 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-04-15 08:33:42 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-15 08:33:42 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-04-12 00:01:48 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-10 18:19:00 116589 ------w- c:\windows\hphins28.dat.temp
2010-04-10 18:18:29 939 ------w- c:\windows\hphmdl28.dat.temp

==================== Find3M ====================

2010-05-07 17:12:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-07 17:12:40 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-07 17:12:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-06 11:17:00 166827 ----a-w- c:\windows\hphins28.dat
2010-05-05 10:04:48 22720 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-04-28 13:18:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-16 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-31 01:58:04 125424 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-18 17:04:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-18 16:42:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-18 16:42:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-18 16:41:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-18 16:32:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:03:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-07-18 18:50:08 48989 -c--a-w- c:\program files\Uninstall.exe
2007-08-18 09:28:42 4316160 -c--a-w- c:\program files\mplayerc.exe
2006-04-30 18:07:08 1629184 -c--a-w- c:\program files\Image Grabber Setup.msi
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csha-r- c:\windows\system32\nbDX.dll
2009-07-22 19:46:28 16384 -csha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 22:43:29.50 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2010 11:10:40
System Uptime: 8/5/2010 21:56:48 (-2135 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-CM DVI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 313.222 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/5/2010 11:19:18 - System Checkpoint
RP2: 5/6/2010 10:10:21 - Installed DirectX
RP3: 5/6/2010 10:46:57 - Configured Platform
RP4: 5/6/2010 11:41:10 - Configured Platform
RP5: 5/6/2010 11:51:42 - Installed DirectX
RP6: 5/7/2010 12:04:44 - System Checkpoint
RP7: 5/7/2010 14:20:02 - Installed MSVCSetup
RP8: 5/7/2010 14:20:42 - Removed SolutionCenter
RP9: 5/7/2010 14:22:12 - Removed HPProductAssistant
RP10: 5/7/2010 18:11:42 - Installed AVG Free 9.0
RP11: 5/8/2010 21:44:25 - System Checkpoint

==== Installed Programs ======================


179784
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advertising Center
AMD Processor Driver
Ask Toolbar
ASUSUpdate
AVG Free 9.0
BitTorrent
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cool & Quiet
Creative WebCam Instant Driver (1.01.02.0729)
CustomerResearchQFolder
D5400
D5400_Help
DeviceDiscovery
DeviceManagementQFolder
DolbyFiles
eSupportQFolder
Free Ride Games Player
Gem Ball
GPBaseService
GPBaseService2
HiJackThis
HijackThis 2.0.2
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 5.9.0 (Full)
Magic Ball 3
Magic Ball 4
Magic Encyclopedia
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Starter Kit
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCSetup
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NETGEAR Digital Entertainer for Windows
NVIDIA Drivers
PanoStandAlone
PC Probe II
Platform
PS_SF_03_D5400_ProductContext
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
PSSWCORE
seadreamss
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundTrax
Spotmau 5.1.2.6407
Status
StyleXP (remove only)
The Treasures of Montezuma
Toolbox
TrayApp
UnloadSupport
VIA Platform Device Manager
VideoToolkit01
Virtual Villagers 2: The Lost Children
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
WebReg
WinRAR archiver
WinZip 14.5
XpertVision 6.1

==== Event Viewer Messages From Past Week ========

5/8/2010 14:06:29, error: NVENETFD [5008] - NVIDIA nForce Networking Controller : Has encountered an invalid network address.
5/7/2010 14:30:28, error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: The specified module could not be found.
5/6/2010 15:07:40, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001FC671F54B has been denied by the DHCP server 62.253.131.122 (The DHCP Server sent a DHCPNACK message).
5/6/2010 12:14:24, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/5/2010 11:58:24, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
5/5/2010 11:24:51, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/5/2010 11:11:27, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
5/5/2010 11:07:02, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
5/5/2010 10:54:43, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
5/5/2010 10:54:43, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
5/4/2010 12:44:23, error: sbp2port [9] - The device, , did not respond within the timeout period.
5/4/2010 00:10:56, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/4/2010 00:10:56, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/4/2010 00:08:42, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
5/4/2010 00:06:40, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
5/3/2010 17:30:59, error: DCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

==== End Of File ===========================

Merged posts. ~ OB

Edited by Orange Blossom, 13 May 2010 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 13 May 2010 - 04:16 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 16 May 2010 - 09:56 AM

Please find enclosed DDS and ATTACH Cannot rum GMER as it still locks up my computer hope that this helps

DDS
-----
DDS (Ver_10-03-17.01) - NTFSx86
Run by Alistair Offer at 15:49:40.34 on Sun 05/16/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1097 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Tumblebugs 2\Tumblebugs2.exe
C:\Program Files\Tumblebugs 2\game.prg
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Alistair Offer\My Documents\Downloads\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: CoTGT_BHO Class: {c333cf63-767f-4831-94ac-e683d962c63c} - c:\program files\tgtsoft\stylexp\TGT_BHO.dll
BHO: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alista~1\applic~1\mozilla\firefox\profiles\2xz7cwn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-9 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-9 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-9 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-9 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-9 5888008]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-2 311568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-4-18 354176]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-4-23 56352]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-9 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-9 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-9 26120]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-7 215936]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]

=============== Created Last 30 ================

2010-05-16 08:58:25 0 d-----w- c:\docume~1\alista~1\applic~1\IObit
2010-05-14 11:36:41 0 d-----w- c:\docume~1\alista~1\applic~1\HpUpdate
2010-05-14 11:36:39 0 d-----w- c:\windows\Hewlett-Packard
2010-05-14 08:30:29 0 d-----w- c:\docume~1\alista~1\applic~1\AVG9
2010-05-12 14:25:01 0 d-----w- c:\docume~1\alista~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-11 09:52:38 0 d-----w- c:\docume~1\alista~1\applic~1\iWin
2010-05-10 07:21:49 0 d-----w- c:\docume~1\alista~1\applic~1\Sahmon Games
2010-05-09 18:17:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-09 18:17:50 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-09 18:17:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-09 18:17:21 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-09 11:30:11 2145386496 ----a-w- c:\windows\MEMORY.DMP
2010-05-09 11:14:08 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-05-09 11:14:02 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime
2010-05-09 11:14:01 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime
2010-05-09 11:14:01 69120 -c--a-w- c:\windows\system32\dllcache\wingb.ime
2010-05-09 11:14:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-05-09 11:14:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2010-05-09 11:14:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2010-05-09 11:14:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-09 11:14:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-05-09 11:12:56 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-05-09 11:10:31 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-05-09 10:40:15 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-09 10:40:15 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-09 10:40:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-09 10:40:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-08 23:19:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-08 23:19:02 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-08 21:40:34 0 d-----w- c:\docume~1\alista~1\applic~1\Malwarebytes
2010-05-08 21:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 21:40:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 21:38:37 0 ----a-w- c:\documents and settings\alistair offer\defogger_reenable
2010-05-08 00:10:53 1132 ----a-w- c:\windows\setupapi.old
2010-05-07 16:41:49 1024336 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.6
2010-05-07 16:41:49 1024294 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.3
2010-05-07 16:41:49 1024284 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.2
2010-05-07 16:41:49 1024258 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.10
2010-05-07 16:41:49 1024246 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.8
2010-05-07 16:41:49 1024216 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.5
2010-05-07 16:41:49 1024164 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.9
2010-05-07 16:41:49 1024130 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.4
2010-05-07 16:41:49 1024004 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.7
2010-05-07 16:41:49 1024000 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.1
2010-05-07 16:41:49 0 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.lock
2010-05-07 13:20:08 77377 ----a-w- c:\windows\hpqins05.dat
2010-05-07 09:57:33 0 d-----w- c:\docume~1\alista~1\applic~1\URSE Games
2010-05-06 10:59:49 163851 ----a-w- c:\windows\system32\nvapps.xml
2010-05-06 10:59:43 0 d-----w- c:\windows\nview
2010-05-06 10:45:00 13815 ----a-w- c:\windows\Ascd_tmp.ini
2010-05-06 10:41:23 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-05-06 10:41:23 197120 ----a-w- c:\windows\system32\fdco1.dll
2010-05-06 10:41:17 5815 ----a-w- c:\windows\system32\nvnrm.nvu
2010-05-06 10:41:16 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-05-06 10:41:14 35328 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-06 10:41:13 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-06 10:41:13 9216 ----a-r- c:\windows\system32\bdco1.dll
2010-05-06 10:41:13 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-06 09:40:33 0 d-----w- c:\docume~1\alista~1\applic~1\Wildfire
2010-05-06 09:25:42 0 d-----w- c:\docume~1\alista~1\applic~1\Intuit
2010-05-05 12:32:50 0 d-----w- c:\docume~1\alista~1\applic~1\NETGEAR
2010-05-05 11:10:22 0 d-----w- c:\docume~1\alista~1\applic~1\MetaProducts
2010-05-05 11:07:55 57647670 ----a-w- c:\docume~1\alista~1\applic~1\hkey_local_machine.reg
2010-05-05 10:42:17 0 d-----w- c:\docume~1\alista~1\applic~1\spotmau
2010-05-05 10:39:02 0 d-----w- c:\docume~1\alista~1\applic~1\BitTorrent
2010-05-05 10:06:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-05 10:06:06 774144 -c--a-w- c:\windows\system32\dllcache\setup_wm.exe
2010-05-05 10:05:58 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 09:36:36 14573 ----a-r- c:\windows\SET142.tmp
2010-05-05 09:36:26 13753 ----a-r- c:\windows\SET107.tmp
2010-05-05 09:36:23 1086058 ----a-r- c:\windows\SETFB.tmp
2010-05-05 09:36:22 1042903 ----a-r- c:\windows\SETF8.tmp
2010-05-04 12:26:11 0 d-----w- c:\windows\pss
2010-05-04 12:17:29 0 d-----w- C:\Inetpub
2010-05-04 12:10:03 0 d-----w- c:\windows\setup.pss
2010-05-04 12:07:04 0 d-----w- c:\windows\setupupd
2010-04-29 10:16:54 0 d-----w- c:\windows\Magic Ball 4
2010-04-29 10:16:54 0 d-----w- c:\program files\Magic Ball 4
2010-04-29 08:45:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-04-29 08:44:40 0 d-----w- c:\program files\Alawar
2010-04-26 12:09:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-26 12:09:26 38 ----a-w- c:\windows\avisplitter.ini
2010-04-26 12:09:25 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-26 12:09:25 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-25 07:51:54 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-25 07:51:54 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-04-25 07:51:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-04-25 07:51:54 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-04-25 07:51:54 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-04-25 07:51:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-04-25 07:51:53 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-04-25 07:51:53 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-04-25 07:48:21 0 d-----w- c:\program files\MP3 Rocket
2010-04-24 20:03:23 8352 ----a-w- c:\windows\wininit.ini
2010-04-24 19:26:08 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-24 12:32:31 0 d-----w- c:\program files\Trend Micro
2010-04-24 12:06:56 223 --sha-r- C:\BOOT.BKK
2010-04-24 10:32:34 56 ----a-w- c:\windows\SEADRE~1.ini
2010-04-24 10:30:51 789588 ----a-w- c:\windows\SEADREAMSS.SCR
2010-04-24 10:23:09 0 d-----w- c:\program files\TGTSoft
2010-04-24 09:51:47 0 d-----w- c:\program files\FileSubmit
2010-04-23 09:23:32 64 ----a-w- c:\windows\GPlrLanc.dat
2010-04-23 09:23:32 37033 ----a-w- c:\windows\FRGT.ico
2010-04-23 09:23:31 0 d-----w- C:\Remote Programs
2010-04-23 09:23:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2010-04-23 09:23:20 53314 ----a-w- c:\windows\ExentInfo.exe
2010-04-23 09:23:19 0 d-----w- c:\program files\Free Ride Games
2010-04-22 07:32:49 331184 ----a-w- c:\windows\system32\difxapi.dll
2010-04-21 07:07:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-21 07:07:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 14:17:06 0 d-----r- c:\windows\AsDmiHtm
2010-04-20 14:08:47 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-04-20 14:08:47 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-04-20 14:08:20 670 ----a-w- c:\windows\setup.iss
2010-04-20 14:08:03 24576 ----a-r- c:\windows\system32\AsIO.dll
2010-04-20 14:08:03 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2010-04-20 14:08:01 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-04-20 14:08:01 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-04-20 14:08:01 0 d-----w- c:\program files\ASUS
2010-04-20 13:58:05 497 ----a-w- c:\windows\system32\msupdte.exe
2010-04-20 12:45:15 0 d-----w- C:\Download
2010-04-20 11:29:53 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-04-19 13:50:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Kristanix Games
2010-04-19 10:01:51 0 d-----w- c:\program files\FreeGamePick.com
2010-04-19 09:51:30 0 d-----w- c:\program files\Ask.com
2010-04-19 09:11:16 156 ---h--w- C:\spotmau_backup.cfg
2010-04-18 10:39:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spotmau
2010-04-18 10:39:28 681472 ----a-w- c:\windows\system32\wxmsw28u_adv_vc_custom.dll
2010-04-18 10:39:28 61440 ----a-w- c:\windows\system32\verify.dll
2010-04-18 10:39:28 492032 ----a-w- c:\windows\system32\wxmsw28u_xrc_vc_custom.dll
2010-04-18 10:39:28 470528 ----a-w- c:\windows\system32\wxmsw28u_html_vc_custom.dll
2010-04-18 10:39:28 354176 ----a-w- c:\windows\system32\drivers\supersafer.sys
2010-04-18 10:39:28 2771968 ----a-w- c:\windows\system32\wxmsw28u_core_vc_custom.dll
2010-04-18 10:39:28 14336 ----a-w- c:\windows\system32\config.dll
2010-04-18 10:39:28 119808 ----a-w- c:\windows\system32\wxbase28u_net_vc_custom.dll
2010-04-18 10:39:28 118784 ----a-w- c:\windows\system32\wxbase28u_xml_vc_custom.dll
2010-04-18 10:39:28 1163776 ----a-w- c:\windows\system32\wxbase28u_vc_custom.dll
2010-04-18 10:39:13 0 d-----w- c:\program files\Spotmau
2010-04-18 10:38:22 0 d-----w- C:\BootCare_CD
2010-04-17 16:13:21 0 d-----w- c:\docume~1\alluse~1\applic~1\FileCure
2010-04-17 15:00:25 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-04-17 14:08:29 0 d-----w- c:\program files\NETGEAR

==================== Find3M ====================

2010-05-09 18:20:57 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 18:20:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 18:20:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 11:09:22 22748 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 11:17:00 166827 ----a-w- c:\windows\hphins28.dat
2010-04-16 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-31 01:58:04 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-18 17:04:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-18 16:42:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-18 16:42:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-18 16:41:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-18 16:32:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 10:38:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-18 18:50:08 48989 -c--a-w- c:\program files\Uninstall.exe
2007-08-18 09:28:42 4316160 -c--a-w- c:\program files\mplayerc.exe
2006-04-30 18:07:08 1629184 -c--a-w- c:\program files\Image Grabber Setup.msi
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csha-r- c:\windows\system32\nbDX.dll
2009-07-22 19:46:28 16384 -csha-w- c:\windows\system32\config\systemprofile\privacie\index.dat





ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/9/2010 12:14:16
System Uptime: 5/16/2010 15:44:29 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-CM DVI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 315.741 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/9/2010 13:36:42 - System Checkpoint
RP2: 5/9/2010 19:16:41 - Installed AVG 9.0
RP3: 5/9/2010 20:18:14 - Avg Update
RP4: 5/10/2010 20:19:57 - System Checkpoint
RP5: 5/11/2010 09:21:03 - Configured Microsoft Office Enterprise 2007
RP6: 5/11/2010 09:33:27 - Configured Microsoft Office Enterprise 2007
RP7: 5/11/2010 10:33:37 - Configured Microsoft Office Enterprise 2007
RP8: 5/11/2010 10:39:54 - Installed Windows Installer KB893803v2.
RP9: 5/11/2010 10:48:51 - Configured Microsoft Office Enterprise 2007
RP10: 5/12/2010 10:52:27 - System Checkpoint
RP11: 5/13/2010 11:48:44 - System Checkpoint
RP12: 5/14/2010 12:36:52 - Removed HP Update
RP13: 5/15/2010 12:46:03 - System Checkpoint
RP14: 5/16/2010 09:58:35 - Advanced SystemCare RestorePoint

==== Installed Programs ======================


179784
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advertising Center
AMD Processor Driver
Ask Toolbar
ASUSUpdate
AVG 9.0
BitTorrent
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cool & Quiet
Creative WebCam Instant Driver (1.01.02.0729)
CustomerResearchQFolder
D5400
D5400_Help
DeviceDiscovery
DeviceManagementQFolder
DolbyFiles
eSupportQFolder
Free Ride Games Player
Gem Ball
GPBaseService
GPBaseService2
HiJackThis
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 5.9.0 (Full)
Magic Ball 3
Magic Ball 4
Magic Encyclopedia
MarketResearch
Menu Templates - Starter Kit
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCSetup
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NETGEAR Digital Entertainer for Windows
NVIDIA Drivers
PanoStandAlone
PC Probe II
Platform
PS_SF_03_D5400_ProductContext
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
PSSWCORE
seadreamss
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundTrax
Spotmau 5.1.2.6407
Status
StyleXP (remove only)
Toolbox
TrayApp
UnloadSupport
VIA Platform Device Manager
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinZip 14.5
XpertVision 6.1

==== Event Viewer Messages From Past Week ========

5/9/2010 20:24:38, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/9/2010 20:24:38, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001FC671F54B has been denied by the DHCP server 62.254.35.122 (The DHCP Server sent a DHCPNACK message).
5/9/2010 20:20:47, error: Dhcp [1002] - The IP address lease 86.8.110.29 for the Network Card with network address 001FC671F54B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/9/2010 18:03:27, error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
5/9/2010 18:03:27, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
5/9/2010 14:48:24, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001FC671F54B has been denied by the DHCP server 62.253.131.122 (The DHCP Server sent a DHCPNACK message).
5/9/2010 13:55:42, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/9/2010 13:02:51, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/9/2010 12:32:51, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/9/2010 12:15:12, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
5/9/2010 12:11:02, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
5/9/2010 00:24:02, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
5/15/2010 19:52:34, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 bacfbb74, parameter3 bacfb870, parameter4 ba647746.
5/15/2010 18:33:39, error: sbp2port [9] - The device, , did not respond within the timeout period.
5/15/2010 18:33:17, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
5/15/2010 11:43:47, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/15/2010 11:42:25, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
5/15/2010 11:41:40, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b6170b74, parameter3 b6170870, parameter4 ba647746.

==== End Of File ===========================

-----------

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 16 May 2010 - 11:09 AM

Hello.

Thanks for those logs, can you give me an update of current situation of your system? What problems/symptoms does it still have?

Can you try running GMER in Safe Mode?

How to Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.


Additional instructions on booting into Safe Mode can be found here

If GMEr still doesn't work and you are unable to get a report from it, try running this rootkit scan instead:

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the tab at the bottom.
  • Now press the button.
  • A box will pop up, check the boxes beside All Seven options/scan area
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button.
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 17 May 2010 - 03:52 AM

Still cannot run GMER but have run Repeal and here is the log.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/05/17 09:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8C8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB72AC000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xBA998000 Size: 57344 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xBAAC8000 Size: 60800 File Visible: - Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xBADBA000 Size: 5152 File Visible: - Signed: -
Status: -

Name: AsIO.sys
Image Path: C:\WINDOWS\system32\drivers\AsIO.sys
Address: 0xBADE0000 Size: 5184 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA70B000 Size: 95360 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAEAC000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgfwdx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
Address: 0xBABE0000 Size: 24704 File Visible: - Signed: -
Status: -

Name: AVGIDSDriver.sys
Image Path: C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
Address: 0xB686D000 Size: 163840 File Visible: - Signed: -
Status: -

Name: AVGIDSFilter.sys
Image Path: C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
Address: 0xB69FD000 Size: 40960 File Visible: - Signed: -
Status: -

Name: AVGIDSShim.sys
Image Path: C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
Address: 0xB6BC5000 Size: 40960 File Visible: - Signed: -
Status: -

Name: AVGIDSxx.sys
Image Path: AVGIDSxx.sys
Address: 0xBA948000 Size: 36864 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB71DD000 Size: 209536 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBABB8000 Size: 22848 File Visible: - Signed: -
Status: -

Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xBA938000 Size: 46208 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB7317000 Size: 236160 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADD0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btwusb.sys
Image Path: C:\WINDOWS\System32\Drivers\btwusb.sys
Address: 0xBAAE8000 Size: 65152 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB755A000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA9D8000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA918000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA908000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA723000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAA08000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7096000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB7371000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAF58000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB6822000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBAB80000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAB18000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBAC68000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA6EC000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADCC000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xBA46E000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBAAD8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBAB78000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xBAD80000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xBA4B9000 Size: 49920 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xB7486000 Size: 16224 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xBAC10000 Size: 21568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB5A45000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA9A8000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA9C8000 Size: 41856 File Visible: - Signed: -
Status: -

Name: imvad.sys
Image Path: C:\WINDOWS\system32\drivers\imvad.sys
Address: 0xBABF0000 Size: 17792 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB72F6000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB73D1000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAB88000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA496000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA6C3000 Size: 92032 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA928000 Size: 57600 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADD4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC40000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB75C6000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB67A5000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB7211000 Size: 451456 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAC90000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBAA48000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA5CA000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA5EE000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA609000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAD88000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB6CA1000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB9BF8000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAA68000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAAF8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB72CE000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA988000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBACA0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA636000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAFA7000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D3000 Size: 5775360 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB9C6F000 Size: 7434336 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xBAA88000 Size: 54016 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xBA9F8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xBA387000 Size: 946176 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8B8000 Size: 61056 File Visible: - Signed: -
Status: -

Name: P0620Vid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
Address: 0xB70AE000 Size: 91488 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xBA57C000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBADFC000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9C0F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB9BE7000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC28000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB9C5B000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAA18000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBAA28000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBAA38000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC38000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB7280000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADD8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB9BB6000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA9E8000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5BA6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sbp2port.sys
Image Path: sbp2port.sys
Address: 0xBA8E8000 Size: 43136 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAD58000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA9B8000 Size: 64896 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA6DA000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB6156000 Size: 336256 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xB757A000 Size: 49152 File Visible: - Signed: -
Status: -

Name: StyleXPHelper.exe
Image Path: C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
Address: 0xBAD8C000 Size: 10880 File Visible: - Signed: -
Status: -

Name: supersafer.sys
Image Path: C:\WINDOWS\system32\drivers\supersafer.sys
Address: 0xB5F97000 Size: 354176 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADC0000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB753A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: TBPanel.SYS
Image Path: C:\WINDOWS\System32\Drivers\TBPanel.SYS
Address: 0xBAE00000 Size: 4800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB7379000 Size: 359040 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC18000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAA58000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9B82000 Size: 209408 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBABD8000 Size: 31616 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADC6000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBABA8000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAA78000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBABA0000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA559000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xBAC00000 Size: 25856 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBAC30000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBABC0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAC80000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viahduaa.sys
Image Path: C:\WINDOWS\system32\drivers\viahduaa.sys
Address: 0xB7404000 Size: 215936 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9C33000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8F8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAAB8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAC98000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB66F0000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1839104 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xBAD78000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: X4HSEx.Sys
Image Path: C:\Program Files\Free Ride Games\X4HSEx.Sys
Address: 0xB5F5E000 Size: 69632 File Visible: - Signed: -
Status: -



My main problems are that the internet connection just drops and windows closes itself at any given time for no reason.
The only other pointer is a strange message I get on every boot up :
c:/WINDOWS\system32\msupdte.exe
The NTVDM CPU has encountered an illegal instruction
C5:0f 771P :0227OP :636f6d2661

Do not know if it is relevant.

Cheers

Alistair

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 17 May 2010 - 08:07 PM

Hello.

That error you're getting is related to an infection we need to deal with. Please run Combofix first and we'll continue from there. Post the log once done.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Thanks.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 18 May 2010 - 04:12 AM

downloaded combofix but it does not run.
Have got the loading screen but it does not run after that
Any advice?

Cheers
Alistair

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 18 May 2010 - 03:32 PM

Try re-naming Combofix to something else like bstarduk.exe and try running it again. If it still doesn't run, try it in Safe Mode...

How to Boot into Safe Mode

I suggest you read over the instructions on how to boot into Safe Mode and then print these instructions out or save them in Notepad because you won't have access to this page while in Safe Mode.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.


Additional instructions on booting into Safe Mode can be found here

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 19 May 2010 - 03:56 AM

Worked in safe mode OK here is the log
ComboFix 10-05-17.01 - Alistair Offer 05/19/2010 9:19.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1669 [GMT 1:00]
Running from: c:\documents and settings\Alistair Offer\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alistair Offer\Application Data\hkey_local_machine.reg
.
---- Previous Run -------
.
c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\hkey_local_machine.reg
c:\documents and settings\ali\Application Data\hkey_local_machine.reg
c:\documents and settings\ali\Application Data\inst.exe
c:\documents and settings\Alistair Offer\Application Data\hkey_local_machine.reg
C:\Install.EXE
c:\program files\eMule\lang\ar_AE.dll
c:\program files\eMule\lang\ba_BA.dll
c:\program files\eMule\lang\bg_BG.dll
c:\program files\eMule\lang\ca_ES.dll
c:\program files\eMule\lang\cz_CZ.dll
c:\program files\eMule\lang\da_DK.dll
c:\program files\eMule\lang\de_DE.dll
c:\program files\eMule\lang\el_GR.dll
c:\program files\eMule\lang\es_AS.dll
c:\program files\eMule\lang\es_ES_T.dll
c:\program files\eMule\lang\et_EE.dll
c:\program files\eMule\lang\fa_IR.dll
c:\program files\eMule\lang\fi_FI.dll
c:\program files\eMule\lang\fr_BR.dll
c:\program files\eMule\lang\fr_FR.dll
c:\program files\eMule\lang\gl_ES.dll
c:\program files\eMule\lang\he_IL.dll
c:\program files\eMule\lang\hu_HU.dll
c:\program files\eMule\lang\it_IT.dll
c:\program files\eMule\lang\jp_JP.dll
c:\program files\eMule\lang\ko_KR.dll
c:\program files\eMule\lang\lt_LT.dll
c:\program files\eMule\lang\lv_LV.dll
c:\program files\eMule\lang\mt_MT.dll
c:\program files\eMule\lang\nb_NO.dll
c:\program files\eMule\lang\nl_NL.dll
c:\program files\eMule\lang\nn_NO.dll
c:\program files\eMule\lang\pl_PL.dll
c:\program files\eMule\lang\pt_BR.dll
c:\program files\eMule\lang\pt_PT.dll
c:\program files\eMule\lang\ro_RO.dll
c:\program files\eMule\lang\ru_RU.dll
c:\program files\eMule\lang\sl_SI.dll
c:\program files\eMule\lang\sq_AL.dll
c:\program files\eMule\lang\sv_SE.dll
c:\program files\eMule\lang\tr_TR.dll
c:\program files\eMule\lang\ua_UA.dll
c:\program files\eMule\lang\ug_CN.dll
c:\program files\eMule\lang\va_ES.dll
c:\program files\eMule\lang\va_ES_RACV.dll
c:\program files\eMule\lang\vi_VN.dll
c:\program files\eMule\lang\zh_CN.dll
c:\program files\eMule\lang\zh_TW.dll
c:\windows\system32\AbaleZip.dll
c:\windows\system32\cfgdll.dll
c:\windows\system32\msupdte.exe
c:\windows\system32\Vb40016.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-16 08:58 . 2010-05-16 09:46 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\IObit
2010-05-14 11:36 . 2010-05-14 11:37 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\HpUpdate
2010-05-14 11:36 . 2010-05-14 11:36 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-14 08:30 . 2010-05-14 08:30 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\AVG9
2010-05-12 14:25 . 2010-05-12 14:25 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-12 13:56 . 2010-05-12 13:56 -------- d-----w- c:\documents and settings\Alistair Offer\Local Settings\Application Data\Identities
2010-05-11 09:52 . 2010-05-11 09:52 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\iWin
2010-05-10 07:21 . 2010-05-10 07:21 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\Sahmon Games
2010-05-09 18:17 . 2010-05-09 18:17 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-09 18:17 . 2010-05-09 18:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-09 18:17 . 2010-05-09 18:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-09 18:17 . 2010-05-09 18:17 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-09 11:14 . 2006-02-28 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-05-09 11:14 . 2006-02-28 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2010-05-09 11:14 . 2006-02-28 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2010-05-09 11:14 . 2006-02-28 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-09 11:14 . 2006-02-28 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-05-09 11:12 . 2006-02-28 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-05-09 10:40 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-09 10:40 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-09 10:40 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-09 10:40 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-08 23:19 . 2010-05-08 23:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-08 23:19 . 2010-05-09 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-08 21:40 . 2010-05-08 21:40 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\Malwarebytes
2010-05-08 21:40 . 2010-05-08 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 21:40 . 2010-05-08 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 13:20 . 2010-05-07 13:29 77377 ----a-w- c:\windows\hpqins05.dat
2010-05-07 09:57 . 2010-05-07 09:57 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\URSE Games
2010-05-06 18:12 . 2010-05-11 23:41 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\Nero
2010-05-06 14:06 . 2010-05-06 14:06 -------- d-----w- c:\documents and settings\Alistair Offer\Local Settings\Application Data\HP
2010-05-06 11:16 . 2010-05-06 11:17 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\HP
2010-05-06 10:59 . 2010-05-06 10:59 -------- d-----w- c:\windows\nview
2010-05-06 10:41 . 2007-11-17 07:43 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-05-06 10:41 . 2007-11-17 07:41 197120 ----a-w- c:\windows\system32\fdco1.dll
2010-05-06 10:41 . 2007-11-07 05:31 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-05-06 10:41 . 2007-11-07 05:32 35328 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-06 10:41 . 2007-11-17 07:43 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-06 10:41 . 2007-11-17 07:43 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-06 10:41 . 2007-11-17 07:40 9216 ----a-r- c:\windows\system32\bdco1.dll
2010-05-06 10:21 . 2010-05-06 10:21 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\InstallShield
2010-05-06 09:40 . 2010-05-18 17:19 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\Wildfire
2010-05-06 09:26 . 2010-05-15 14:03 69056 ----a-w- c:\documents and settings\Alistair Offer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 09:25 . 2010-05-06 09:25 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\Intuit
2010-05-06 08:50 . 2010-05-18 12:15 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\vlc
2010-05-05 12:32 . 2010-05-05 12:32 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\NETGEAR
2010-05-05 11:10 . 2010-05-05 11:10 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\MetaProducts
2010-05-05 10:59 . 2010-05-05 10:59 61440 ----a-w- c:\documents and settings\Alistair Offer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43d1ff2c-n\decora-sse.dll
2010-05-05 10:59 . 2010-05-05 10:59 503808 ----a-w- c:\documents and settings\Alistair Offer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1256ab0f-n\msvcp71.dll
2010-05-05 10:59 . 2010-05-05 10:59 499712 ----a-w- c:\documents and settings\Alistair Offer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1256ab0f-n\jmc.dll
2010-05-05 10:59 . 2010-05-05 10:59 348160 ----a-w- c:\documents and settings\Alistair Offer\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1256ab0f-n\msvcr71.dll
2010-05-05 10:59 . 2010-05-05 10:59 12800 ----a-w- c:\documents and settings\Alistair Offer\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43d1ff2c-n\decora-d3d.dll
2010-05-05 10:42 . 2010-05-05 10:42 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\spotmau
2010-05-05 10:39 . 2010-05-19 07:09 -------- d-----w- c:\documents and settings\Alistair Offer\Application Data\BitTorrent
2010-05-05 10:19 . 2010-05-05 10:19 -------- d-----w- c:\documents and settings\Alistair Offer\Local Settings\Application Data\Mozilla
2010-05-05 10:06 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-05 10:06 . 2006-02-28 12:00 774144 -c--a-w- c:\windows\system32\dllcache\setup_wm.exe
2010-05-05 10:05 . 2006-02-28 12:00 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-05-04 12:17 . 2010-05-04 12:17 -------- d-----w- C:\Inetpub
2010-04-29 10:16 . 2010-04-29 10:17 -------- d-----w- c:\program files\Magic Ball 4
2010-04-29 10:16 . 2010-04-29 10:16 -------- d-----w- c:\windows\Magic Ball 4
2010-04-29 09:32 . 2010-04-29 09:32 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Dream Dale score lib
2010-04-29 08:45 . 2010-04-29 10:32 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\MagicBall4
2010-04-29 08:45 . 2010-04-29 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-29 08:44 . 2010-04-29 09:25 -------- d-----w- c:\program files\Alawar
2010-04-28 10:45 . 2010-04-28 10:45 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-26 12:09 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-25 22:27 . 2010-04-25 23:36 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Nero
2010-04-25 07:51 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-25 07:51 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-04-25 07:51 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-04-25 07:51 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-04-25 07:51 . 2010-04-25 07:54 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\FreeBurner
2010-04-25 07:51 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-04-25 07:51 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-04-25 07:49 . 2010-04-25 07:49 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Incomplete
2010-04-25 07:49 . 2010-04-25 07:49 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Shared
2010-04-25 07:48 . 2010-04-25 07:50 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\MP3Rocket
2010-04-25 07:48 . 2010-04-25 07:50 -------- d-----w- c:\program files\MP3 Rocket
2010-04-24 19:26 . 2010-04-24 19:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-24 12:32 . 2010-04-24 12:32 388096 ----a-r- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-24 12:32 . 2010-04-24 12:32 -------- d-----w- c:\program files\Trend Micro
2010-04-24 10:56 . 2010-04-24 10:56 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Intuit
2010-04-24 10:47 . 2010-04-24 10:47 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\AskToolbar
2010-04-24 10:30 . 2003-11-03 12:20 789588 ----a-w- c:\windows\SEADREAMSS.SCR
2010-04-24 10:23 . 2010-04-24 10:23 -------- d-----w- c:\program files\TGTSoft
2010-04-24 09:57 . 2010-04-24 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-04-24 09:51 . 2010-04-24 10:27 -------- d-----w- c:\program files\FileSubmit
2010-04-24 08:18 . 2010-04-24 08:18 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sahmon Games
2010-04-24 07:20 . 2010-04-24 07:20 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Identities
2010-04-24 06:48 . 2010-04-24 06:48 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-04-24 06:47 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-24 06:47 . 2010-04-24 06:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-24 06:47 . 2010-04-24 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-24 06:47 . 2010-04-24 06:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-24 06:46 . 2010-04-28 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-23 12:13 . 2010-04-23 12:13 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\NETGEAR
2010-04-23 09:23 . 2010-04-23 09:23 64 ----a-w- c:\windows\GPlrLanc.dat
2010-04-23 09:23 . 2001-09-05 04:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-04-23 09:23 . 2010-05-13 08:32 -------- d-----w- C:\Remote Programs
2010-04-23 09:23 . 2010-04-23 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-04-23 09:23 . 2010-04-11 20:15 53314 ----a-w- c:\windows\ExentInfo.exe
2010-04-23 09:23 . 2010-04-23 09:23 -------- d-----w- c:\program files\Free Ride Games
2010-04-22 08:36 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-04-22 08:36 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-04-22 08:36 . 2006-02-28 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-04-22 08:36 . 2006-02-28 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-04-22 08:36 . 2006-02-28 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-04-22 07:32 . 2007-04-11 22:35 331184 ----a-w- c:\windows\system32\difxapi.dll
2010-04-21 16:37 . 2009-08-25 17:01 28672 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Mozilla\Firefox\Profiles\g6w1ilg2.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
2010-04-21 14:29 . 2010-05-05 09:00 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\vlc
2010-04-21 07:07 . 2010-04-21 07:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 07:06 . 2010-04-21 07:06 -------- d-----w- c:\program files\Java
2010-04-20 15:43 . 2010-04-20 15:43 503808 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c323d65-n\msvcp71.dll
2010-04-20 15:43 . 2010-04-20 15:43 499712 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c323d65-n\jmc.dll
2010-04-20 15:43 . 2010-04-20 15:43 348160 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c323d65-n\msvcr71.dll
2010-04-20 15:43 . 2010-04-20 15:43 61440 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-661a1dbb-n\decora-sse.dll
2010-04-20 15:43 . 2010-04-20 15:43 12800 ----a-w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-661a1dbb-n\decora-d3d.dll
2010-04-20 15:09 . 2010-04-20 15:09 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\spotmau
2010-04-20 15:08 . 2010-04-20 15:08 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall
2010-04-20 15:08 . 2010-04-20 15:08 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Application Data\Thinstall
2010-04-20 15:05 . 2010-04-20 15:05 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Google
2010-04-20 14:33 . 2010-04-20 14:33 -------- d-sh--w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\IECompatCache
2010-04-20 14:26 . 2010-04-24 06:47 -------- d-----w- c:\documents and settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Adobe
2010-04-20 14:17 . 2010-04-20 14:17 -------- d-----r- c:\windows\AsDmiHtm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 14:47 . 2009-03-07 15:15 -------- d-----w- c:\program files\Quicken
2010-05-11 09:51 . 2009-03-07 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-09 21:54 . 2010-03-31 16:29 -------- d-----w- c:\program files\Coupon Printer
2010-05-09 18:20 . 2009-03-07 14:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 18:20 . 2010-03-12 08:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 18:20 . 2009-03-07 14:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 18:20 . 2009-03-07 14:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-09 18:17 . 2009-11-17 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-09 11:09 . 2009-03-07 13:59 22748 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-05-08 13:33 . 2009-10-18 13:32 -------- d-----w- c:\program files\Mass Downloader
2010-05-06 11:17 . 2009-03-07 14:44 166827 ----a-w- c:\windows\hphins28.dat
2010-05-06 11:08 . 2009-03-07 14:45 -------- d-----w- c:\program files\HP
2010-05-06 11:06 . 2009-03-07 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-06 11:01 . 2009-03-07 14:32 -------- d-----w- c:\program files\XpertVision
2010-05-06 10:41 . 2009-03-07 14:24 -------- d-----w- c:\program files\VIA
2010-05-05 10:37 . 2009-03-07 15:38 -------- d-----w- c:\program files\BitTorrent
2010-04-26 12:09 . 2009-03-07 15:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-25 22:24 . 2009-03-07 14:36 -------- d-----w- c:\program files\Ahead
2010-04-24 10:49 . 2010-04-18 10:39 -------- d-----w- c:\program files\Spotmau
2010-04-23 09:23 . 2009-03-07 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-20 15:05 . 2009-03-17 19:58 -------- d-----w- c:\program files\Google
2010-04-20 13:58 . 2009-03-07 14:58 -------- d-----w- c:\program files\AVG
2010-04-20 13:58 . 2009-03-08 00:33 -------- d-----w- c:\program files\Tumblebugs 2
2010-04-20 10:23 . 2009-08-09 13:38 -------- d-----w- c:\program files\PeerGuardian2
2010-04-20 10:10 . 2009-03-07 15:54 -------- d-----w- c:\documents and settings\ali\Application Data\BitTorrent
2010-04-20 10:04 . 2010-04-12 00:01 -------- d-----w- c:\documents and settings\ali\Application Data\vlc
2010-04-18 15:35 . 2009-03-07 17:29 -------- d-----w- c:\documents and settings\ali\Application Data\Wildfire
2010-04-18 10:46 . 2010-04-18 10:46 -------- d-----w- c:\documents and settings\ali\Application Data\spotmau
2010-04-18 10:39 . 2010-04-18 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spotmau
2010-04-17 16:13 . 2010-04-17 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-04-17 15:05 . 2010-04-17 14:08 -------- d-----w- c:\program files\NETGEAR
2010-04-17 15:04 . 2010-03-31 10:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 15:04 . 2010-03-22 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-17 15:04 . 2010-03-22 08:13 -------- d-----w- c:\program files\DivX
2010-04-17 15:04 . 2010-03-22 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-17 15:03 . 2009-04-11 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CustomPortal
2010-04-17 15:01 . 2010-04-17 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-17 15:01 . 2010-04-02 14:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-04-17 15:00 . 2010-04-02 08:22 -------- d-----w- c:\documents and settings\ali\Application Data\IObit
2010-04-17 14:59 . 2010-03-13 07:43 -------- d-----w- c:\program files\Uniblue
2010-04-17 14:58 . 2010-03-31 11:00 -------- d-----w- c:\program files\Motherboard Monitor 5
2010-04-17 14:57 . 2010-04-11 23:39 -------- d-----w- c:\documents and settings\ali\Application Data\vlc(2)
2010-04-17 14:56 . 2009-04-11 15:36 -------- d-----w- c:\program files\CustomPortal
2010-04-16 18:00 . 2009-03-07 15:02 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-15 12:57 . 2009-07-22 19:54 -------- d-----w- c:\documents and settings\ali\Application Data\LimeWire
2010-04-15 08:41 . 2010-04-15 08:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-15 08:34 . 2010-04-15 08:34 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 08:34 . 2010-04-15 08:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-15 08:33 . 2010-04-15 08:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-15 08:32 . 2010-04-15 08:32 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-15 08:32 . 2010-03-30 11:11 783656 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-15 08:32 . 2010-03-22 08:14 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-14 11:00 . 2010-04-14 11:00 -------- d-----w- c:\documents and settings\ali\Application Data\ElevatedDiagnostics
2010-04-11 08:46 . 2010-04-11 08:46 -------- d-----w- c:\documents and settings\ali\Application Data\Unity
2010-04-02 15:38 . 2010-04-02 08:22 -------- d-----w- c:\program files\IObit
2010-04-02 15:28 . 2009-04-25 12:11 -------- d-----w- c:\documents and settings\ali\Application Data\Azureus
2010-04-02 15:28 . 2009-03-07 16:29 -------- d-----w- c:\documents and settings\ali\Application Data\Vso
2010-04-02 15:26 . 2009-07-22 19:54 -------- d-----w- c:\program files\LimeWire
2010-04-02 15:26 . 2009-03-08 10:12 -------- d-----w- c:\program files\Acoustica CD Label Maker
2010-04-02 15:26 . 2009-06-22 22:15 -------- d-----w- c:\program files\Bejeweled 2 Deluxe
2010-04-02 15:26 . 2009-03-08 01:31 -------- d-----w- c:\program files\GameHouse
2010-04-02 14:06 . 2010-03-13 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-03-31 16:29 . 2010-03-31 16:29 31 ---ha-w- c:\windows\UKCpInfo.sys
2010-03-31 11:42 . 2010-03-31 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-31 11:39 . 2010-03-18 16:39 -------- d-----w- c:\program files\Nokia
2010-03-31 11:39 . 2010-03-31 11:39 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-31 11:38 . 2010-03-31 11:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-31 11:38 . 2010-03-31 11:38 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-31 11:38 . 2010-03-18 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-31 01:58 . 2010-04-15 08:33 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58 . 2010-04-15 08:33 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58 . 2010-04-15 08:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2010-04-15 08:33 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2010-03-30 11:10 125424 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2010-03-30 11:10 123888 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-30 14:10 . 2010-03-22 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-30 11:11 . 2010-03-30 11:11 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-30 11:11 . 2010-03-30 11:11 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-30 11:10 . 2010-03-30 11:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-30 11:10 . 2010-03-30 11:10 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-03-30 07:03 . 2010-03-22 08:14 -------- d-----w- c:\documents and settings\ali\Application Data\DivX
2010-03-22 15:04 . 2010-03-22 15:04 255472 ----a-w- c:\documents and settings\ali\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-03-22 11:27 . 2010-03-22 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 11:46 . 2009-03-07 16:29 47360 -c--a-w- c:\documents and settings\ali\Application Data\pcouffin.sys
2010-03-21 11:46 . 2009-03-07 16:29 47360 -c--a-w- c:\documents and settings\ali\Application Data\pcouffin.sys
2010-03-21 11:44 . 2009-03-28 18:35 -------- d-----w- c:\documents and settings\ali\Application Data\Amazon
2010-03-21 11:44 . 2009-07-22 20:44 -------- d-----w- c:\program files\Amazon
2010-03-18 16:49 . 2010-03-18 16:49 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2006-05-03 10:06 . 2010-01-22 14:42 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-22 14:42 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-22 14:42 216064 -csha-r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-02-27 654648]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-04-11 1750528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-09 18:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\ffmpeg.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\receiver.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sharefolder.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\tagtool.exe"=
"c:\\Program Files\\NETGEAR\\NETGEAR Digital Entertainer for Windows\\sjcmdwiz.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"49153:UDP"= 49153:UDP:UDP49153
"49154:UDP"= 49154:UDP:UDP49154
"49155:UDP"= 49155:UDP:UDP49155
"49156:TCP"= 49156:TCP:TCP49156
"49158:TCP"= 49158:TCP:TCP49158
"49159:TCP"= 49159:TCP:TCP49159
"49152:UDP"= 49152:UDP:UDP49152
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/9/2010 19:17 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/9/2010 19:17 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/9/2009 08:37 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 16:52 1291544]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/7/2009 15:59 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/7/2009 15:59 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/9/2010 19:17 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 09:52 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [5/9/2010 19:17 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/9/2010 19:17 5888008]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/2/2010 16:37 311568]
S2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [4/18/2010 11:39 354176]
S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [4/23/2010 10:23 56352]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/9/2010 19:17 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/9/2010 19:17 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/9/2010 19:17 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/9/2010 19:17 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/9/2010 19:17 26120]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [4/26/2007 12:35 17792]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [3/7/2009 15:25 215936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:17]

2010-05-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-02 13:11]

2010-05-18 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-02 12:38]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 19:58]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 19:58]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1454471165-839522115-1003Core.job
- c:\documents and settings\ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 21:59]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1454471165-839522115-1003UA.job
- c:\documents and settings\ali\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-04 21:59]

2010-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-05-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]

2010-05-16 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-02 15:48]

2010-04-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-03-09 15:31]
.
.
------- Supplementary Scan -------
.
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alistair Offer\Application Data\Mozilla\Firefox\Profiles\2xz7cwn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-19 09:25:42
ComboFix-quarantined-files.txt 2010-05-19 08:25

Pre-Run: 341,639,229,440 bytes free
Post-Run: 341,600,231,424 bytes free

- - End Of File - - F8798D88B3C745B09B0EB3BFA9158427



Thanks
Alistair

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 19 May 2010 - 03:32 PM

Hello.

That's looking better. Combofix appears to have removed the file, along with others. Do you still get that error on startup? Should be gone now.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 20 May 2010 - 02:05 AM

Rebooted and it appears to have cleared the problem.
Thank you for your help.
I attach the 3 logs as requested.
Cheers

Alistair

DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Alistair Offer at 7:57:37.09 on Thu 05/20/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1187 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alistair Offer\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRunOnce: [DependencyCheck] Performed
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alista~1\applic~1\mozilla\firefox\profiles\2xz7cwn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-9 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-9 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 242896]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-5-3 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-5-3 161000]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-9 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-9 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-9 5888008]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-2 311568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-5-3 840936]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-4-18 354176]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-4-23 56352]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-9 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-9 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-9 26120]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-7 215936]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\regt.cfxxe" /s "c:\combofix\cregb.dat" --> c:\combofix\PEV.cfxxe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]

=============== Created Last 30 ================

2010-05-20 06:55:48 54016 ----a-w- c:\windows\system32\drivers\wbxxnc.sys
2010-05-19 20:35:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:35:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 10:00:39 0 d-----w- c:\docume~1\alista~1\applic~1\Trusteer
2010-05-19 10:00:32 0 d-----w- c:\program files\Trusteer
2010-05-19 10:00:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
2010-05-19 09:00:14 0 d-----w- c:\docume~1\alista~1\applic~1\MagicBall4
2010-05-18 08:04:33 0 d-sha-r- C:\cmdcons
2010-05-18 08:01:25 98816 ----a-w- c:\windows\sed.exe
2010-05-18 08:01:25 77312 ----a-w- c:\windows\MBR.exe
2010-05-18 08:01:25 256512 ----a-w- c:\windows\PEV.exe
2010-05-18 08:01:25 161792 ----a-w- c:\windows\SWREG.exe
2010-05-16 08:58:25 0 d-----w- c:\docume~1\alista~1\applic~1\IObit
2010-05-14 11:36:41 0 d-----w- c:\docume~1\alista~1\applic~1\HpUpdate
2010-05-14 11:36:39 0 d-----w- c:\windows\Hewlett-Packard
2010-05-14 08:30:29 0 d-----w- c:\docume~1\alista~1\applic~1\AVG9
2010-05-12 14:25:01 0 d-----w- c:\docume~1\alista~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-11 09:52:38 0 d-----w- c:\docume~1\alista~1\applic~1\iWin
2010-05-10 07:21:49 0 d-----w- c:\docume~1\alista~1\applic~1\Sahmon Games
2010-05-09 18:17:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-09 18:17:50 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-09 18:17:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-09 18:17:21 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-09 11:14:08 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-05-09 11:14:02 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime
2010-05-09 11:14:02 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime
2010-05-09 11:14:01 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime
2010-05-09 11:14:01 69120 -c--a-w- c:\windows\system32\dllcache\wingb.ime
2010-05-09 11:14:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-05-09 11:14:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2010-05-09 11:14:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2010-05-09 11:14:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-09 11:14:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-05-09 11:12:56 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-05-09 11:10:31 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-05-09 11:10:26 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-05-09 10:40:15 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-09 10:40:15 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-09 10:40:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-09 10:40:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-08 23:19:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-08 23:19:02 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-08 21:40:34 0 d-----w- c:\docume~1\alista~1\applic~1\Malwarebytes
2010-05-08 21:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 21:40:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 21:38:37 0 ----a-w- c:\documents and settings\alistair offer\defogger_reenable
2010-05-08 00:10:53 1132 ----a-w- c:\windows\setupapi.old
2010-05-07 16:41:49 1024336 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.6
2010-05-07 16:41:49 1024294 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.3
2010-05-07 16:41:49 1024284 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.2
2010-05-07 16:41:49 1024258 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.10
2010-05-07 16:41:49 1024246 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.8
2010-05-07 16:41:49 1024216 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.5
2010-05-07 16:41:49 1024164 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.9
2010-05-07 16:41:49 1024130 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.4
2010-05-07 16:41:49 1024004 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.7
2010-05-07 16:41:49 1024000 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.1
2010-05-07 16:41:49 0 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.lock
2010-05-07 13:20:08 77377 ----a-w- c:\windows\hpqins05.dat
2010-05-07 09:57:33 0 d-----w- c:\docume~1\alista~1\applic~1\URSE Games
2010-05-06 10:59:49 163851 ----a-w- c:\windows\system32\nvapps.xml
2010-05-06 10:59:43 0 d-----w- c:\windows\nview
2010-05-06 10:45:00 13815 ----a-w- c:\windows\Ascd_tmp.ini
2010-05-06 10:41:23 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-05-06 10:41:23 197120 ----a-w- c:\windows\system32\fdco1.dll
2010-05-06 10:41:17 5815 ----a-w- c:\windows\system32\nvnrm.nvu
2010-05-06 10:41:16 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-05-06 10:41:14 35328 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-06 10:41:13 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-06 10:41:13 9216 ----a-r- c:\windows\system32\bdco1.dll
2010-05-06 10:41:13 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-06 09:40:33 0 d-----w- c:\docume~1\alista~1\applic~1\Wildfire
2010-05-06 09:25:42 0 d-----w- c:\docume~1\alista~1\applic~1\Intuit
2010-05-05 12:32:50 0 d-----w- c:\docume~1\alista~1\applic~1\NETGEAR
2010-05-05 11:10:22 0 d-----w- c:\docume~1\alista~1\applic~1\MetaProducts
2010-05-05 10:42:17 0 d-----w- c:\docume~1\alista~1\applic~1\spotmau
2010-05-05 10:39:02 0 d-----w- c:\docume~1\alista~1\applic~1\BitTorrent
2010-05-05 10:06:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-05 10:06:06 774144 -c--a-w- c:\windows\system32\dllcache\setup_wm.exe
2010-05-05 10:05:58 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 09:36:36 14573 ----a-r- c:\windows\SET142.tmp
2010-05-05 09:36:26 13753 ----a-r- c:\windows\SET107.tmp
2010-05-05 09:36:23 1086058 ----a-r- c:\windows\SETFB.tmp
2010-05-05 09:36:22 1042903 ----a-r- c:\windows\SETF8.tmp
2010-05-04 12:26:11 0 d-----w- c:\windows\pss
2010-05-04 12:17:29 0 d-----w- C:\Inetpub
2010-05-04 12:10:03 0 d-----w- c:\windows\setup.pss
2010-05-04 12:07:04 0 d-----w- c:\windows\setupupd
2010-04-29 10:16:54 0 d-----w- c:\windows\Magic Ball 4
2010-04-29 10:16:54 0 d-----w- c:\program files\Magic Ball 4
2010-04-29 08:45:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-04-29 08:44:40 0 d-----w- c:\program files\Alawar
2010-04-26 12:09:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-26 12:09:26 38 ----a-w- c:\windows\avisplitter.ini
2010-04-26 12:09:25 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-26 12:09:25 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-25 07:51:54 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-25 07:51:54 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-04-25 07:51:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-04-25 07:51:54 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-04-25 07:51:54 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-04-25 07:51:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-04-25 07:51:53 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-04-25 07:51:53 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-04-25 07:48:21 0 d-----w- c:\program files\MP3 Rocket
2010-04-24 20:03:23 8352 ----a-w- c:\windows\wininit.ini
2010-04-24 19:26:08 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-24 12:32:31 0 d-----w- c:\program files\Trend Micro
2010-04-24 12:06:56 223 --sha-r- C:\BOOT.BKK
2010-04-24 10:32:34 56 ----a-w- c:\windows\SEADRE~1.ini
2010-04-24 10:30:51 789588 ----a-w- c:\windows\SEADREAMSS.SCR
2010-04-24 10:23:09 0 d-----w- c:\program files\TGTSoft
2010-04-24 09:51:47 0 d-----w- c:\program files\FileSubmit
2010-04-23 09:23:32 64 ----a-w- c:\windows\GPlrLanc.dat
2010-04-23 09:23:32 37033 ----a-w- c:\windows\FRGT.ico
2010-04-23 09:23:31 0 d-----w- C:\Remote Programs
2010-04-23 09:23:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2010-04-23 09:23:20 53314 ----a-w- c:\windows\ExentInfo.exe
2010-04-23 09:23:19 0 d-----w- c:\program files\Free Ride Games
2010-04-22 07:32:49 331184 ----a-w- c:\windows\system32\difxapi.dll
2010-04-21 07:07:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-21 07:07:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 14:17:06 0 d-----r- c:\windows\AsDmiHtm
2010-04-20 14:08:47 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-04-20 14:08:47 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-04-20 14:08:20 670 ----a-w- c:\windows\setup.iss
2010-04-20 14:08:03 24576 ----a-r- c:\windows\system32\AsIO.dll
2010-04-20 14:08:03 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2010-04-20 14:08:01 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-04-20 14:08:01 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-04-20 14:08:01 0 d-----w- c:\program files\ASUS
2010-04-20 12:45:15 0 d-----w- C:\Download
2010-04-20 11:29:53 8192 ----a-w- c:\windows\REGLOCS.OLD

==================== Find3M ====================

2010-05-09 18:20:57 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 18:20:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 18:20:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 11:09:22 22748 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-05-06 11:17:00 166827 ----a-w- c:\windows\hphins28.dat
2010-04-16 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-31 01:58:04 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 10:38:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2007-08-18 09:28:42 4316160 -c--a-w- c:\program files\mplayerc.exe
2006-04-30 18:07:08 1629184 -c--a-w- c:\program files\Image Grabber Setup.msi
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csha-r- c:\windows\system32\nbDX.dll
2009-07-22 19:46:28 16384 -csha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 7:58:00.23 ===============


ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/9/2010 12:14:16
System Uptime: 5/19/2010 09:45:06 (22 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-CM DVI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 317.918 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/9/2010 13:36:42 - System Checkpoint
RP2: 5/9/2010 19:16:41 - Installed AVG 9.0
RP3: 5/9/2010 20:18:14 - Avg Update
RP4: 5/10/2010 20:19:57 - System Checkpoint
RP5: 5/11/2010 09:21:03 - Configured Microsoft Office Enterprise 2007
RP6: 5/11/2010 09:33:27 - Configured Microsoft Office Enterprise 2007
RP7: 5/11/2010 10:33:37 - Configured Microsoft Office Enterprise 2007
RP8: 5/11/2010 10:39:54 - Installed Windows Installer KB893803v2.
RP9: 5/11/2010 10:48:51 - Configured Microsoft Office Enterprise 2007
RP10: 5/12/2010 10:52:27 - System Checkpoint
RP11: 5/13/2010 11:48:44 - System Checkpoint
RP12: 5/14/2010 12:36:52 - Removed HP Update
RP13: 5/15/2010 12:46:03 - System Checkpoint
RP14: 5/16/2010 09:58:35 - Advanced SystemCare RestorePoint
RP15: 5/17/2010 11:17:37 - System Checkpoint
RP16: 5/18/2010 12:39:29 - System Checkpoint
RP17: 5/19/2010 11:00:28 - Installed Rapport
RP18: 5/19/2010 14:20:18 - Configured Microsoft Office Enterprise 2007
RP19: 5/19/2010 14:28:56 - Configured Microsoft Office Enterprise 2007
RP20: 5/19/2010 14:32:26 - Configured Microsoft Office Enterprise 2007

==== Installed Programs ======================


179784
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advertising Center
AMD Processor Driver
Ask Toolbar
ASUSUpdate
AVG 9.0
BitTorrent
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cool & Quiet
Creative WebCam Instant Driver (1.01.02.0729)
CustomerResearchQFolder
D5400
D5400_Help
DeviceDiscovery
DeviceManagementQFolder
DolbyFiles
eSupportQFolder
Free Ride Games Player
Gem Ball
GPBaseService
GPBaseService2
HiJackThis
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 5.9.0 (Full)
Magic Ball 3
Magic Ball 4
Magic Encyclopedia
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Starter Kit
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCSetup
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NETGEAR Digital Entertainer for Windows
NVIDIA Drivers
PanoStandAlone
PC Probe II
Platform
PS_SF_03_D5400_ProductContext
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
PSSWCORE
Rapport
seadreamss
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundTrax
Spotmau 5.1.2.6407
Status
Toolbox
TrayApp
UnloadSupport
VIA Platform Device Manager
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinZip 14.5
XpertVision 6.1

==== Event Viewer Messages From Past Week ========

5/19/2010 09:12:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/17/2010 09:33:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/17/2010 09:33:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2010 09:32:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StyleXPHelper Tcpip
5/17/2010 09:32:58, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 09:32:58, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 09:32:58, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 09:32:58, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/16/2010 00:11:16, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
5/15/2010 23:56:03, error: sbp2port [9] - The device, , did not respond within the timeout period.
5/15/2010 19:53:51, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/15/2010 19:52:34, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 bacfbb74, parameter3 bacfb870, parameter4 ba647746.
5/15/2010 19:51:57, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
5/15/2010 11:41:40, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b6170b74, parameter3 b6170870, parameter4 ba647746.

==== End Of File ===========================


MBAM LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4118

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/20/2010 07:55:25
mbam-log-2010-05-20 (07-55-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 253356
Time elapsed: 57 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HiJackThis\backups\backup-20100424-133550-681.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Tumblebugs 2\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{779AECE2-8A2E-4D08-B465-C6ED777605EE}\RP434\A0092589.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.


#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 21 May 2010 - 09:42 PM

Hello.

That's looking good. smile.gif

Most are just leftover stuff which isn't a major concern as of now. Let's continue here.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 24 May 2010 - 02:28 AM

Here is the Kaspersky log


Monday, May 24, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, May 23, 2010 08:12:00
Records in database: 4167006
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
Scan statistics
Objects scanned 79061
Threats found 6
Infected objects found 6
Suspicious objects found 0
Scan duration 12:52:16

File name Threat Threats count
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-16b18e23 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\329a1dd5373889dc1622f16b6e1d56e7a676de6e\StartupManagement.exe Infected: Trojan-Dropper.Win32.Binder.afx 1
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\389b879b224a4e606996e0cd6f3a1230eae12dde\DiskClean.exe Infected: Trojan-Dropper.Win32.Binder.afw 1
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\557985b49fc4362c357ce846a102dc2ec9eace6\svchost.exe Infected: Trojan.Win32.Buzus.dnax 1
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\c5e9c08657cad8a3cb76c4be2544d35e6b61d3b\InternetOptimization.exe Infected: Trojan.Win32.Buzus.deik 1
C:\Documents and Settings\ali\My Documents\LimeWire\Saved\hot Bomb.wma Infected: Trojan.Win32.StartPage.ehg 1
Selected area has been scanned.

Now the DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Alistair Offer at 7:17:00.60 on Mon 05/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1099 [GMT 1:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Alistair Offer\Local Settings\temp\jkos-Alistair Offer\binaries\ScanningProcess.exe
C:\Documents and Settings\Alistair Offer\Local Settings\temp\jkos-Alistair Offer\binaries\ScanningProcess.exe
C:\Documents and Settings\Alistair Offer\My Documents\Downloads\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Nuclear Games Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alista~1\applic~1\mozilla\firefox\profiles\2xz7cwn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-9 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-9 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-7 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-7 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-7 242896]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-5-3 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-5-3 161000]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-9 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-5-9 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-9 5888008]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-2 311568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-5-3 840936]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2010-4-18 354176]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-4-23 56352]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-9 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-9 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-9 26120]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2007-4-26 17792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-7 215936]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\regt.cfxxe" /s "c:\combofix\cregb.dat" --> c:\combofix\PEV.cfxxe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-9 30104]

=============== Created Last 30 ================

2010-05-22 15:23:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-05-22 15:22:59 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-05-22 15:21:05 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-05-22 15:21:01 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-05-22 15:21:01 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-05-22 15:21:01 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-05-22 15:21:01 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-05-22 15:21:01 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-05-20 13:39:08 0 d-s---w- c:\documents and settings\alistair offer\UserData
2010-05-19 20:35:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 20:35:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 10:00:39 0 d-----w- c:\docume~1\alista~1\applic~1\Trusteer
2010-05-19 10:00:32 0 d-----w- c:\program files\Trusteer
2010-05-19 10:00:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
2010-05-19 09:00:14 0 d-----w- c:\docume~1\alista~1\applic~1\MagicBall4
2010-05-18 08:04:33 0 d-sha-r- C:\cmdcons
2010-05-18 08:01:25 98816 ----a-w- c:\windows\sed.exe
2010-05-18 08:01:25 77312 ----a-w- c:\windows\MBR.exe
2010-05-18 08:01:25 256512 ----a-w- c:\windows\PEV.exe
2010-05-18 08:01:25 161792 ----a-w- c:\windows\SWREG.exe
2010-05-16 08:58:25 0 d-----w- c:\docume~1\alista~1\applic~1\IObit
2010-05-14 11:36:41 0 d-----w- c:\docume~1\alista~1\applic~1\HpUpdate
2010-05-14 11:36:39 0 d-----w- c:\windows\Hewlett-Packard
2010-05-14 08:30:29 0 d-----w- c:\docume~1\alista~1\applic~1\AVG9
2010-05-12 14:25:01 0 d-----w- c:\docume~1\alista~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-11 09:52:38 0 d-----w- c:\docume~1\alista~1\applic~1\iWin
2010-05-10 07:21:49 0 d-----w- c:\docume~1\alista~1\applic~1\Sahmon Games
2010-05-09 18:17:51 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-09 18:17:50 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-09 18:17:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-09 18:17:21 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-09 10:39:58 14573 ----a-r- c:\windows\SETC2.tmp
2010-05-09 10:39:48 13753 ----a-r- c:\windows\SET87.tmp
2010-05-09 10:39:44 1086058 ----a-r- c:\windows\SET7B.tmp
2010-05-09 10:39:43 1042903 ----a-r- c:\windows\SET78.tmp
2010-05-08 23:19:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-08 23:19:02 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-08 21:40:34 0 d-----w- c:\docume~1\alista~1\applic~1\Malwarebytes
2010-05-08 21:40:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 21:40:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 21:38:37 0 ----a-w- c:\documents and settings\alistair offer\defogger_reenable
2010-05-07 16:41:49 1024336 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.6
2010-05-07 16:41:49 1024294 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.3
2010-05-07 16:41:49 1024284 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.2
2010-05-07 16:41:49 1024258 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.10
2010-05-07 16:41:49 1024246 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.8
2010-05-07 16:41:49 1024216 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.5
2010-05-07 16:41:49 1024164 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.9
2010-05-07 16:41:49 1024130 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.4
2010-05-07 16:41:49 1024004 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.7
2010-05-07 16:41:49 1024000 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.1
2010-05-07 16:41:49 0 ----a-w- c:\documents and settings\alistair offer\commonpriv.log.lock
2010-05-07 13:20:08 77377 ----a-w- c:\windows\hpqins05.dat
2010-05-07 09:57:33 0 d-----w- c:\docume~1\alista~1\applic~1\URSE Games
2010-05-06 10:59:49 163851 ----a-w- c:\windows\system32\nvapps.xml
2010-05-06 10:59:43 0 d-----w- c:\windows\nview
2010-05-06 10:45:00 13815 ----a-w- c:\windows\Ascd_tmp.ini
2010-05-06 10:41:23 54016 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-05-06 10:41:23 197120 ----a-w- c:\windows\system32\fdco1.dll
2010-05-06 10:41:17 5815 ----a-w- c:\windows\system32\nvnrm.nvu
2010-05-06 10:41:16 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-05-06 10:41:14 35328 ----a-r- c:\windows\system32\nvconrm.dll
2010-05-06 10:41:13 943872 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2010-05-06 10:41:13 9216 ----a-r- c:\windows\system32\bdco1.dll
2010-05-06 10:41:13 22016 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2010-05-06 09:40:33 0 d-----w- c:\docume~1\alista~1\applic~1\Wildfire
2010-05-06 09:25:42 0 d-----w- c:\docume~1\alista~1\applic~1\Intuit
2010-05-05 12:32:50 0 d-----w- c:\docume~1\alista~1\applic~1\NETGEAR
2010-05-05 11:10:22 0 d-----w- c:\docume~1\alista~1\applic~1\MetaProducts
2010-05-05 10:42:17 0 d-----w- c:\docume~1\alista~1\applic~1\spotmau
2010-05-05 10:39:02 0 d-----w- c:\docume~1\alista~1\applic~1\BitTorrent
2010-05-05 10:06:09 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-05 10:06:06 774144 -c--a-w- c:\windows\system32\dllcache\setup_wm.exe
2010-05-05 10:05:58 3555328 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 09:36:36 14573 ----a-r- c:\windows\SET142.tmp
2010-05-05 09:36:26 13753 ----a-r- c:\windows\SET107.tmp
2010-05-05 09:36:23 1086058 ----a-r- c:\windows\SETFB.tmp
2010-05-05 09:36:22 1042903 ----a-r- c:\windows\SETF8.tmp
2010-05-04 12:26:11 0 d-----w- c:\windows\pss
2010-05-04 12:17:29 0 d-----w- C:\Inetpub
2010-05-04 12:10:03 0 d-----w- c:\windows\setup.pss
2010-05-04 12:07:04 0 d-----w- c:\windows\setupupd
2010-04-29 10:16:54 0 d-----w- c:\windows\Magic Ball 4
2010-04-29 10:16:54 0 d-----w- c:\program files\Magic Ball 4
2010-04-29 08:45:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2010-04-29 08:44:40 0 d-----w- c:\program files\Alawar
2010-04-26 12:09:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-26 12:09:26 38 ----a-w- c:\windows\avisplitter.ini
2010-04-26 12:09:25 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-26 12:09:25 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-04-25 07:51:54 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-04-25 07:51:54 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-04-25 07:51:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-04-25 07:51:54 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-04-25 07:51:54 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-04-25 07:51:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-04-25 07:51:53 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-04-25 07:51:53 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-04-25 07:48:21 0 d-----w- c:\program files\MP3 Rocket
2010-04-24 20:03:23 8352 ----a-w- c:\windows\wininit.ini
2010-04-24 19:26:08 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-24 12:32:31 0 d-----w- c:\program files\Trend Micro
2010-04-24 12:06:56 223 --sha-r- C:\BOOT.BKK
2010-04-24 10:32:34 56 ----a-w- c:\windows\SEADRE~1.ini
2010-04-24 10:30:51 789588 ----a-w- c:\windows\SEADREAMSS.SCR
2010-04-24 10:23:09 0 d-----w- c:\program files\TGTSoft
2010-04-24 09:51:47 0 d-----w- c:\program files\FileSubmit

==================== Find3M ====================

2010-05-22 15:19:57 22780 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-05-09 18:20:57 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 18:20:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 18:20:45 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-06 11:17:00 166827 ----a-w- c:\windows\hphins28.dat
2010-04-21 07:06:47 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-11 20:15:54 53314 ----a-w- c:\windows\ExentInfo.exe
2010-03-31 01:58:04 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2010-03-31 01:58:04 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2010-03-31 01:58:04 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58:04 133616 ----a-w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-02 10:38:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2007-08-18 09:28:42 4316160 -c--a-w- c:\program files\mplayerc.exe
2006-04-30 18:07:08 1629184 -c--a-w- c:\program files\Image Grabber Setup.msi
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 -csha-r- c:\windows\system32\nbDX.dll
2009-07-22 19:46:28 16384 -csha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 7:17:17.00 ===============


And lastly the ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/22/2010 16:24:57
System Uptime: 5/23/2010 10:46:17 (21 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-CM DVI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | AM2 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 319.704 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/22/2010 16:33:45 - System Checkpoint
RP2: 5/22/2010 19:03:43 - Removed NETGEAR Digital Entertainer for Windows
RP3: 5/22/2010 19:04:08 - Installed NETGEAR Digital Entertainer for Windows
RP4: 5/23/2010 20:38:35 - System Checkpoint

==== Installed Programs ======================


179784
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advertising Center
AMD Processor Driver
Ask Toolbar
ASUSUpdate
AVG 9.0
BitTorrent
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cool & Quiet
Creative WebCam Instant Driver (1.01.02.0729)
CustomerResearchQFolder
D5400
D5400_Help
DeviceDiscovery
DeviceManagementQFolder
DolbyFiles
eSupportQFolder
Free Ride Games Player
Gem Ball
GPBaseService
GPBaseService2
HiJackThis
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart D5400 Printer Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 5.9.0 (Full)
Magic Ball 3
Magic Ball 4
Magic Encyclopedia
Malwarebytes' Anti-Malware
MarketResearch
Menu Templates - Starter Kit
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCSetup
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NETGEAR Digital Entertainer for Windows
NVIDIA Drivers
PanoStandAlone
PC Probe II
Platform
PS_SF_03_D5400_ProductContext
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
PSSWCORE
Rapport
seadreamss
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SoundTrax
Spotmau 5.1.2.6407
Status
Toolbox
TrayApp
UnloadSupport
VIA Platform Device Manager
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
WebReg
WinRAR archiver
WinZip 14.5
XpertVision 6.1

==== Event Viewer Messages From Past Week ========

5/22/2010 16:26:07, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
5/22/2010 16:21:36, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
5/22/2010 12:14:02, error: sbp2port [9] - The device, , did not respond within the timeout period.
5/21/2010 09:28:24, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/20/2010 23:19:48, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
5/20/2010 23:19:44, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
5/20/2010 15:23:44, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/20/2010 08:02:55, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/19/2010 09:44:41, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/19/2010 09:17:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/19/2010 09:17:06, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/19/2010 09:17:06, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2010 09:17:06, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2010 09:17:06, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/17/2010 09:32:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 AsIO AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StyleXPHelper Tcpip
5/17/2010 09:32:58, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================


The Internet problem is no longer apparent and the pop up screen at startup has dissappeared.

Thanks

Alistair

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 24 May 2010 - 01:19 PM

That's good. Just a few things to removed and we can cleanup!

Download and Run OTM
  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.
  3. Paste the following code under the area. Do not include the word "Code".
    CODE
    :files
    C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-16b18e23
    C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\329a1dd5373889dc1622f16b6e1d56e7a676de6e\StartupManagement.exe
    C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\389b879b224a4e606996e0cd6f3a1230eae12dde\DiskClean.exe
    C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\557985b49fc4362c357ce846a102dc2ec9eace6\svchost.exe
    C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\c5e9c08657cad8a3cb76c4be2544d35e6b61d3b\InternetOptimization.exe
    C:\Documents and Settings\ali\My Documents\LimeWire\Saved\hot Bomb.wma
    :commands
    [CREATERESTOREPOINT]
    [emptytemp]
  4. Click the large button.
  5. If OTM requires are reboot, please allow it to do so.
  6. Copy/Paste the contents under the line here in your next reply.
Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--
Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here.

If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along.


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 bstarduk

bstarduk
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 24 May 2010 - 05:31 PM

AND SO TO MY LAST LOG (HOPEFULLY)


All processes killed
========== FILES ==========
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-16b18e23 moved successfully.
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\329a1dd5373889dc1622f16b6e1d56e7a676de6e\StartupManagement.exe moved successfully.
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\389b879b224a4e606996e0cd6f3a1230eae12dde\DiskClean.exe moved successfully.
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\557985b49fc4362c357ce846a102dc2ec9eace6\svchost.exe moved successfully.
C:\Documents and Settings\Administrator.ALI-BE1CBC74EC9\Local Settings\Application Data\Thinstall\Cache\Stubs\c5e9c08657cad8a3cb76c4be2544d35e6b61d3b\InternetOptimization.exe moved successfully.
C:\Documents and Settings\ali\My Documents\LimeWire\Saved\hot Bomb.wma moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2421348 bytes
->Flash cache emptied: 41 bytes

User: Administrator.ALI-BE1CBC74EC9
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 10578 bytes
->FireFox cache emptied: 74840490 bytes
->Flash cache emptied: 2160 bytes

User: ali
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 158333797 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Alistair Offer
->Temp folder emptied: 124574183 bytes
->Temporary Internet Files folder emptied: 11094705 bytes
->Java cache emptied: 136085 bytes
->FireFox cache emptied: 38123126 bytes
->Flash cache emptied: 1001 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8629148 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 285397 bytes
RecycleBin emptied: 2876013744 bytes

Total Files Cleaned = 3,142.00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05242010_230707

Files moved on Reboot...

Registry entries deleted on Reboot...


Many thanks again for your help

Regards

A;istair





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users