ra12r
-
Posts
60 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ra12r
-
-
LDTate, I am sooo sorry that my computer has been such a challenge. But, it is doing much better and I that you for your help. The screen refresh has stopped. It boots much faster. The newly installed firefox 3.6 verson is not hanging while going to webpages. I am still having some intermittant USB issues. I have not reinstalled a cdrom driver yet. Do you currently see anything else of concern?
However, prior to installing the cdrom driver,I have been trying to work the past couple of days when i get home from work to get things all back balanced. But I still have some issues that I need your help with... On one of our cleaning scans prior to christmas break, I lost all my bookmarks in firefox and firefox kept saying it was already open when I would try to start the program. I tried to find them by doing a system restore, but the system restore points no longer work. I figured the bookmarks json or html files were deleted from the profile and could be found on the harddrive with a program. So I have found some files but the bookmark files that will restore, no luck yet. The one i found that is the prior, firefox says it can not process it. I am wondering what I need to do to get them restored. I don't think any of my virus's was located in the mozilla folder, but I am not sure about that??? I have been using a program that finds and undeletes stuff that has been deleted and is still on the hardddrive. But, the info I have found so far to know what all needs to be present without undeleting all the Mozilla files has not addressed my issue of restoring deleted mozilla bookmarks files. Thanks again for your time and efforts to help me.
-
LDTate, ok I will have to get a driver from driversguide, no problem. However, i did notice that my usb mouse and keyboard locked up again. When I unplug and replug it found it straightway though, but something is still grabbing that usb bus or something.....
-
LDTate, I still don't have a cdrom drive after bootup. I have it when I go to the bios before bootup but loose it after bootup? Haven't noticed anything else yet.
-
LDTate, Happy new Year!!! I ran the OTL and here is the log.
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 348 bytes
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 13287 bytes
User: NetworkService
->Flash cache emptied: 13542 bytes
User: Sonia Evans
->Flash cache emptied: 3805511 bytes
Total Flash Files Cleaned = 4.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 129429 bytes
->FireFox cache emptied: 14506790 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Sonia Evans
->Temp folder emptied: 3856359 bytes
->Temporary Internet Files folder emptied: 51931318 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 135707675 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 1132049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 47366 bytes
RecycleBin emptied: 421387617 bytes
Total Files Cleaned = 601.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_140045
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Sorry I haven't made it back to the "sick" computer yet. Holidays almost over.
-
will be off this computer for a few days....
-
LDTate, UPDATE, my USB is being hijacked real bad this morning. I am keep having to plug and unplug the mouse keyboard to reactive....... sigh
-
LDTate, Well this morning the desktop screen is still running correctly with the screen slow scroll not happening. I am still not sure about what script I turned off by stopping "script running after user logon"?!
My key board is still doing something weird as I am typing this it has got stuck typing one letter a couple of times that looking like the following single letter jjjjjjjjjjjjjjjjjjjjj It is not happening on any particular letter though but there seems to still be something still affecting the USB bus?!
On startup, I am still loosing my USB bus and cannot get into F8 commands for safemode as I still cannot use arrow up or down except on ps2 keyboard. I also still do not have a cdrom. My cdrom is less than 6 months old so if it died during this then the timing is crazy. I have deleted the cddriver to let it just reinstal, but it always says the driver is installed but cannot find the hardware. The bios can see it as I checked just to make sure it was being recognized.
I have been watching my services for extreme memory or cpu usage and that seems normal even when my USB is acting crazy. That used to time with the svchost.exe going crazy. I did have to reinstall Firefox, but I believe the problem was caused by deleting something in the mozilla profile that kept showing up on some of these scans.
-
LDTate, I also noticed in my registry that I have a bunch of repeated entries of the same exact file. Some are exactly the same in content and other are a varient but with the same content in the subfolders that they have in common. These files are located at HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
wow, my system just lost usb and so I have to finish this with the ps2 keyboard...... How many entries of that file should there be?
-
Here is the EXTRAS.txt
OTL Extras logfile created on: 12/18/2011 9:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Internet Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
703.48 Mb Total Physical Memory | 461.37 Mb Available Physical Memory | 65.58% Memory free
2.71 Gb Paging File | 2.45 Gb Available in Paging File | 90.42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 95.43 Gb Free Space | 64.02% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.39% Space Free | Partition Type: NTFS
Computer Name: HIGHLANDER | User Name: Wyatt Evans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0D00BDA8-A387-4239-8C33-04FA7F37D655}" = Nitrous Log
"{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2567B22D-4CAC-44ED-8B31-FB92636E2E0F}" = WebCam
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{61262D82-A4B7-4B9E-B697-E220D632CCD2}_is1" = Power Commander 5 Software V1.0.1
"{64A50049-407F-4361-9823-CE0C5630504F}" = Ultimate Racer 3.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837006C4-83B7-4BF9-ABC7-AD262FBBFCDF}" = YOSHIMURA Engine Management Professional
"{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
"{898E3215-89AB-485C-B020-AC59229D2C25}" = PC Link Nitrous
"{8E75E6F4-35DF-43E6-8A11-C73437FA3C5B}" = Xtranormal State
"{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
"{929A7FF6-5C3B-45AC-A4C9-30A3AE16CF4B}" = Xtranormal State - Showpak-Playgoz-Preview
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{A0BA5AAC-CA61-4C71-9A29-FDF521296225}" = Xtranormal State - SoundPack-Starter Kit
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436B59A-756E-426F-A348-2BE1BE99B86F}" = AVG 2012
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2586CA8-0F12-11D3-8258-00C04F6843FE}" = Microsoft Office 2000 Web Archive Add-On
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72C8671-4FE0-44D9-8A7B-D07F411D2565}" = WEGO Log
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E59219D4-23B8-11D3-A179-00C04F6C9FA4}" = Microsoft Word Supplemental Templates and Wizards
"{E8DF0C63-3669-4A71-9000-03775FF51D2C}" = RemotePlayback
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE9C7463-77A6-4B64-8891-550B7E3505F2}" = Engine Analyzer Pro v3.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AVG" = AVG 2012
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"DriverGuide DriverScan" = DriverGuide DriverScan
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"ImgBurn" = ImgBurn
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PC Camera Capture" = PC Camera Capture
"Power Commander 3" = Power Commander 3
"Punch! 5 in 1 Home Design" = Punch! 5 in 1 Home Design
"QuickTime" = QuickTime
"S3" = KM400/KN400 Display Driver and Utilities
"Slotman_is1" = Slotman
"UltraDefrag" = Ultra Defragmenter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0683c2c1208fabf1" = Hayabusa ECUeditor for K2-K7, K8- models
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/18/2011 12:10:59 PM | Computer Name = HIGHLANDER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 12/18/2011 12:11:00 PM | Computer Name = HIGHLANDER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.
Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.
Error - 12/18/2011 12:17:45 PM | Computer Name = HIGHLANDER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 12/18/2011 12:17:46 PM | Computer Name = HIGHLANDER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.
Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.
[ System Events ]
Error - 12/18/2011 11:15:08 AM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058
Error - 12/18/2011 11:48:58 AM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.
Error - 12/18/2011 11:49:08 AM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12/18/2011 11:50:19 AM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058
Error - 12/18/2011 12:10:47 PM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.
Error - 12/18/2011 12:10:59 PM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12/18/2011 12:12:11 PM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058
Error - 12/18/2011 12:17:35 PM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.
Error - 12/18/2011 12:17:45 PM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 12/18/2011 12:18:56 PM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058
< End of report >
-
LDTate, before I ran this latest scan I went into gpedit.msc and turned off "run scripts after logon" or something like that and it stop the desktop pic slow scroll and it stop the slow scroll on application shut downs.... so to me that means there is some script associated with my profile that is trying to run with everystartup and then periodically until it crashes a svcprocess. Here is the scan results of OLT
OTL logfile created on: 12/18/2011 9:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Internet Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
703.48 Mb Total Physical Memory | 461.37 Mb Available Physical Memory | 65.58% Memory free
2.71 Gb Paging File | 2.45 Gb Available in Paging File | 90.42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 95.43 Gb Free Space | 64.02% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.39% Space Free | Partition Type: NTFS
Computer Name: HIGHLANDER | User Name: Wyatt Evans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Internet Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (MaxSch2Svc) -- File not found
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
========== Driver Services (SafeList) ==========
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/14 03:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/18 11:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 10:41:26 | 000,000,000 | ---D | M]
[2010/04/19 18:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Extensions
[2011/12/18 21:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions
[2011/12/18 21:15:21 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/12/18 11:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/20 08:40:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/17 15:39:27 | 000,693,048 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/12/12 07:12:37 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562 (MUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.JPGL - C:\WINDOWS\jpgl.dll ()
Drivers32: VIDC.TMPX - C:\WINDOWS\System32\TMPXVFW.DLL ()
Drivers32: VIDC.TVTA - C:\WINDOWS\System32\TVTACODEC.DLL (tvt)
Drivers32: VIDC.TVTX - C:\WINDOWS\System32\TVTXTDEC.DLL (tvt)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\XVIDVFW.DLL ()
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/12/13 21:37:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/11 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\DoctorWeb
[2011/12/10 23:31:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/09 07:21:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/12/07 22:38:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/03 08:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/03 08:13:29 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe
[2011/12/03 07:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item_files
[2011/12/02 07:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG
[2011/12/02 07:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/12/02 06:52:49 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/02 06:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/02 06:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG2012
[2011/12/02 06:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/12/02 06:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/02 06:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/02 06:23:20 | 003,903,528 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe
[2011/12/01 22:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller
[2011/12/01 21:39:19 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe
[2011/11/30 00:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/11/29 23:25:00 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/11/27 23:07:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/11/22 03:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/22 02:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Malware Fix Folder
[2011/11/20 23:12:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sonia Evans\IECompatCache
[2011/11/19 10:52:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/11/19 01:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Start Menu\Programs\DriverGuide DriverScan
[2011/11/19 01:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Apple
[2011/11/19 01:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/19 01:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/11/19 01:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/11/19 01:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/11/19 01:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\PackageAware
[2011/11/19 01:04:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/11/19 01:04:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/11/19 00:52:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/18 11:17:27 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/18 11:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/18 11:16:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/18 11:16:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/18 09:18:13 | 000,002,732 | RHS- | M] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol
[2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/12/18 03:58:31 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar
[2011/12/14 03:38:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/12 07:12:37 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/08 21:52:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/05 20:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111208-214322.backup
[2011/12/04 08:39:19 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2011/12/03 17:20:56 | 000,025,532 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe
[2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg
[2011/12/03 07:59:26 | 000,002,877 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm
[2011/12/02 07:29:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe
[2011/12/01 22:15:08 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip
[2011/12/01 21:23:13 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe
[2011/11/28 23:42:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/22 08:39:35 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/20 23:25:45 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 12:04:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/19 10:08:20 | 000,226,596 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg
[2011/11/19 10:06:14 | 009,751,798 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/18 11:16:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/18 11:16:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/18 11:16:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/18 03:58:31 | 084,460,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/18 00:55:45 | 000,107,134 | ---- | C] () -- C:\fraglist.luar
[2011/12/18 00:01:18 | 000,002,732 | RHS- | C] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol
[2011/12/17 23:22:24 | 000,003,906 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/12/03 17:20:56 | 000,025,532 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/03 08:03:27 | 000,266,123 | ---- | C] () -- C:\Boot Item.jpg
[2011/12/03 07:59:26 | 000,002,877 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm
[2011/12/02 07:29:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/02 06:29:40 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/01 22:14:49 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip
[2011/11/19 10:44:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/19 10:08:20 | 000,226,596 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg
[2011/11/19 10:06:13 | 009,751,798 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf
[2011/11/13 23:00:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/13 22:57:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/10/11 20:22:23 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2011/10/11 20:22:23 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2011/10/11 20:22:22 | 001,900,544 | R--- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2009/08/29 00:22:30 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\dm.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/04/24 08:36:35 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[2009/03/02 22:20:48 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGat.gif
[2009/03/02 22:20:48 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGcn.gif
[2009/03/02 22:20:48 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGby.gif
[2008/12/19 21:31:59 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\RmDigSSD Prefs
[2008/12/05 20:08:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2008/12/05 20:08:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2008/12/05 19:53:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL
[2008/12/05 19:53:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL
[2008/12/05 19:53:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2008/11/23 19:21:26 | 000,005,383 | ---- | C] () -- C:\WINDOWS\Racer30.INI
[2008/06/04 20:48:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2008/06/04 20:48:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/11/28 23:08:17 | 000,000,303 | ---- | C] () -- C:\WINDOWS\EMPro3D.INI
[2007/08/25 15:47:17 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2007/08/25 15:47:17 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2007/03/19 19:54:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/03/18 08:18:27 | 000,001,299 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/16 00:57:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Sonia Evans.ini
[2007/03/06 20:15:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/12 17:27:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/12 17:27:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/12/31 19:31:26 | 000,009,475 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/09/24 12:29:56 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/21 21:13:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/12 21:14:08 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\FixVTS.ini
[2006/06/20 21:20:02 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 21:20:01 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/06/20 21:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/06/19 21:21:22 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Biblerp.ini
[2006/06/17 07:27:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/06/10 07:02:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/09 20:32:01 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\.zreglib
[2006/06/09 19:50:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/09 19:23:47 | 000,001,015 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/06/09 19:23:47 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/06/09 19:23:47 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/06/09 19:23:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2006/06/09 19:23:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/09 19:23:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006/06/09 19:23:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/06/09 19:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/06/09 19:21:59 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/06/09 19:07:49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/06/09 19:07:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/06/09 19:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/06/09 19:07:43 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2006/06/09 19:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/06/09 19:04:06 | 000,002,893 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/09 19:04:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/09 18:44:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/09 18:39:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/09 14:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/09 14:30:00 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/08/13 13:33:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\div_iyuv.dll
[2001/08/13 13:33:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jpgl.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/09 21:24:30 | 000,104,448 | ---- | C] () -- C:\WINDOWS\System32\Winhrt32.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg
[2011/12/03 08:05:32 | 000,162,304 | ---- | M] () -- C:\Boot Item2.doc
[2010/06/14 21:34:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2011/11/29 00:02:37 | 000,000,929 | ---- | M] () -- C:\CFScript.txt
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/07 22:38:09 | 000,013,553 | ---- | M] () -- C:\ComboFix.txt
[2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/12/10 08:18:35 | 000,000,426 | ---- | M] () -- C:\DiskReport.txt
[2011/06/11 06:01:36 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt
[2009/10/24 13:44:19 | 000,754,668 | ---- | M] () -- C:\EasyShare.dmp
[2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar
[2011/12/18 00:55:45 | 000,067,528 | ---- | M] () -- C:\fraglist.txt
[2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/07/10 15:38:18 | 000,000,285 | ---- | M] () -- C:\Key for AnyDVD.AnyDVD
[2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/09/22 18:58:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/10/16 11:24:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/21 17:01:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/21 17:01:18 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/12/18 11:17:11 | 1106,485,248 | -HS- | M] () -- C:\pagefile.sys
[2006/09/17 09:35:40 | 000,075,925 | ---- | M] () -- C:\SpeedQueen 2006.jpg
[2011/11/19 09:53:13 | 000,001,967 | ---- | M] () -- C:\svchost.exe.txt
[2011/11/19 08:55:19 | 000,048,988 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_19.11.2011_08.53.07_log.txt
[2011/11/27 23:03:04 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_27.11.2011_23.02.59_log.txt
[2011/11/29 00:09:29 | 000,048,450 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.08.18_log.txt
[2011/11/29 00:18:23 | 000,053,232 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.13.31_log.txt
[2011/12/01 21:44:24 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.43.10_log.txt
[2011/12/01 21:48:31 | 000,045,138 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.46.49_log.txt
[2011/12/01 22:00:54 | 000,045,216 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.57.32_log.txt
[2011/12/01 22:17:20 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_22.15.29_log.txt
[2011/12/06 07:26:36 | 000,046,356 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_06.12.2011_07.25.55_log.txt
[2011/12/07 19:48:52 | 000,135,694 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_07.12.2011_19.43.54_log.txt
[2011/12/16 20:58:41 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_16.12.2011_20.58.38_log.txt
[2011/11/27 23:08:20 | 000,103,908 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_27.11.2011_23.05.17_log.txt
[2011/11/29 07:14:20 | 000,054,298 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_07.11.22_log.txt
[2011/11/29 23:27:39 | 000,046,752 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_23.26.50_log.txt
[2011/12/16 21:00:35 | 000,046,376 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_20.59.40_log.txt
[2011/12/16 22:53:46 | 000,046,372 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_22.52.02_log.txt
[2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
[2007/03/14 08:34:32 | 000,502,170 | ---- | M] () -- C:\wedding.jpg
[2008/04/28 15:36:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/06/09 18:41:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/06/09 14:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/06/09 14:29:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/06/09 14:29:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/10/16 11:30:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/03/11 10:05:15 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/12/06 10:42:15 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Go to Next page.URL
[2006/06/09 18:48:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe
[2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe
[2009/05/27 17:41:21 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sonia Evans\Desktop\setup-spybotsd162.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
[2006/06/18 20:36:43 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\370_gotomypc.exe
[2008/11/21 08:33:55 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\gotomypc_370.exe
[2007/10/18 14:58:09 | 000,724,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\Java\gotomypc_437.exe
[2009/02/05 12:02:03 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Java\javalog.txt
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
[2009/05/26 15:58:31 | 000,563,712 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Sonia Evans\gotomypc_370.exe
[2010/01/16 13:55:07 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sonia Evans\gotomypc_533.exe
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/09/22 21:04:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/18 21:15:32 | 000,376,832 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 0
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >
-
LDTate, Ok i have run and rerun the apps in most of the above post. Here is that latest mbam that was run in safemode. It did not find anything. BUT, I am still unable to get into safemode using a usb keyboard or mouse. It will let me F8 to get to the screeen, but then the use stops for the keyboard. I have to use a ps2 keyboard (luckily it is a older motherboard). So it loads and cruises along fairly rapidly until after I log on windows and the desktop pic comes immediately on....it now slows down and then rewrites the screen OR loads an application and closes the application fast and slow enough to see that choppy window closing that occurs on everything else when you close it. I go to my computer and I don't have a CDrom player. But in hardware properties it says it loaded the driver and cant find the drive???
I would really like to know how to see a list of all the stuff that is getting started. I choose enable boot logging at the initial, but I don't know how to find that log. Here is latest mbam. Thanks for your help, we have to be getting really close to finding this thing.....
Malwarebytes' Anti-Malware 1.51.2.1300
Database version: 8379
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
12/16/2011 9:10:04 PM
mbam-log-2011-12-16 (21-10-04).txt
Scan type: Quick scan
Objects scanned: 171526
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
trouble showing drwebit log it says the log is 95mb in size?!
-
LDTate, Dr.Webit ran for approximatly 40hrs to finish. It did find several things. I have ran the program twice thus far, but it does take a complete scan several days to complete. As it did run more than 40hrs twice. Each time I got svchost.exe errors?!?! Also this morning with a new bootup, I still do not have a CD drive, something is still loading after the taskbar and before the LANicon. The desktop pic goes blue for about 10-20sec and then it rewrites slowly. My keyboard is mildly delayed as I write this.... here is the drwebit log.
-
It has been running almost two days.... I saw that it found some stuff (whew) but on each on the two days when i would get home there were svchost.exe errors on the screen. Last night in attempting to clear the errors i clicked the wrong window and it closed drweb, so I had to start over again last night. Will post after the complete is finished hopefully by this evening.
-
LDTate, recieved another email from AT&T saying that I downloaded "Conflicker" on 12-6-11......?!?!?! Can you tell me what was downloaded based on any of these reports? I need to know where this is coming from because the only thing that I have been doing on this computer is trying to get it clean!!! Thanks
-
LDTate, I still need to remove this "downadup" or "conflicker" or "DEMON FROM HELL"...... What is the next action to get rid of this thing?
-
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: HIGHLANDER
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 C NTFS Partition 149 GB Healthy System
Volume 1 E NTFS Partition 75 GB Healthy Pagefile
-
LDTate, Here is latest ESET. However, by this morning, AVG had several hits for Downadup or chmrnuyv[1].jpg or .gif or .png or .bmp This has been seen several times. I have tried to manually delete these programs in safe mode, I have tried fileassassin, plus all your suggested auto runs. Only AVG finds them, and search finds them sometimes also. How can I get rid or this monster? It also appears to be getting more aggressive at stopping me, like it is able to react to which files I delete?!
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-03 03:52:09
# local_time=2011-12-03 10:52:09 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=134266
# found=13
# cleaned=13
# scan_time=9179
C:\Internet Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000033.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000034.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000035.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Lovell Goens\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-04 04:42:21
# local_time=2011-12-03 11:42:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=134266
# found=0
# cleaned=0
# scan_time=7653
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3aea3fcff2e40c4883357ca36cc71eca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-09 04:17:20
# local_time=2011-12-08 11:17:20 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=71339
# found=0
# cleaned=0
# scan_time=4337
-
LDTate, here is latest CFlog. Unable to start firefox now as it says it is already running... Cant go to safe mode becuase keyboard gets locked out on selection screen, but is working on regular boot. something is in my motherboard memory.
ComboFix 11-12-06.01 - Sonia Evans 12/07/2011 7:54.16.1 - x86
Running from: c:\internet downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))
.
.
2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET
2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG
2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG
2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-12-02 11:29 . 2011-12-06 08:14 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG
2011-12-02 11:23 . 2011-12-06 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs
2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache
2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware
2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en
2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan
2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer
2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer
2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi
+ 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"McciCMService"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"idsvc"=3 (0x3)
"AMDFusionSVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"VTTimer"=VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: rexplorer.net
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 08:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3812)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-12-07 08:04:16
ComboFix-quarantined-files.txt 2011-12-07 13:04
ComboFix2.txt 2011-12-06 01:21
ComboFix3.txt 2011-12-05 03:20
ComboFix4.txt 2011-12-01 03:04
ComboFix5.txt 2011-12-07 12:53
.
Pre-Run: 103,019,134,976 bytes free
Post-Run: 103,002,116,096 bytes free
.
- - End Of File - - 9676E12F0296DEB02DECBAFA0A35CB72
-
I currently have lost my cd/dvd drive and a usb camera... The drivers in hardware are loading but malfunctioning.
-
It looks to me like the driver services at the beginning of the log is ALL my bad stuff..... yuck! Some of those names have been deleted several times during this process since the beginning... What am I really dealing with?!
-
LDTate, okay here is my latest combofix log.
ComboFix 11-12-05.01 - Sonia Evans 12/05/2011 7:47.15.1 - x86
Running from: c:\internet downloads\ComboFix.exe
Command switches used :: c:\internet downloads\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\vrcrs.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRSBIBR
-------\Legacy_XDHVIM
-------\Legacy_ZFYBFWIE
-------\Service_cfimslpn
-------\Service_srsbibr
-------\Service_xdhvim
-------\Service_zfybfwie
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET
2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG
2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG
2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-12-02 11:29 . 2011-12-05 08:04 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG
2011-12-02 11:23 . 2011-12-05 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs
2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache
2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE
2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware
2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en
2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan
2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer
2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer
2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi
+ 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"McciCMService"=2 (0x2)
"gusvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"idsvc"=3 (0x3)
"AMDFusionSVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"VTTimer"=VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
.
R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: rexplorer.net
TCP: DhcpNameServer = 192.168.1.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 20:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1792)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\locator.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-12-05 20:21:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 01:21
ComboFix2.txt 2011-12-05 03:20
ComboFix3.txt 2011-12-01 03:04
ComboFix4.txt 2011-11-30 04:38
ComboFix5.txt 2011-12-05 12:46
.
Pre-Run: 103,056,859,136 bytes free
Post-Run: 103,000,420,352 bytes free
.
- - End Of File - - 04154E38C0F1BF5579B57C2875DE0BBA
-
Also, I could not find a folder named networkservice. Here is where I am trying to find, but it is not there when I look but it shows up as the location of the above virus.
documents and settings\networkservice\localsetting\Temporary Internet Files\Content.IE5\3tkun09l or xbqeopjb\chmrnuyv[1].jpg or .gif or .png or .bmp
AVG find this as a virus but it not able to delete because they are always "open" and so is that tracking cookie "open"
netsvcs.exe errors
in Resolved Malware Removal Logs
Posted
LDTate, OK I believe my computer is okay now. I had a few struggles but have (with your help) gotten the "monkey out of the tree"!!! Here is a few things that I have learned which I hope helps you also....
Symptom:
1) Root Kit Virus....... It was removed by the processes you directed.
2) Multiple Malware....... Removed by the processes you directed.
3) Location of a problem........ Discovered that my "cache" of my firefox profile contained something that was recreating issues when I restored a deleted profile to get back some manually deleted bookmarks. So a complete reinstall was required. OTL plus your suggested additions immediately stopped it again.
4) Slow screen redraw.......... Removed IE8 and it 'IMMEDIATELY FIXED" my screen issues. I found that by googling. There is a script required for XP that will remove it on the MS website. Currently I have not reinstalled any IE but I will try to go back to IE6.
5) Lost CD storage device....... I had to get in regedit and remove a "Lower filter" which fixed my issue immediately and now burning is EXTREMELY FAST. ie google
6) IP Router virus...... turning on and off the ip stuff fixed that blockage of internet access to certain websites.
7) USB lockout after time idle.......... turning off power management control has stopped that...
I cant think of anything else right now, but I believe all my problems are solved!!! Thank you very much and I will probably be purchasing a full version of MBAM just for appreciation. Once again thank you for you diligence helping me get all these things back out of my system as I have learned a BUNCH of additional things working this process with you. Mucho Gracias!!!!