Jump to content

DrewStar

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

Reputation

0 Neutral
  1. DrewStar
    Here are my two logs:) Just FYI, when running malware bytes there were about 30 different trojans pop up on avira. I hit deny access to each one of them Malwarebytes' Anti-Malware 1.33 Database version: 1701 Windows 5.1.2600 Service Pack 1 1/28/2009 1:42:05 AM mbam-log-2009-01-28 (01-42-05).txt Scan type: Quick Scan Objects scanned: 50932 Time elapsed: 16 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:45:52, on 1/28/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AIM95\aim.exe C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-21-1202660629-879983540-725345543-1003\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User '?') O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4408 bytes Let me know what is the next step!
  2. DrewStar
    i did what you asked...during the scan the anti-virus picked up a couple more virus' here is the log: OTListIt logfile created on: 1/21/2009 4:18:49 PM - Run 2 OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 313.06 Mb Available Physical Memory | 61.21% Memory free 864.19 Mb Paging File | 704.86 Mb Available in Paging File | 81.56% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.33 Gb Total Space | 6.32 Gb Free Space | 16.48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDREW Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2004/11/11 18:53:03 | 00,016,448 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe [2001/12/18 08:24:00 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe [2004/09/13 14:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2001/08/18 07:00:00 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2002/06/12 14:27:38 | 02,315,264 | ---- | M] (MICRO-STAR INT'L CO., LTD) -- C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe [2009/01/21 16:12:45 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2009/01/21 16:12:45 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe ========== (O23) Win32 Services (SafeList) ========== [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running]) [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running]) [2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) File not found -- -- (DefWatch [Disabled | Stopped]) [2004/11/11 18:53:03 | 00,016,448 | ---- | M] (ewido networks) -- C:\Program Files\ewido\security suite\ewidoctrl.exe -- (ewido security suite control [Auto | Running]) [2003/09/10 18:11:46 | 00,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity [Disabled | Stopped]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2003/10/21 17:07:40 | 00,417,792 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [Disabled | Stopped]) [2001/02/23 09:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped]) File not found -- -- (Norton AntiVirus Server [On_Demand | Stopped]) [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2001/08/17 22:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk [Disabled | Stopped]) [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running]) [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) [2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) ========== Driver Services (SafeList) ========== [2003/10/09 12:15:12 | 00,068,672 | R--- | M] (2Wire, Inc.) -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP [On_Demand | Stopped]) [2002/08/02 17:10:44 | 00,659,228 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) [2002/08/29 03:05:08 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running]) [2002/08/29 00:59:12 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983 [On_Demand | Running]) [2008/05/09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd [system | Running]) [2008/01/21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys -- (avgntmgr [boot | Running]) [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running]) [2002/08/29 03:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running]) [2003/09/10 18:11:46 | 00,009,760 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2004/12/14 11:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) [2004/12/14 11:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) [2004/12/14 11:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) [2002/02/23 16:31:08 | 00,016,768 | R--- | M] (First International Digital, Inc.) -- C:\WINDOWS\system32\drivers\IR500.sys -- (IR500 [On_Demand | Stopped]) [2002/04/10 20:03:16 | 00,011,776 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\MRFilter.sys -- (MrFilter [boot | Running]) [2004/10/04 22:12:36 | 00,015,340 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (ndisrd [system | Running]) [2002/01/30 05:40:00 | 00,367,536 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation [Auto | Running]) [2002/02/06 12:34:00 | 00,011,984 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM [system | Running]) [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2001/10/23 05:11:00 | 00,015,648 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP [Auto | Running]) [2002/01/02 09:38:00 | 00,047,616 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS [On_Demand | Running]) [2001/10/23 05:13:00 | 00,011,760 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST [On_Demand | Running]) [2001/08/18 07:00:00 | 00,084,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running]) [2001/08/18 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running]) [2001/08/18 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running]) [2001/10/23 05:10:00 | 00,022,160 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP [On_Demand | Stopped]) [2001/10/23 04:58:00 | 00,040,560 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32 [Auto | Running]) [2001/10/23 05:12:00 | 00,021,120 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP [On_Demand | Running]) [2001/10/23 05:09:00 | 00,005,984 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS [On_Demand | Running]) [2002/04/15 09:55:28 | 00,043,212 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\FuzzyLogic4\Ntglm7x.sys -- (PCAlertDriver [On_Demand | Running]) [2002/01/16 15:51:18 | 00,018,560 | R--- | M] (Barom Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\PortRst.sys -- (PortRst [On_Demand | Stopped]) [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2001/08/17 13:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp [On_Demand | Stopped]) [2003/10/28 05:02:00 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2001/08/17 13:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX [On_Demand | Stopped]) [2001/10/23 05:04:00 | 00,029,229 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR [Auto | Running]) [2002/06/12 15:19:12 | 00,044,812 | ---- | M] (Vireo Software) -- C:\Program Files\MSI\FuzzyLogic4\RushTop.sys -- (RushTopDevice [On_Demand | Running]) [2005/12/25 17:35:37 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running]) [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) [2001/11/29 09:35:00 | 00,124,176 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC [Auto | Running]) [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running]) [2002/08/29 03:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped]) [2001/12/18 13:45:04 | 00,003,279 | ---- | M] (VIA Technologies. Inc.) -- C:\WINDOWS\system32\drivers\VIAPFD.SYS -- (VIAPFD [system | Running]) [2001/08/17 13:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem [boot | Running]) [2001/08/17 13:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom [boot | Running]) [2001/08/17 13:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\S-1-5-21-1202660629-879983540-725345543-1003\S-1-5-21-1202660629-879983540-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx () O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-1202660629-879983540-725345543-1003\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH) O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install () O4 - HKLM..\Run: [NWTRAY] NWTRAY.EXE (Novell, Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) O4 - HKCU..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl File not found O4 - HKU\S-1-5-21-1202660629-879983540-725345543-1003..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe (MICRO-STAR INT'L CO., LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-879983540-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1202660629-879983540-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1202660629-879983540-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/yinst/yinst_current.cab (YInstStarter Class) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab (Java Plug-in 1.4.0) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7878.4508680556 (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-win.cab (Java Plug-in 1.4.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - vnd.ms.radio - C:\WINDOWS\system32\msdxm.ocx () O20 - See sections below for AppInitDlls and Winlogon settings ========== HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "GinaDLL" = NWGINA.DLL >[2002/01/22 11:45:00 | 00,244,992 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwgina.dll ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] NavLogon: "DllName" = C:\WINDOWS\System32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll () ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" (HKLM) -- C:\Program Files\ewido\security suite\shellhook.dll () [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" (HKLM) -- C:\Program Files\Qualcomm\Eudora2\EuShlExt.dll (Qualcomm Inc.) ========== LSA *Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0,nwv1_0, >[2000/02/17 01:54:00 | 00,008,480 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwv1_0.dll ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Files/Folders - Created Within 30 Days ========== [6 C:\WINDOWS\*.tmp files] [2009/01/21 16:12:40 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2009/01/15 07:24:51 | 00,000,000 | ---D | C] -- C:\rsit [2009/01/15 07:24:02 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe [2009/01/14 16:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic [2009/01/14 16:47:04 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2009/01/14 16:46:55 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009/01/14 16:46:55 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009/01/14 16:46:54 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009/01/14 16:46:51 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009/01/14 16:46:45 | 00,000,000 | ---D | C] -- C:\Program Files\Avira [2009/01/14 16:46:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/01/14 16:04:50 | 22,058,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\antivir_workstation_winu_en_h.exe [2009/01/14 07:46:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/01/14 07:38:22 | 00,368,922 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr [2009/01/14 07:34:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009/01/14 07:09:52 | 02,914,743 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe [2009/01/14 07:06:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\varestorepolicies [2009/01/13 00:52:34 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cake Poker.lnk [2009/01/13 00:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Cake Poker [2009/01/13 00:51:02 | 14,321,744 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FullcakeSetup.1.0.118.exe [2009/01/12 07:37:07 | 00,028,168 | ---- | C] () -- C:\WINDOWS\SIGVERIF.zip [2009/01/12 01:43:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2009/01/12 01:42:32 | 02,428,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe [2009/01/12 01:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LspFix [2009/01/12 01:38:06 | 00,201,030 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lspfix.zip [2009/01/11 09:17:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SmitfraudFix [2009/01/10 19:41:23 | 00,016,884 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VirusVaultAVG1-10-09.csv [2009/01/10 19:26:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009/01/09 13:57:32 | 00,368,831 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com [2009/01/09 13:44:45 | 00,000,194 | ---- | C] () -- C:\Boot.bak [2009/01/09 13:44:42 | 00,245,920 | ---- | C] () -- C:\cmldr [2009/01/09 13:44:37 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/01/09 13:43:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/01/09 13:43:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/01/09 13:43:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/01/09 13:43:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/01/09 13:43:02 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2009/01/09 13:43:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/01/09 13:43:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/01/09 13:43:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2009/01/09 13:43:02 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/01/09 13:42:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/01/09 13:42:54 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/01/09 13:39:53 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VArestorepolicies.zip [2009/01/09 13:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\FixPolicies [2009/01/09 13:34:12 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2009/01/09 13:27:12 | 00,196,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fixacl.exe [2009/01/09 13:23:04 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/01/09 13:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/01/09 13:21:39 | 03,165,824 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup215.exe [2009/01/08 23:19:08 | 00,003,728 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yourname_gmer.zip [2009/01/08 07:50:05 | 00,000,000 | ---D | C] -- C:\is_en [2009/01/08 07:47:10 | 00,000,000 | ---D | C] -- C:\TempHold [2009/01/07 19:55:19 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2009/01/07 19:55:18 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll [2009/01/07 19:55:18 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe [2009/01/07 19:55:18 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2009/01/07 19:55:18 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd [2009/01/07 19:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2009/01/07 19:37:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/01/07 19:37:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/07 19:37:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/01/07 19:37:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/01/07 19:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Spyware Removal [2009/01/07 19:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro ========== Files - Modified Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009/01/21 16:17:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009/01/21 16:15:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/01/21 16:12:45 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe [2009/01/21 16:03:03 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2009/01/21 16:02:05 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/01/15 07:24:16 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe [2009/01/14 17:36:40 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk [2009/01/14 16:08:44 | 22,058,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\antivir_workstation_winu_en_h.exe [2009/01/14 07:38:24 | 00,368,922 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr [2009/01/14 07:29:38 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini [2009/01/14 07:27:44 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/01/14 07:10:21 | 02,914,743 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe [2009/01/14 07:02:05 | 00,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/01/13 00:52:34 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cake Poker.lnk [2009/01/13 00:52:11 | 14,321,744 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FullcakeSetup.1.0.118.exe [2009/01/12 07:37:07 | 00,028,168 | ---- | M] () -- C:\WINDOWS\SIGVERIF.zip [2009/01/12 01:43:13 | 02,428,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe [2009/01/12 01:38:16 | 00,201,030 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lspfix.zip [2009/01/10 19:41:23 | 00,016,884 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VirusVaultAVG1-10-09.csv [2009/01/10 08:45:35 | 00,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp [2009/01/10 08:45:34 | 00,048,680 | ---- | M] () -- C:\WINDOWS\winnt256.bmp [2009/01/10 08:45:34 | 00,048,680 | ---- | M] () -- C:\WINDOWS\winnt.bmp [2009/01/10 08:45:34 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009/01/10 08:45:34 | 00,000,036 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/01/10 08:45:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI [2009/01/10 08:45:33 | 00,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp [2009/01/10 08:45:33 | 00,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2009/01/10 08:45:33 | 00,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp [2009/01/10 08:45:33 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2009/01/10 08:45:33 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2009/01/10 08:45:33 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2009/01/10 08:45:32 | 00,000,525 | ---- | M] () -- C:\WINDOWS\QIII.INI [2009/01/10 08:45:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QuickInstall.INI [2009/01/10 08:45:31 | 00,000,059 | ---- | M] () -- C:\WINDOWS\pp.enc [2009/01/10 08:45:30 | 00,082,022 | ---- | M] () -- C:\WINDOWS\n_vfjwxf.dat [2009/01/10 08:45:30 | 00,082,022 | ---- | M] () -- C:\WINDOWS\n_tyxhbu.dat [2009/01/10 08:45:30 | 00,034,937 | ---- | M] () -- C:\WINDOWS\n_xcsotu.dat [2009/01/10 08:45:29 | 00,033,401 | ---- | M] () -- C:\WINDOWS\n_lmltrs.dat [2009/01/10 08:45:29 | 00,029,768 | ---- | M] () -- C:\WINDOWS\n_glohwz.dat [2009/01/10 08:45:28 | 00,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp [2009/01/10 08:45:28 | 00,004,226 | ---- | M] () -- C:\WINDOWS\mozver.dat [2009/01/10 08:45:28 | 00,000,011 | ---- | M] () -- C:\WINDOWS\NetWare.INI [2009/01/10 08:45:27 | 00,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi [2009/01/10 08:45:27 | 00,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp [2009/01/10 08:45:27 | 00,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp [2009/01/10 08:45:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2009/01/09 13:57:38 | 00,368,831 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com [2009/01/09 13:44:46 | 00,000,264 | RHS- | M] () -- C:\boot.ini [2009/01/09 13:39:51 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VArestorepolicies.zip [2009/01/09 13:34:12 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FixPolicies.exe [2009/01/09 13:27:15 | 00,196,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixacl.exe [2009/01/09 13:23:04 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/01/09 13:21:49 | 03,165,824 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup215.exe [2009/01/08 23:19:08 | 00,003,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yourname_gmer.zip [2009/01/08 22:59:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini [2009/01/07 19:55:18 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll [2009/01/07 19:55:18 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2009/01/07 19:55:18 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd [2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 84222 bytes -> %SystemRoot%\_default.pif:pwqlo @Alternate Data Stream - 7473 bytes -> %SystemRoot%\winnt256.bmp:njrtqj @Alternate Data Stream - 7473 bytes -> %SystemRoot%\Santa Fe Stucco.bmp:thmcis @Alternate Data Stream - 7473 bytes -> %SystemRoot%\ropht.txt:gqxgff @Alternate Data Stream - 7473 bytes -> %SystemRoot%\Q815021.log:ideoxc @Alternate Data Stream - 7473 bytes -> %SystemRoot%\n_drwoho.log:kmghoo @Alternate Data Stream - 7473 bytes -> %SystemRoot%\KB824146.log:zjwmrt @Alternate Data Stream - 7473 bytes -> %SystemRoot%\fxhqs.log:vienrp @Alternate Data Stream - 7473 bytes -> %SystemRoot%\bootstat.dat:kcjadn @Alternate Data Stream - 7473 bytes -> %SystemRoot%\_default.pif:tjygio @Alternate Data Stream - 7473 bytes -> %SystemRoot%\_default.pif:jbjptx @Alternate Data Stream - 7473 bytes -> %SystemRoot%\_default.pif:ejmzsy @Alternate Data Stream - 7423 bytes -> %SystemRoot%\Zapotec.bmp:fwshbe @Alternate Data Stream - 7423 bytes -> %SystemRoot%\KB825119.log:hhirgo @Alternate Data Stream - 7423 bytes -> %SystemRoot%\Directx.log:paugdy @Alternate Data Stream - 7423 bytes -> %SystemRoot%\_default.pif:sldwpe @Alternate Data Stream - 7423 bytes -> %SystemRoot%\_default.pif:nwvyho @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:xvkqur @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:vzccne @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:udmzps @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:ubxhpl @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:txyjud @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:trxsuq @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:trlueh @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:tiwlhg @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:tcymul @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:rwqorf @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:rmxolt @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:rieyml @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:qydrxz @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:plprol @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:ovymno @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:ofdsyc @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:nuodli @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:ntdfgj @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:nbbbcs @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:muolyk @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:lvnqui @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:lrbpfu @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:ktitrw @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:kbxlpi @Alternate Data Stream - 66560 bytes -> %SystemRoot%\_default.pif:jraqkx @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:yqxxoc @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:ypcudt @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:vyjeql @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:tyixuj @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:rctdmz @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:qrosip @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:qiwgfe @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:ocfdul @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:kxrrqr @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:kscoor @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:jpuprb @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:jauxsy @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:iqachm @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:idvqxq @Alternate Data Stream - 4870 bytes -> %SystemRoot%\_default.pif:ibkyyv @Alternate Data Stream - 4866 bytes -> %SystemRoot%\msdfmap.ini:mvrdln @Alternate Data Stream - 4866 bytes -> %SystemRoot%\_default.pif:tjagas @Alternate Data Stream - 4866 bytes -> %SystemRoot%\_default.pif:ipqwjh @Alternate Data Stream - 4866 bytes -> %SystemRoot%\_default.pif:ibvuyy @Alternate Data Stream - 4866 bytes -> %SystemRoot%\_default.pif:glmepy @Alternate Data Stream - 4866 bytes -> %SystemRoot%\_default.pif:dmaabp @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:zhttkb @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:yxlmdp @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:ylfjrj @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:ydyjpv @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:xkfemj @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:wmkfda @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:wlbhxa @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:vufyke @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:vtvqix @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:vsszez @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:vfbzom @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:vaiwih @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:sqiblr @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:samfng @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:rbyopm @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:qrhlqm @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:qquixv @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:nycjko @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:mztcot @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:mklucd @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:kvmiok @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:kmwcrh @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:ishxls @Alternate Data Stream - 3567 bytes -> %SystemRoot%\_default.pif:iigtho @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:zwwrui @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:zsstuo @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:yuyflx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:yngatr @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:yixnp @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:yasagw @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xwxfmx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xvmulu @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xvjfcu @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xsqloy @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xkclcx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:xfmery @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:wodxxd @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:vnrlfm @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:vjqzxg @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:vbcsbx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:uwccls @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:uquxul @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:uitzdn @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:txzhkp @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:txwfxj @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:tnbqcm @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:tdwpvx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:sytdk @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:swfqxi @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:svvodk @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:scgggg @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:rzpvan @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:rjqisu @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:qydrx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:qvxdlc @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:qjmwjh @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:qcnecq @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:pvwtau @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:pgwwmp @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:pcccju @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:ovgjnw @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:ofkfks @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nzaibz @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nrjart @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nklcmp @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nkjrxz @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nkgpfr @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:nghqfq @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:neivkh @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:mtjmcq @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:mrwyqa @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:mlciwv @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:mhbhjl @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:mbncsd @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:lzuuzh @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:lnqaci @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:lmffjx @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:kwafgt @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:kvtjvw @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:keyyiw @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:jyase @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:jiarev @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:jgifzv @Alternate Data Stream - 29256 bytes -> %SystemRoot%\_default.pif:jblblw @Alternate Data Stream - 21932 bytes -> %SystemRoot%\_default.pif:zafjvk @Alternate Data Stream - 21932 bytes -> %SystemRoot%\_default.pif:ihsblt @Alternate Data Stream - 13874 bytes -> %SystemRoot%\mitqw.log:crgosg @Alternate Data Stream - 124706 bytes -> %SystemRoot%\_default.pif:ukytk @Alternate Data Stream - 124706 bytes -> %SystemRoot%\_default.pif:meaua @Alternate Data Stream - 124706 bytes -> %SystemRoot%\_default.pif:ksqrv @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:zbjxsp @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:vkbqvw @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:vftkpn @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:vcvysi @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:ueltfd @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:tlhuhf @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:szhpim @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:rzbjyo @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:robcxr @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:rbqbrv @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:qppwfj @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:qgavjj @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:qbrswl @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:qacodn @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:pofrpw @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:pdcldg @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:mjuupo @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:lsyobn @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:kzfdmu @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:kssgud @Alternate Data Stream - 11736 bytes -> %SystemRoot%\_default.pif:keqhsz @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:zvmdvx @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:zifdxj @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:zhvnez @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:zabwiu @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:yywqxd @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ybvzzf @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:xvloyj @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:xufyrz @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:xitrof @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:xgmdhl @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:xbsxps @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:wuodkt @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:wqpiyt @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:whakqe @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:wesrqi @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:vtldcu @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:vknckg @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:vjukfr @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:veqqqf @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:uyhdzo @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:unuypm @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ujqldw @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ujbxkn @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ugjcpb @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ufollg @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:ubdxys @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:tycpff @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:tqetwp @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:tmfvaf @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:tkjdck @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:tarhag @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:swhaei @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:sdosgm @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:rvtnyy @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:rujetu @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:rnysfl @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:qiqljt @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:qherkv @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:qehadn @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:qdafvy @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:pxlrrp @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:pmgyy @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:oxsyyi @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:otjxpx @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:orhosd @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:nudixe @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:nhmut @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:nacnve @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:mbbrnv @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:kquifo @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:kqhphx @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:kjdwie @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jwjnxq @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jqujtn @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jktcjw @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jintgb @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jgwcdo @Alternate Data Stream - 11674 bytes -> %SystemRoot%\_default.pif:jegbie @Alternate Data Stream - 11336 bytes -> %SystemRoot%\_default.pif:vhpbby @Alternate Data Stream - 11336 bytes -> %SystemRoot%\_default.pif:stnahn @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:wxwghk @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:wlnte @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:wekzu @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:rasexi @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:qzigiw @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:oyhujn @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:olugm @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:ogijoo @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:lkrlky @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:lhiut @Alternate Data Stream - 0 bytes -> %SystemRoot%\_default.pif:jabtkh < End of report > As far as extras.txt goes, there is no copy of that on my pc! Thanks for your help, looking forward to getting this problem licked!
  3. DrewStar
    I've been extremely busy with work and will continue to be for a couple of days...i will run the fixes on tues. or wed. is my best estimate. Thanks for your help, I'll post back when i have some info.
  4. DrewStar
    Avira found some stuff when i ran it, a bunch of virus' although some of them were located in quaranteen files of other programs.... i tried to run the program that you gave me and i got an immediate error: "AutoIt Error Error: Incorrect number of parameteres in function call."
  5. DrewStar
    Ok ran avira...twice. Now i await your next instructions. Just a note, our computer is running much slower, than it was before we started this process. just a note, Andrew
  6. DrewStar
    Good news...with the ancient theory of "patience" i was able to get both accomplished..i got avira installed and also got avg 7 un-installed. i'm going to run the full scan now with avira.
  7. DrewStar
    Some more trouble: Since i couldn't remove avg, decided to run it...while i was running it, the avira installer popped up. So i thought it would be a good chance to install it...so that i did....it got to near the end and my computer restart all the sudden for some reason. When i came back i tried to run it and can't update: says, "Scheduler not loaded" Also I seem to be getting pop ups now:( THis sucks.... Please help, Andrew
  8. DrewStar
    I tried to uninstall AVG and the system just stalled out in the un-install screen. Then I tried to install Avira It loaded the first part, but when it got to setup.exe it just quit moving. When i ran the program again it would extract the files and say another instance of that is already running. What can i do to fix these 2 problems.
  9. DrewStar
    Here are the logs you requested...there is no avenger.txt on my system..i do however have a rapport.txt that was created...i dont know if you wanted that one or not.. let me know. Andrew ComboFix 09-01-10.01 - Owner 2009-01-14 7:12:58.2 - NTFSx86 Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\java2.sys c:\windows\system32\snjava.dll c:\windows\system32\msltus35.dll c:\windows\system32\msrdo20.dll c:\windows\system32\rdocurs.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))))) . 2009-01-13 00:52 . 2009-01-13 00:58 <DIR> d-------- c:\program files\Cake Poker 2009-01-12 07:37 . 2009-01-12 07:37 28,168 --a------ c:\windows\SIGVERIF.zip 2009-01-12 01:43 . 2009-01-12 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-01-10 19:26 . 2009-01-13 00:54 <DIR> d-------- c:\windows\LastGood 2009-01-09 13:23 . 2009-01-09 13:23 <DIR> d-------- c:\program files\CCleaner 2009-01-08 07:50 . 2009-01-08 07:51 <DIR> d-------- C:\is_en 2009-01-08 07:47 . 2009-01-08 07:47 <DIR> d-------- C:\TempHold 2009-01-07 19:55 . 2009-01-08 22:59 250 --a------ c:\windows\gmer.ini 2009-01-07 19:37 . 2009-01-07 19:37 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-07 19:37 . 2009-01-07 19:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-01-07 19:37 . 2009-01-07 19:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-07 19:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-07 19:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-07 19:34 . 2009-01-07 19:34 <DIR> d-------- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 11:45 --------- d-----w c:\program files\Aloha Poker 2009-01-14 11:44 --------- d-----w c:\program files\PokerHost 2009-01-14 11:43 --------- d-----w c:\program files\Poker-Spy 2009-01-14 11:39 --------- d-----w c:\program files\Common Files\Real 2009-01-14 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7 2009-01-14 01:22 --------- d-----w c:\program files\PokerStars 2009-01-14 01:09 --------- d-----w c:\program files\Warcraft III 2009-01-13 23:20 --------- d-----w c:\documents and settings\Owner\Application Data\Aim 2009-01-13 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7 2009-01-13 01:55 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7 2009-01-12 06:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-11 14:23 --------- d-----w c:\program files\Google 2009-01-11 00:28 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-09 14:22 26,944 ----a-w c:\windows\system32\drivers\avg7rsnt.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-09_13.55.32.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2000-04-01 09:35:06 414,272 ----a-w c:\windows\LastGood\System32\DivXc32.dll + 2000-04-01 09:35:44 414,272 ----a-w c:\windows\LastGood\System32\DivXc32f.dll - 2006-02-16 02:13:48 4,226 ----a-w c:\windows\mozver.dat + 2009-01-10 13:45:28 4,226 ----a-w c:\windows\mozver.dat - 2005-03-27 16:46:54 29,768 ----a-w c:\windows\n_glohwz.dat + 2009-01-10 13:45:29 29,768 ----a-w c:\windows\n_glohwz.dat - 2005-05-12 15:49:55 33,401 ----a-w c:\windows\n_lmltrs.dat + 2009-01-10 13:45:29 33,401 ----a-w c:\windows\n_lmltrs.dat - 2005-05-02 18:13:50 82,022 ----a-w c:\windows\n_tyxhbu.dat + 2009-01-10 13:45:30 82,022 ----a-w c:\windows\n_tyxhbu.dat - 2005-05-06 18:39:16 82,022 ----a-w c:\windows\n_vfjwxf.dat + 2009-01-10 13:45:30 82,022 ----a-w c:\windows\n_vfjwxf.dat - 2005-05-20 14:26:30 34,937 ----a-w c:\windows\n_xcsotu.dat + 2009-01-10 13:45:30 34,937 ----a-w c:\windows\n_xcsotu.dat - 2009-01-09 18:36:43 134,072 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-01-14 12:02:05 134,072 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe - 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-01-13 05:54:57 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2008-09-01 05:06:56 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-01-13 05:19:58 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM95\aim.exe" [2004-04-27 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-01-09 590848] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-11-04 77824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "NWTRAY"="NWTRAY.EXE" [2001-12-18 c:\windows\system32\nwtray.exe] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-01-09 219136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FuzzyLogic4.lnk - c:\program files\MSI\FuzzyLogic4\FuzzyLogic4.exe [2002-09-06 2315264] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora2\EuShlExt.dll" [2002-10-23 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv32"= c:\windows\System32\ir32_32.dll "vidc.iv31"= c:\windows\System32\ir32_32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DLHelperEXE.exe] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\DLHelperEXE.exe backup=c:\windows\pss\DLHelperEXE.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop] javaw -cp c:\program files\LimeShop\System\Code Main lp: [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2wSysTray] --------- 2003-10-09 12:23 442368 c:\program files\2Wire\Gateway\2portalmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2004-04-27 17:18 61440 c:\program files\AIM95\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2003-10-21 17:07 229376 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS] --a------ 2000-01-20 21:47 28672 c:\windows\system32\dpmw32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2003-11-04 00:20 77824 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2005-02-24 11:57 2506752 c:\program files\Yahoo!\Messenger\YPager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2002-08-02 18:00 46592 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SvcProc"=2 (0x2) "Spooler"=2 (0x2) "Schedule"=2 (0x2) "Pctspk"=2 (0x2) "Messenger"=2 (0x2) "MDM"=2 (0x2) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "ISEXEng"=2 (0x2) "iPodService"=3 (0x3) "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "GEARSecurity"=2 (0x2) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "Dnscache"=2 (0x2) "dmserver"=3 (0x3) "dmadmin"=3 (0x3) "DefWatch"=2 (0x2) "Alerter"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" R3 IR500;IR500;c:\windows\system32\DRIVERS\IR500.sys [2002-02-23 16768] R3 PortRst;PortRst;c:\windows\system32\DRIVERS\PortRst.sys [2002-01-16 18560] S0 MrFilter;EasyWrite Driver; [x] S1 Avg7RsNT;AVG7 Resident Driver NT;c:\windows\System32\Drivers\avg7rsnt.sys [2009-01-09 26944] S1 ndisrd;ndisrd; [x] S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\FuzzyLogic4\NTGLM7X.sys [2002-04-15 43212] --- Other Services/Drivers In Memory --- *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Avg7Alrt *Deregistered* - Avg7Core *Deregistered* - Avg7RsNT *Deregistered* - Avg7RsW *Deregistered* - Avg7UpdSvc *Deregistered* - AvgClean *Deregistered* - Beep *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - Dhcp *Deregistered* - ERSvc *Deregistered* - ewido security suite control *Deregistered* - Fips *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - KSecDD *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - ndisrd *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - NetwareWorkstation *Deregistered* - NICM *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - NWDHCP *Deregistered* - NWDNS *Deregistered* - NWHOST *Deregistered* - NwlnkIpx *Deregistered* - NwlnkNb *Deregistered* - NwlnkSpx *Deregistered* - NWSIPX32 *Deregistered* - NWSLP *Deregistered* - NWSNS *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PCAlertDriver *Deregistered* - Pml Driver HPZ12 *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RESMGR *Deregistered* - RpcSs *Deregistered* - RushTopDevice *Deregistered* - SamSs *Deregistered* - Secdrv *Deregistered* - seclogon *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - SRVLOC *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UMWdf *Deregistered* - Update *Deregistered* - uploadmgr *Deregistered* - VgaSave *Deregistered* - VIAPFD *Deregistered* - Vmodem *Deregistered* - VolSnap *Deregistered* - Vpctcom *Deregistered* - Vvoice *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - WMDM PMSP Service *Deregistered* - wuauserv *Deregistered* - WZCSVC . Contents of the 'Scheduled Tasks' folder 2005-03-24 c:\windows\Tasks\Internet Spades.job - c:\progra~1\MSNGAM~1\Windows\shvlzm.exe [2001-08-18 07:00] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fxdyqro4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxP://www.hotmail.com FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPJPI140.dll FF - plugin: c:\program files\Java\j2re1.4.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 07:29:36 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\_default.pif:abvbee 11674 bytes executable c:\windows\_default.pif:acdkbn 11674 bytes executable c:\windows\_default.pif:amilzc 11674 bytes executable c:\windows\_default.pif:aulbjz 11674 bytes executable c:\windows\_default.pif:belavz 11674 bytes executable c:\windows\_default.pif:cbzhla 11674 bytes executable c:\windows\_default.pif:ciiujc 11674 bytes executable c:\windows\_default.pif:cjggam 11674 bytes executable c:\windows\_default.pif:cssxas 11674 bytes executable c:\windows\_default.pif:ctjwp 11674 bytes executable c:\windows\_default.pif:cwapyi 11674 bytes executable c:\windows\_default.pif:cwgelf 11674 bytes executable c:\windows\_default.pif:djyudv 11674 bytes executable c:\windows\_default.pif:dnzydk 11674 bytes executable c:\windows\_default.pif:dvlrvt 11674 bytes executable c:\windows\_default.pif:ekrye 11674 bytes executable c:\windows\_default.pif:enldqu 11674 bytes executable c:\windows\_default.pif:euraak 11674 bytes executable c:\windows\_default.pif:evtojs 11674 bytes executable c:\windows\_default.pif:exrji 124706 bytes executable c:\windows\_default.pif:febzpo 11674 bytes executable c:\windows\_default.pif:fgzcp 124706 bytes executable c:\windows\_default.pif:fqqyr 124706 bytes executable c:\windows\_default.pif:frjyin 11674 bytes executable c:\windows\_default.pif:frnecm 11674 bytes executable c:\windows\_default.pif:frxguo 11674 bytes executable c:\windows\_default.pif:fuonzp 11674 bytes executable c:\windows\_default.pif:fvfasv 11674 bytes executable c:\windows\_default.pif:gqxivf 11674 bytes executable c:\windows\_default.pif:gtnarm 11674 bytes executable c:\windows\_default.pif:gwdeaf 11674 bytes executable c:\windows\_default.pif:gzzvet 11674 bytes executable c:\windows\_default.pif:hakhed 11674 bytes executable c:\windows\_default.pif:hwouxy 11674 bytes executable c:\windows\_default.pif:ietlxj 29256 bytes executable c:\windows\_default.pif:iipweg 29256 bytes executable c:\windows\_default.pif:iroslv 11674 bytes executable c:\windows\_default.pif:ittohv 66560 bytes executable c:\windows\_default.pif:iwzwjk 11674 bytes executable c:\windows\_default.pif:jblblw 29256 bytes executable c:\windows\_default.pif:jegbie 11674 bytes executable c:\windows\_default.pif:jgifzv 29256 bytes executable c:\windows\_default.pif:jgwcdo 11674 bytes executable c:\windows\_default.pif:jiarev 29256 bytes executable c:\windows\_default.pif:jintgb 11674 bytes executable c:\windows\_default.pif:jktcjw 11674 bytes executable c:\windows\_default.pif:jqujtn 11674 bytes executable c:\windows\_default.pif:jraqkx 66560 bytes executable c:\windows\_default.pif:jwjnxq 11674 bytes executable c:\windows\_default.pif:jyase 29256 bytes executable c:\windows\_default.pif:kbxlpi 66560 bytes executable c:\windows\_default.pif:keyyiw 29256 bytes executable c:\windows\_default.pif:kjdwie 11674 bytes executable c:\windows\_default.pif:kqhphx 11674 bytes executable c:\windows\_default.pif:kquifo 11674 bytes executable c:\windows\_default.pif:ksqrv 124706 bytes executable c:\windows\_default.pif:ktitrw 66560 bytes executable c:\windows\_default.pif:kvtjvw 29256 bytes executable c:\windows\_default.pif:kwafgt 29256 bytes executable c:\windows\_default.pif:lmffjx 29256 bytes executable c:\windows\_default.pif:lnqaci 29256 bytes executable c:\windows\_default.pif:lrbpfu 66560 bytes executable c:\windows\_default.pif:lvnqui 66560 bytes executable c:\windows\_default.pif:lzuuzh 29256 bytes executable c:\windows\_default.pif:mbbrnv 11674 bytes executable c:\windows\_default.pif:mbncsd 29256 bytes executable c:\windows\_default.pif:meaua 124706 bytes executable c:\windows\_default.pif:mhbhjl 29256 bytes executable c:\windows\_default.pif:mlciwv 29256 bytes executable c:\windows\_default.pif:mrwyqa 29256 bytes executable c:\windows\_default.pif:mtjmcq 29256 bytes executable c:\windows\_default.pif:muolyk 66560 bytes executable c:\windows\_default.pif:nacnve 11674 bytes executable c:\windows\_default.pif:nbbbcs 66560 bytes executable c:\windows\_default.pif:neivkh 29256 bytes executable c:\windows\_default.pif:nghqfq 29256 bytes executable c:\windows\_default.pif:nhmut 11674 bytes executable c:\windows\_default.pif:nkgpfr 29256 bytes executable c:\windows\_default.pif:nkjrxz 29256 bytes executable c:\windows\_default.pif:nklcmp 29256 bytes executable c:\windows\_default.pif:nrjart 29256 bytes executable c:\windows\_default.pif:ntdfgj 66560 bytes executable c:\windows\_default.pif:nudixe 11674 bytes executable c:\windows\_default.pif:nuodli 66560 bytes executable c:\windows\_default.pif:nzaibz 29256 bytes executable c:\windows\_default.pif:ofdsyc 66560 bytes executable c:\windows\_default.pif:ofkfks 29256 bytes executable c:\windows\_default.pif:orhosd 11674 bytes executable c:\windows\_default.pif:otjxpx 11674 bytes executable c:\windows\_default.pif:ovgjnw 29256 bytes executable c:\windows\_default.pif:ovymno 66560 bytes executable c:\windows\_default.pif:oxsyyi 11674 bytes executable c:\windows\_default.pif:pcccju 29256 bytes executable c:\windows\_default.pif:pgwwmp 29256 bytes executable c:\windows\_default.pif:plprol 66560 bytes executable c:\windows\_default.pif:pmgyy 11674 bytes executable c:\windows\_default.pif:pvwtau 29256 bytes executable c:\windows\_default.pif:pwqlo 84222 bytes executable c:\windows\_default.pif:pxlrrp 11674 bytes executable c:\windows\_default.pif:qcnecq 29256 bytes executable c:\windows\_default.pif:qdafvy 11674 bytes executable c:\windows\_default.pif:qehadn 11674 bytes executable c:\windows\_default.pif:qherkv 11674 bytes executable c:\windows\_default.pif:qiqljt 11674 bytes executable c:\windows\_default.pif:qjmwjh 29256 bytes executable c:\windows\_default.pif:qvxdlc 29256 bytes executable c:\windows\_default.pif:qydrx 29256 bytes executable c:\windows\_default.pif:qydrxz 66560 bytes executable c:\windows\_default.pif:rieyml 66560 bytes executable c:\windows\_default.pif:rjqisu 29256 bytes executable c:\windows\_default.pif:rmxolt 66560 bytes executable c:\windows\_default.pif:rnysfl 11674 bytes executable c:\windows\_default.pif:rujetu 11674 bytes executable c:\windows\_default.pif:rvtnyy 11674 bytes executable c:\windows\_default.pif:rwqorf 66560 bytes executable c:\windows\_default.pif:rzpvan 29256 bytes executable c:\windows\_default.pif:scgggg 29256 bytes executable c:\windows\_default.pif:sdosgm 11674 bytes executable c:\windows\_default.pif:stnahn 11336 bytes executable c:\windows\_default.pif:svvodk 29256 bytes executable c:\windows\_default.pif:swfqxi 29256 bytes executable c:\windows\_default.pif:swhaei 11674 bytes executable c:\windows\_default.pif:sytdk 29256 bytes executable c:\windows\_default.pif:tarhag 11674 bytes executable c:\windows\_default.pif:tcymul 66560 bytes executable c:\windows\_default.pif:tdwpvx 29256 bytes executable c:\windows\_default.pif:tiwlhg 66560 bytes executable c:\windows\_default.pif:tkjdck 11674 bytes executable c:\windows\_default.pif:tmfvaf 11674 bytes executable c:\windows\_default.pif:tnbqcm 29256 bytes executable c:\windows\_default.pif:tqetwp 11674 bytes executable c:\windows\_default.pif:trlueh 66560 bytes executable c:\windows\_default.pif:trxsuq 66560 bytes executable c:\windows\_default.pif:txwfxj 29256 bytes executable c:\windows\_default.pif:txyjud 66560 bytes executable c:\windows\_default.pif:txzhkp 29256 bytes executable c:\windows\_default.pif:tycpff 11674 bytes executable c:\windows\_default.pif:ubdxys 11674 bytes executable c:\windows\_default.pif:ubxhpl 66560 bytes executable c:\windows\_default.pif:udmzps 66560 bytes executable c:\windows\_default.pif:ufollg 11674 bytes executable c:\windows\_default.pif:ugjcpb 11674 bytes executable c:\windows\_default.pif:uitzdn 29256 bytes executable c:\windows\_default.pif:ujbxkn 11674 bytes executable c:\windows\_default.pif:ujqldw 11674 bytes executable c:\windows\_default.pif:ukytk 124706 bytes executable c:\windows\_default.pif:unuypm 11674 bytes executable c:\windows\_default.pif:uquxul 29256 bytes executable c:\windows\_default.pif:uwccls 29256 bytes executable c:\windows\_default.pif:uyhdzo 11674 bytes executable c:\windows\_default.pif:vbcsbx 29256 bytes executable c:\windows\_default.pif:veqqqf 11674 bytes executable c:\windows\_default.pif:vhpbby 11336 bytes executable c:\windows\_default.pif:vjqzxg 29256 bytes executable c:\windows\_default.pif:vjukfr 11674 bytes executable c:\windows\_default.pif:vknckg 11674 bytes executable c:\windows\_default.pif:vnrlfm 29256 bytes executable c:\windows\_default.pif:vtldcu 11674 bytes executable c:\windows\_default.pif:vzccne 66560 bytes executable c:\windows\_default.pif:wesrqi 11674 bytes executable c:\windows\_default.pif:whakqe 11674 bytes executable c:\windows\_default.pif:wodxxd 29256 bytes executable c:\windows\_default.pif:wqpiyt 11674 bytes executable c:\windows\_default.pif:wuodkt 11674 bytes executable c:\windows\_default.pif:xbsxps 11674 bytes executable c:\windows\_default.pif:xfmery 29256 bytes executable c:\windows\_default.pif:xgmdhl 11674 bytes executable c:\windows\_default.pif:xitrof 11674 bytes executable c:\windows\_default.pif:xkclcx 29256 bytes executable c:\windows\_default.pif:xsqloy 29256 bytes executable c:\windows\_default.pif:xufyrz 11674 bytes executable c:\windows\_default.pif:xvjfcu 29256 bytes executable c:\windows\_default.pif:xvkqur 66560 bytes executable c:\windows\_default.pif:xvloyj 11674 bytes executable c:\windows\_default.pif:xvmulu 29256 bytes executable c:\windows\_default.pif:xwxfmx 29256 bytes executable c:\windows\_default.pif:yasagw 29256 bytes executable c:\windows\_default.pif:ybvzzf 11674 bytes executable c:\windows\_default.pif:yixnp 29256 bytes executable c:\windows\_default.pif:yngatr 29256 bytes executable c:\windows\_default.pif:yuyflx 29256 bytes executable c:\windows\_default.pif:yywqxd 11674 bytes executable c:\windows\_default.pif:zabwiu 11674 bytes executable c:\windows\_default.pif:zhvnez 11674 bytes executable c:\windows\_default.pif:zifdxj 11674 bytes executable c:\windows\_default.pif:zsstuo 29256 bytes executable c:\windows\_default.pif:zvmdvx 11674 bytes executable c:\windows\_default.pif:zwwrui 29256 bytes executable scan completed successfully hidden files: 188 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(372) c:\windows\System32\ODBC32.dll c:\windows\System32\NavLogon.dll - - - - - - - > 'lsass.exe'(428) c:\windows\System32\dssenh.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\program files\ewido\security suite\ewidoctrl.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-01-14 7:34:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-14 12:33:59 ComboFix2.txt 2009-01-09 18:56:11 Pre-Run: 7,161,462,784 bytes free Post-Run: 7,151,419,392 bytes free 514 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:42:31, on 1/14/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe C:\WINDOWS\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-21-1202660629-879983540-725345543-1003\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4267 bytes DDS.txt Attach.txt DDS.txt Attach.txt
  10. DrewStar
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:43:21, on 1/13/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\AIM95\aim.exe C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-21-1202660629-879983540-725345543-1003\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4152 bytes
  11. DrewStar
    OK here is the log: SmitFraudFix v2.388 Scan done at 7:48:10.84, Tue 01/13/2009 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode
  12. DrewStar
    Ok: 1. Ran Anti-virus(after updating it)...found no virus' 2. Updated MalwareBytes and ran it...Log Posted below. 3. Restarted PC and ran HJT...log posted below. Let me know how it looks...thanks. Malwarebytes' Anti-Malware 1.32 Database version: 1647 Windows 5.1.2600 Service Pack 1 1/12/2009 10:19:58 PM mbam-log-2009-01-12 (22-19-58).txt Scan type: Quick Scan Objects scanned: 51951 Time elapsed: 17 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:10, on 1/12/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\AIM95\aim.exe C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-21-1202660629-879983540-725345543-1003\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 4005 bytes Let me know what the next step is if there is any to becoming fully clean! Thanks, Andrew
  13. DrewStar
    ok here is where its located. http://www.malwarebytes.org/forums/index.php?showtopic=9714 Please let me know if i am clean yet. Thanks, Andrew
  14. DrewStar
    Problem....The file was too large to upload:( What to do now.
  15. DrewStar
    Ok a couple of notes....first of all I couldn't locate the folder for limeshop....i went to the location you had suggested and nothing was there. Second: O10 on HJT log will not delete.....not sure exactly why but it gives me message on how to del. it when i click fix checked. finally i went to the link you sent me to remove the old norton but i don't know which version of norton i have so i wasn't sure which to download..if you coudl help me with this it would be appreciated. I ran all the other stuff you told me to run, and here is my log... Malwarebytes' Anti-Malware 1.32 Database version: 1643 Windows 5.1.2600 Service Pack 1 1/11/2009 9:47:11 AM mbam-log-2009-01-11 (09-47-11).txt Scan type: Quick Scan Objects scanned: 51831 Time elapsed: 6 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:52:58, on 1/11/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\AIM95\aim.exe C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKUS\S-1-5-21-1202660629-879983540-725345543-1003\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: FuzzyLogic4.lnk = C:\Program Files\MSI\FuzzyLogic4\FuzzyLogic4.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 3936 bytes I know we are closing in on being clean so let me know the final steps on how to get my pc back to clean status. once again many thanks for your great help, and i look forward to hearing from you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.