Jump to content

sewez

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by sewez

  1. sewez
    so what do you think of my last log? Do you think i am ok now? I would love to know of some FREE automatic alternatives to spyware terminator.....
  2. sewez
    here is the eset log: C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETptqfwbyf.dll.vir Win32/Olmarik.KW trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETtwvdomge.dll.vir Win32/Olmarik.KW trojan C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNETpeqrapul.sys.vir Win32/Olmarik.KW trojan
  3. sewez
    Just curious, what is wrong with Spyware Terminator?
  4. sewez
    here is the first log you requested: Logfile of random's system information tool 1.06 (written by random/random) Run by Ben Jones at 2009-08-19 13:28:20 Microsoft Windows XP Professional Service Pack 3 System drive C: has 66 GB (85%) free of 78 GB Total RAM: 639 MB (26% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:29:06 PM, on 8/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\twc\medicsp2\bin\sprtsvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files\LivePerson\hc.exe C:\Documents and Settings\Ben Jones\Local Settings\Application Data\Citrix\GoToMyPC\gotomypc_428.exe C:\DOCUME~1\BENJON~1\LOCALS~1\Temp\G2_428\g2viewer.exe C:\UPS\WSTD\WorldShipTD.exe C:\UPS\WSTD\upslnkmg.exe C:\Documents and Settings\Ben Jones\Desktop\Security\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Ben Jones.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-19 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'LOCAL SERVICE') O4 - S-1-5-18 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'Default user') O4 - Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.fullcontrol.net/activex/AxisCamControl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 6303 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1224078009.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-18 1783808] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe [2007-03-07 198184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [2008-08-04 18968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-05-15 217193] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-10-22 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920] C:\Documents and Settings\All Users\Start Menu\Programs\Startup hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe C:\Documents and Settings\Ben Jones\Start Menu\Programs\Startup LivePerson.lnk - C:\Program Files\LivePerson\hc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-06-24 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2007-05-25 63040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\LivePerson\hc.exe"="C:\Program Files\LivePerson\hc.exe:*:Enabled:LivePerson Application" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server" "C:\Program Files\InterVideo\DVD5\WinDVD.exe"="C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD" "C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe"="C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe:*:Enabled:UPS WorldShip MSDE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-08-19 13:28:20 ----D---- C:\rsit 2009-08-19 12:51:54 ----A---- C:\RootRepeal report 08-19-09 (12-51-54).txt 2009-08-19 10:28:28 ----A---- C:\ComboFix.txt 2009-08-19 09:57:15 ----A---- C:\WINDOWS\zip.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWSC.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWREG.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\sed.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\PEV.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-19 09:57:15 ----A---- C:\WINDOWS\grep.exe 2009-08-19 09:56:51 ----D---- C:\WINDOWS\ERDNT 2009-08-19 09:56:26 ----D---- C:\Qoobox 2009-08-18 15:08:48 ----D---- C:\Program Files\Trend Micro 2009-08-18 11:34:15 ----SHD---- C:\WINDOWS\CSC 2009-08-18 11:34:00 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-18 10:05:35 ----D---- C:\WINDOWS\Minidump 2009-08-17 09:36:30 ----D---- C:\_OTM 2009-08-17 09:18:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-08-13 11:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-12 20:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 20:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 20:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 20:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 20:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 20:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 20:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 20:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 20:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 16:08:50 ----D---- C:\Documents and Settings\Ben Jones\Application Data\Malwarebytes 2009-08-11 16:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-11 16:08:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-11 15:19:13 ----A---- C:\WINDOWS\wininit.ini 2009-07-21 11:32:04 ----D---- C:\Program Files\Common Files\Bcgsoft 2009-07-21 11:20:56 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL 2009-07-21 11:20:56 ----A---- C:\WINDOWS\system32\eosih.dll ======List of files/folders modified in the last 1 months====== 2009-08-19 12:40:32 ----D---- C:\WINDOWS\Prefetch 2009-08-19 12:40:24 ----D---- C:\WINDOWS\system32\drivers 2009-08-19 12:34:40 ----D---- C:\WINDOWS\Temp 2009-08-19 12:33:25 ----A---- C:\WINDOWS\wstdUPSWSHIP.INI 2009-08-19 12:33:13 ----D---- C:\Program Files\LivePerson 2009-08-19 12:30:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-19 10:32:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2009-08-19 10:32:15 ----D---- C:\Program Files\Spyware Terminator 2009-08-19 10:32:15 ----D---- C:\Documents and Settings\Ben Jones\Application Data\Spyware Terminator 2009-08-19 10:28:31 ----D---- C:\WINDOWS\system32 2009-08-19 10:27:33 ----SD---- C:\WINDOWS\Tasks 2009-08-19 10:27:09 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-19 10:26:45 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-19 10:21:56 ----N---- C:\WINDOWS\system.ini 2009-08-19 10:21:56 ----D---- C:\WINDOWS 2009-08-19 10:17:14 ----SHD---- C:\WINDOWS\Installer 2009-08-19 10:17:13 ----RSD---- C:\WINDOWS\Fonts 2009-08-19 10:15:52 ----D---- C:\WINDOWS\AppPatch 2009-08-19 10:15:41 ----D---- C:\Program Files\Common Files 2009-08-18 15:08:48 ----RD---- C:\Program Files 2009-08-17 10:12:17 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-17 09:12:54 ----HD---- C:\$AVG8.VAULT$ 2009-08-14 15:21:26 ----SD---- C:\Documents and Settings\Ben Jones\Application Data\Microsoft 2009-08-13 17:23:25 ----D---- C:\WINDOWS\Debug 2009-08-13 11:40:11 ----HD---- C:\WINDOWS\inf 2009-08-13 11:23:02 ----D---- C:\WINDOWS\WinSxS 2009-08-12 20:21:13 ----A---- C:\WINDOWS\imsins.BAK 2009-08-12 20:20:46 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-12 20:20:19 ----D---- C:\Program Files\Outlook Express 2009-08-12 18:49:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-12 18:46:51 ----D---- C:\Program Files\Brother 2009-08-12 18:46:50 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-11 18:03:54 ----RASH---- C:\boot.ini 2009-08-11 18:03:54 ----A---- C:\WINDOWS\win.ini 2009-08-11 18:02:47 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-08-11 18:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-08 08:59:17 ----AC---- C:\WINDOWS\NeroDigital.ini 2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-03 14:20:55 ----D---- C:\UPS 2009-07-29 18:41:43 ----D---- C:\WINDOWS\system32\en-US 2009-07-29 18:41:43 ----D---- C:\Program Files\Internet Explorer 2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe 2009-07-21 11:21:28 ----D---- C:\Futura 3 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-24 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-18 108552] R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-03-12 351744] R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-10-20 15781] R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176] R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224] R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] R3 embflopy;Embroidery floppy Disk; C:\WINDOWS\system32\DRIVERS\embflopy.sys [2001-08-24 20027] R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 10144] R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 Nmea;Sprint Connection Manager - emulates the NMEA ports; C:\WINDOWS\system32\DRIVERS\pctnullport.sys [2008-07-07 38680] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 194048] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 SydexFDD;Sydex Floppy Driver; C:\WINDOWS\System32\Drivers\Sydexfdd.sys [2003-02-05 13359] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2006-10-16 194362] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856] S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-03-06 135424] S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552] S3 busbcrw;USB Card Reader Writer driver; C:\WINDOWS\System32\Drivers\busbcrw.sys [2006-10-27 18944] S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys [] S3 CBUSB;MARX CryptoTech LP; C:\WINDOWS\System32\drivers\CBUSB.sys [2009-04-01 45136] S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2003-11-11 336800] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-10-12 27072] S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS [] S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-07-07 24840] S3 swmx00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys [2008-07-07 149000] S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [2008-07-07 164480] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-17 907032] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-04 9150464] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-18 570880] R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchast.exe [] S2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe -run [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795] S3 SprintRcAppSvc;Sprint RcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [2008-07-07 111896] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-03 323584] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- and here is the second log: info.txt logfile of random's system information tool 1.06 2009-08-19 13:29:11 ======Uninstall list====== FUTURA CE-150 Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}\Futura3Setup.EXE" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B785F89C-FD1A-466F-9AF3-32A060A1099A}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\Setup.exe" -l0x9 -remove -s -f1"C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\setup.iss" -f2"C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\remove.log" -removeonly -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\Setup.exe" -l0x9 -remove -s -f1"C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\setup.iss" -f2"C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\remove.log" -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL CCC-->MsiExec.exe /I{95749C5B-BC37-41E3-8D39-EEF4C21A2825} Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u Dakota AlphaSizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27ED82E0-E3F4-11D5-8BE7-00A0C921EDB5}\Setup.exe" -uninst Dell Laser Printer 1110 Software Uninstall-->C:\Program Files\DELL\Dell Laser Printer 1110\Install\setup.exe /Uninstall Digitizer EX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{175A008A-BFE2-4123-9E9B-BB2CEB9F9878}\setup.exe" -l0x9 -removeonly DRAWings4-->MsiExec.exe /I{7C380283-0E9E-4144-A129-EC929C63AA80} FormsComponent-->MsiExec.exe /I{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8} FOSS-->MsiExec.exe /I{EA9629DA-5715-48BA-B054-28169702B176} Free Internet Window Washer-->C:\PROGRA~1\FREEIN~1\UNWISE.EXE C:\PROGRA~1\FREEIN~1\INSTALL.LOG Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" Guardian PC Security Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACB7D6F2-71A2-44A3-A703-550FA65679D9}\setup.exe" HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" hp deskjet 656c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 656c series hp instant support-->C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253} InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL Jasc Paint Shop Pro 9 GDI+ Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LivePerson-->C:\PROGRA~1\LIVEPE~1\UNWISE.EXE C:\PROGRA~1\LIVEPE~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MDSingleClickInstaller-->MsiExec.exe /I{F8508621-62C8-4D2F-96E3-944F40154E32} Melco Sizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98DD5A41-5C9A-4CBE-9AE3-C48FB5ADC681}\Setup.exe" -uninst Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} MSIChecker-->MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174} MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NA1Messenger-->MsiExec.exe /I{9376D1C4-434F-40C9-90AC-ED6F22D36F3A} NA1Messenger-->MsiExec.exe /I{D44E7219-947E-4F1B-830E-66EF11ACC543} Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NRF-->MsiExec.exe /I{68AF09E3-1167-4771-903C-CCCDCF7E171C} PE-DESIGN Lite_2 (C:\Program Files\Brother\PE-DESIGN Lite_2)-->C:\Program Files\InstallShield Installation Information\{22C465CE-CD91-4ECD-B92F-B2754ABE2618}\setup.exe -runfromtemp -l0x0009 -removeonly PE-DESIGN Lite-->C:\Program Files\InstallShield Installation Information\{CF0D524A-30A7-453F-AC03-C5DFD2F7B62C}\setup.exe -runfromtemp -l0x0009 -removeonly PolicyManager-->MsiExec.exe /I{56B59C2A-EFB8-44AC-88F5-3280171E4522} Reconciler-->MsiExec.exe /I{5AE59A84-B2F3-42CC-A246-5AF80F6EE770} ReportServer-->MsiExec.exe /I{33035862-543C-4405-9CC6-08593CF2C25F} Road Runner Medic 6.1-->"C:\Program Files\twc\medicsp2\unins000.exe" RRU-->MsiExec.exe /I{ED782024-4713-4DD6-85FA-B2B038DE4007} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C} Sprint SmartView-->MsiExec.exe /X{5121C4F9-BC62-4F47-B313-474A619E3813} Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe" SupportUtility-->MsiExec.exe /I{C30E30A6-0AB5-470A-AB67-D322938F5429} System-->MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B} Thread Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{551917CB-A1A5-447D-A0E5-7294A5249463}\Setup.exe" TrueMobile 1300 USB 2.0 WLAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9 -L0x9 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" UPS WorldShip-->C:\UPS\WSTD\Uninstall\Uninstall.exe UPSDB-->MsiExec.exe /I{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71} UPSICC-->MsiExec.exe /I{390160B4-D276-4A04-8002-8D3101A0D367} UPSlinkHTTP-->MsiExec.exe /I{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" WebHelp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5BD501-AD5D-4A75-9321-076509B438FC}\Setup.exe" -l0x9 -removeonly Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinFF 1.0.2-->"C:\Program Files\WinFF\unins000.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WorldShip-->MsiExec.exe /I{2A033A00-FE0D-4609-B0E8-2C49CC494FC8} ======Security center information====== AV: AVG Anti-Virus Free ======System event log====== Computer Name: BACK Event Code: 7000 Message: The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. Record Number: 6691 Source Name: Service Control Manager Time Written: 20090507181028.000000-240 Event Type: error User: Computer Name: BACK Event Code: 7023 Message: The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced. Record Number: 6666 Source Name: Service Control Manager Time Written: 20090507142340.000000-240 Event Type: error User: Computer Name: BACK Event Code: 7000 Message: The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. Record Number: 6665 Source Name: Service Control Manager Time Written: 20090507142340.000000-240 Event Type: error User: Computer Name: BACK Event Code: 19 Message: Sharing printer failed + 1722, Printer UPS Thermal share name UPS-Thermal-Back. Record Number: 6664 Source Name: Print Time Written: 20090507142338.000000-240 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: BACK Event Code: 1002 Message: The IP address lease 192.168.10.5 for the Network Card with network address 02045A7C89FB has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message). Record Number: 6661 Source Name: Dhcp Time Written: 20090507142329.000000-240 Event Type: error User: =====Application event log===== Computer Name: BACK Event Code: 19011 Message: Record Number: 449 Source Name: MSSQL$UPSWSDBSERVER Time Written: 20070608095420.000000-240 Event Type: warning User: Computer Name: BACK Event Code: 1015 Message: Failed to connect to server. Error: 0x800401F0 Record Number: 447 Source Name: MsiInstaller Time Written: 20070608095238.000000-240 Event Type: warning User: BACK\Ben Jones Computer Name: BACK Event Code: 11905 Message: Product: WorldShip -- Error 1905.Module C:\UPS\WSTD\wstdShipmentValidator.dll failed to unregister. HRESULT -2147220472. Contact your support personnel. Record Number: 437 Source Name: MsiInstaller Time Written: 20070608085038.000000-240 Event Type: error User: BACK\Ben Jones Computer Name: BACK Event Code: 11905 Message: Product: RRU -- Error 1905.Module C:\UPS\WSTD\RateEditBusService.dll failed to unregister. HRESULT -2147220472. Contact your support personnel. Record Number: 430 Source Name: MsiInstaller Time Written: 20070608084840.000000-240 Event Type: error User: BACK\Ben Jones Computer Name: BACK Event Code: 19011 Message: Record Number: 414 Source Name: MSSQL$UPSWSDBSERVER Time Written: 20070524030747.000000-240 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=000a "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Will post other info shortly.....
  5. sewez
    Seems to be ok, I have't had any redirects when using Google, which is good.....do you think I am CURED?
  6. sewez
    Here's all it gave: Searching 'C:\WINDOWS'... Finished!
  7. sewez
    here you go: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/19 12:40 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF67B0000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8ECE000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF4431000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\program files\liveperson\plog.txt Status: Size mismatch (API: 15908, Raw: 15725) Path: c:\windows\temp\hlktmp Status: Allocation size mismatch (API: 33570816, Raw: 0) SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e606 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e05a #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2dd3c #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2f652 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2de46 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2df30 #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7562 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7567 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e8cc #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e362 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7576 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7571 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d756c #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2dbba #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e814 #: 274 Function Name: NtWriteFile Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e494 ==EOF==
  8. sewez
    here is the log from MalwareBytes, which I actually ran before doing your fix and it is still returning no results for infections Malwarebytes' Anti-Malware 1.40 Database version: 2657 Windows 5.1.2600 Service Pack 3 8/19/2009 12:23:42 PM mbam-log-2009-08-19 (12-23-42).txt Scan type: Quick Scan Objects scanned: 19988 Time elapsed: 8 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. sewez
    First I want to say I really appreciate the super quick reply and the help you provide! Ok here is the log you requested, during the Combo-Fix run it asked me if I wanted to install "console" and since you did not mention that, I clicked "no" as I wanted to follow your directions to the letter as I am so scared of "messing" something up..... During the Combo-Fix run it asked me to write down the following file names as I may need them later and I thought I would share these with you too Files it asked me to write down: c:\windows\system32\drivers\skynetpeqrapul.sys c:\windows\system32\skynetptqfwbyf.dll c:\windows\system32\skynethmxtcvbu.dat c:\windows\system32\skynettwvdomge.dll c:\windows\system32\skynetxnsvttnm.dat and here is the log: ComboFix 09-08-18.04 - Ben Jones 08/19/2009 10:10.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.359 [GMT -4:00] Running from: c:\documents and settings\Ben Jones\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Fonts\ZWAdobeF.TTF c:\windows\Installer\7a7958.msi c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk c:\windows\system32\drivers\SKYNETpeqrapul.sys c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\SKYNEThmxtcvbu.dat c:\windows\system32\SKYNETptqfwbyf.dll c:\windows\system32\SKYNETtwvdomge.dll c:\windows\system32\SKYNETxnsvttnm.dat Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETrxewticv -------\Legacy_SKYNETrxewticv ((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 ))))))))))))))))))))))))))))))) . 2009-08-18 19:08 . 2009-08-18 19:08 -------- d-----w- c:\program files\Trend Micro 2009-08-17 13:36 . 2009-08-17 13:36 -------- d-----w- C:\_OTM 2009-08-17 13:18 . 2009-08-17 14:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-13 15:23 . 2009-08-17 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-12 22:48 . 2006-10-27 13:48 18944 ----a-r- c:\windows\system32\drivers\busbcrw.sys 2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\documents and settings\Ben Jones\Application Data\Malwarebytes 2009-08-11 20:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-11 20:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-21 15:32 . 2009-07-21 15:32 -------- d-----w- c:\program files\Common Files\Bcgsoft 2009-07-21 15:20 . 1999-05-25 19:14 113956 ----a-w- c:\windows\system32\eosih.dll 2009-07-21 15:20 . 1998-10-27 15:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-19 14:21 . 2008-06-20 15:10 -------- d-----w- c:\program files\LivePerson 2009-08-19 13:51 . 2008-08-18 17:04 -------- d-----w- c:\program files\Spyware Terminator 2009-08-19 13:38 . 2008-08-18 17:04 -------- d-----w- c:\documents and settings\Ben Jones\Application Data\Spyware Terminator 2009-08-18 14:25 . 2008-08-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-08-12 22:46 . 2008-08-27 18:06 -------- d-----w- c:\program files\Brother 2009-08-12 22:46 . 2006-02-07 22:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-11 22:02 . 2006-02-07 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-11 22:02 . 2006-02-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-05 09:01 . 2006-02-07 21:46 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2002-08-29 08:40 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 15:01 . 2008-08-18 17:27 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-13 14:08 . 2005-01-28 18:44 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-01 12:38 . 2007-08-15 22:17 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-06-29 16:12 . 2006-06-23 16:33 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-24 15:29 . 2008-08-18 17:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-24 15:29 . 2006-12-19 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2002-08-29 08:41 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2002-08-29 08:41 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2002-08-29 08:40 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2006-02-07 18:10 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2006-02-07 21:46 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-18 1783808] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440] c:\documents and settings\LocalService\Start Menu\Programs\Startup\ LivePerson.lnk - c:\program files\LivePerson\hc.exe [2008-6-20 5476352] c:\documents and settings\Ben Jones\Start Menu\Programs\Startup\ LivePerson.lnk - c:\program files\LivePerson\hc.exe [2008-6-20 5476352] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536] UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-24 15:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-05-25 19:22 63040 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LivePerson\\hc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/18/2008 1:27 PM 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/18/2008 1:27 PM 108552] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/18/2008 1:04 PM 141312] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/5/2009 11:11 AM 907032] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 11:11 AM 298776] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/14/2007 10:23 AM 46112] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [1/27/2009 1:54 PM 202280] R3 embflopy;Embroidery floppy Disk;c:\windows\system32\drivers\embflopy.sys [8/24/2001 3:16 PM 20027] R3 SydexFDD;Sydex Floppy Driver;c:\windows\system32\drivers\sydexfdd.sys [5/8/2009 4:08 PM 13359] S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [8/12/2009 6:48 PM 18944] S3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [4/1/2009 10:40 AM 45136] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C380283-0E9E-4144-A129-EC929C63AA80}] MSIEXEC /i {7C380283-0E9E-4144-A129-EC929C63AA80} REINSTALL="Advertised1" REINSTALLMODE=u SETDEFAULTS="1" /qn /quiet . Contents of the 'Scheduled Tasks' folder 2009-01-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4224078009.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56] . - - - - ORPHANS REMOVED - - - - SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: PfftSP.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-19 10:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\LMIinit.dll - - - - - - - > 'lsass.exe'(728) c:\windows\system32\PfftSP.dll - - - - - - - > 'explorer.exe'(2756) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\AVG\AVG8\avgnsx.exe c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-19 10:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-19 14:28 Pre-Run: 69,384,261,632 bytes free Post-Run: 69,414,363,136 bytes free 216 --- E O F --- 2009-08-13 00:21
  10. sewez
    Everytime I go to google and do a search, and then click one of the links it delivers, I keep getting redirected to other sites that have nothing to do with what I was searching for....I did a MalwareBytes scan and it says there are no infections.... Could someone please help, this is driving me bonkers..... Here is my Hijackthis lock and MalwareBytes log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:09:56 PM, on 8/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\twc\medicsp2\bin\sprtsvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files\LivePerson\hc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-19 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'LOCAL SERVICE') O4 - S-1-5-18 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'Default user') O4 - Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.fullcontrol.net/activex/AxisCamControl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 6268 bytes Malwarebytes' Anti-Malware 1.40 Database version: 2640 Windows 5.1.2600 Service Pack 3 8/18/2009 11:31:24 AM mbam-log-2009-08-18 (11-31-24).txt Scan type: Full Scan (C:\|) Objects scanned: 66396 Time elapsed: 1 hour(s), 5 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.