Jump to content

malware removal

4ks

By 4ks
in Resolved Malware Removal Logs

 Share

Recommended Posts

4ks

4ks

Posted
Posted

I downloaded MBAM but it doesn't run, nor does spy bot. I get the following message: "Windows cannot access the specified device path or file. You may not have the appropriate permissions to accecc the item." I've read what others have done and I also read that you prefer a new topic for each user with a problem. This is my topic. Please help.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

ComboFix 09-09-25.01 - Keri 09/26/2009 22:04.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.666 [GMT -5:00]

Running from: c:\documents and settings\Keri\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\PAV

c:\documents and settings\Kole\Application Data\alot

c:\documents and settings\Kurt\Application Data\alot

c:\program files\PAV

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\Installer\3ed3dd1a.msp

c:\windows\Installer\4c46efdc.msp

c:\windows\Installer\4c46efee.msp

c:\windows\Installer\58071d.msi

c:\windows\Installer\7f0a7.msp

c:\windows\Installer\a316dbf.msi

c:\windows\Installer\a316dc5.msi

c:\windows\Installer\cb28448.msi

c:\windows\syssvc.exe

c:\windows\system32\Data

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PASSWORD

-------\Legacy_TDSSSERV.SYS

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))

.

2009-09-27 02:12 . 2009-09-27 02:12 -------- d-----w- c:\program files\Uniblue

2009-09-26 23:49 . 2009-09-10 19:54 269648 ----a-w- c:\program files\mbamservice.exe

2009-09-26 23:49 . 2009-09-10 19:54 420176 ----a-w- c:\program files\mbamgui.exe

2009-09-26 23:49 . 2009-09-10 19:54 79696 ----a-w- c:\program files\zlib.dll

2009-09-26 23:49 . 2009-09-10 19:54 46416 ----a-w- c:\program files\ssubtmr6.dll

2009-09-26 23:49 . 2009-09-10 19:53 70992 ----a-w- c:\program files\mbamext.dll

2009-09-26 23:49 . 2009-09-10 19:53 1312080 ----a-w- c:\program files\mbam.exe

2009-09-26 23:49 . 2009-09-26 23:55 -------- d-----w- c:\program files\Languages

2009-09-26 23:49 . 2009-09-26 23:55 16317 ----a-w- c:\program files\unins000.dat

2009-09-26 23:49 . 2009-09-26 23:54 699216 ----a-w- c:\program files\unins000.exe

2009-09-26 23:49 . 2009-09-10 19:53 163664 ----a-w- c:\program files\mbam.dll

2009-09-26 23:31 . 2009-09-26 23:32 -------- d-----w- c:\program files\ERUNT

2009-09-26 22:42 . 2009-09-26 22:38 812344 ----a-w- c:\program files\HJTInstall.exe

2009-09-26 21:47 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-26 21:47 . 2009-09-26 22:35 -------- d-----w- c:\program files\antikeri

2009-09-26 21:47 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-26 21:17 . 2009-09-26 21:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-26 05:49 . 2009-09-26 05:53 -------- d-----w- c:\program files\trend micro

2009-09-26 05:49 . 2009-09-26 05:49 -------- d-----w- C:\rsit

2009-09-26 04:26 . 2009-09-26 04:26 -------- d-----w- c:\documents and settings\Keri\Application Data\SUPERAntiSpyware.com

2009-09-26 00:57 . 2009-09-26 00:57 -------- d-----w- C:\AVGTemp

2009-09-24 16:44 . 2009-09-24 16:44 -------- d-----w- c:\documents and settings\Keri\Application Data\AVG8

2009-09-23 03:58 . 2009-09-23 04:00 -------- d-----w- c:\documents and settings\Keri\Local Settings\Application Data\Temp

2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-09-22 17:22 . 2009-09-22 17:22 -------- d-----w- c:\documents and settings\Keri\Local Settings\Application Data\Real

2009-09-22 17:14 . 2009-09-22 17:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-09-22 17:00 . 2009-09-26 21:42 0 ----a-r- c:\windows\win32k.sys

2009-09-17 03:07 . 2009-09-18 17:01 -------- d-----w- c:\program files\beftta

2009-09-17 03:06 . 2009-09-22 17:03 -------- d-----w- c:\program files\xrljel

2009-09-11 03:13 . 2009-09-11 03:13 -------- d-sh--w- c:\documents and settings\Keri\IECompatCache

2009-09-09 20:50 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 02:12 . 2009-01-30 02:48 -------- d-----w- c:\documents and settings\Keri\Application Data\Uniblue

2009-09-26 23:55 . 2009-09-26 23:49 10498 ----a-w- c:\program files\unins000.msg

2009-09-26 21:47 . 2009-01-29 23:59 -------- d-----w- c:\documents and settings\Keri\Application Data\Malwarebytes

2009-09-26 21:47 . 2009-01-28 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-26 21:29 . 2009-01-29 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-26 06:02 . 2008-12-03 01:46 0 ----a-w- c:\documents and settings\Kole\Local Settings\Application Data\prvlcl.dat

2009-09-26 05:27 . 2009-01-28 04:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-26 04:52 . 2005-06-27 20:42 -------- d-----w- c:\program files\Common Files\Real

2009-09-26 04:45 . 2005-06-27 20:45 -------- d-----w- c:\program files\Google

2009-09-26 02:49 . 2008-11-09 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-26 02:47 . 2007-07-29 23:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-22 17:20 . 2006-07-11 23:35 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-09-10 19:54 . 2009-09-26 23:49 496976 ----a-w- c:\program files\vbalsgrid6.ocx

2009-09-10 19:37 . 2009-09-26 23:49 16400 ----a-w- c:\program files\changes.rtf

2009-09-09 22:20 . 2009-07-09 03:25 -------- d-----w- c:\program files\Common Files\Apple

2009-08-27 03:19 . 2005-10-05 19:38 -------- d-----w- c:\documents and settings\Keri\Application Data\OpenOffice.org2

2009-08-27 03:19 . 2009-08-27 03:19 1687 ----a-w- c:\program files\Transaction.csv

2009-08-19 13:19 . 2009-02-02 19:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 13:19 . 2009-02-02 19:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-19 13:19 . 2009-02-02 19:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-07 03:51 . 2009-08-07 03:51 -------- d-----w- c:\program files\TomTom International B.V

2009-08-07 03:50 . 2009-01-10 15:18 -------- d-----w- c:\program files\TomTom HOME 2

2009-08-05 09:01 . 2002-09-03 16:46 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-30 20:27 . 2009-09-26 23:49 59015 ----a-w- c:\program files\mbam.chm

2009-07-17 19:01 . 2002-09-03 16:27 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-07 03:52 . 2009-06-27 21:04 117443 ----a-w- c:\windows\hpoins11.dat

2009-07-03 17:09 . 2005-02-18 21:19 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-06 15:26 . 2009-06-06 15:26 42567136 ----a-w- c:\program files\93.71_forceware_winxp2k_english_whql.exe

2009-05-19 03:38 . 2009-05-19 03:38 295392 ----a-w- c:\program files\att june.xls

2009-05-19 03:34 . 2009-05-19 03:33 251788 ----a-w- c:\program files\att may.xls

2009-05-19 03:27 . 2009-05-19 03:27 209482 ----a-w- c:\program files\att april.xls

2009-03-09 23:58 . 2009-03-09 23:57 62270256 ----a-w- c:\program files\avg_free_stf_en_85_278a1439.exe

2009-02-16 21:50 . 2009-02-16 21:50 117583 ----a-w- c:\program files\hsa 2008.xps

2009-02-12 17:06 . 2009-02-12 17:06 28868320 ----a-w- c:\program files\FileFormatConverters.exe

2009-01-22 05:00 . 2009-01-22 03:27 54157776 ----a-w- c:\program files\avg_free_stf_en_8_176a1400.exe

2009-01-17 23:35 . 2009-01-17 23:35 210421 ----a-w- c:\program files\200801.xps

2009-01-17 23:25 . 2009-01-17 23:25 209194 ----a-w- c:\program files\2008.xps

2009-01-05 00:31 . 2009-09-26 23:49 4124 ----a-w- c:\program files\license.txt

2008-11-09 17:40 . 2008-11-09 17:40 50689960 ----a-w- c:\program files\avg_free_stf_en_8_173a1373.exe

2008-08-29 02:19 . 2008-08-29 02:04 94205580 ----a-w- c:\program files\PhoneTool.zip

2007-08-02 04:16 . 2007-08-02 04:16 1297952 ----a-w- c:\program files\office2003-kb834691-client-enu.exe

2007-07-13 01:18 . 2007-07-13 00:13 92672 ----a-w- c:\program files\kidcam.xls[1]

2007-07-13 01:18 . 2007-07-13 01:04 96256 ----a-w- c:\program files\kidcam1.xls

2007-06-04 10:14 . 2007-06-04 10:13 7036008 ----a-w- c:\program files\yahoo_alohasolitaire_tm5-3.exe

2007-05-30 12:33 . 2007-05-30 12:33 4061616 ----a-w- c:\program files\LEO_Setup.EXE

2006-11-30 15:05 . 2006-11-30 15:05 217 ----a-w- c:\program files\setup.ini

2006-03-16 11:57 . 2006-03-16 11:45 508240 ----a-w- c:\program files\ie6setupOe.exe

2005-12-02 15:14 . 2005-12-02 15:13 9079232 ----a-w- c:\program files\yahoo_gemshop_tm5-3.exe

2005-11-25 20:57 . 2005-11-25 20:56 3406800 ----a-w- c:\program files\pcshowbuzz10.exe

2005-10-12 01:16 . 2005-10-12 01:15 381480 ----a-w- c:\program files\msgr7us.exe

2005-10-07 15:57 . 2005-10-07 15:57 851808 ----a-w- c:\program files\Windows-KB890830-V1.8-ENU.exe

2002-07-26 22:02 . 2009-06-05 05:53 153088 ----a-w- c:\program files\UNWISE.EXE

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-14 16384]

"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster 2009\launcher.exe" [2009-09-16 59184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]

"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]

"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-19 2007832]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"PCLEUSBTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]

"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 196608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]

"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-10-15 03:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 13:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/2/2009 2:07 PM 335240]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/2/2009 2:07 PM 297752]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/7/2009 9:31 AM 92008]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2009 7:06 PM 108552]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/28/2008 10:34 PM 42112]

S4 ZASVAIEK;ZASVAIEK;\??\c:\windows\system32\zasvaiek.oag --> c:\windows\system32\zasvaiek.oag [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Trusted Zone: avg.com\www

Trusted Zone: grisoft.com\www

Trusted Zone: microsoft.com\windowsupdate

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

ShellExecuteHooks-{7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - (no file)

AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe

AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-26 22:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???F???????????????E?@?Disc Detector?A????? ?A?? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?? ??????~?B~??????????@?B?????????????????B??????????????????????????P??????r?B

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZASVAIEK]

"ImagePath"="\??\c:\windows\system32\zasvaiek.oag"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,17,05,30,37,5b,

94,ca,17,e2,63,26,f1,3f,c8,ff,68,1a,1a,63,72,e5,85,d5,45,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}\InprocServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\wincontrol.dll"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,6b,f5,ab,32,2e,

ed,7e,0a,6a,9c,d6,61,af,45,84,18,4d,fe,81,16,ca,da,44,52,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f9,d9,91,73,40,

bd,38,23,ff,7c,85,e0,43,d4,0e,fe,8c,c1,f3,a7,4e,dc,fa,d1,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}\InprocServer32]

@DACL=(02 0000)

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,80,1a,58,a7,af,

be,be,f4,86,8c,21,01,be,91,eb,e7,a1,18,dc,39,15,ed,13,98,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,0e,32,6b,17,0f,

81,7c,23,f5,1d,4d,73,a8,13,5c,05,95,e5,f4,6b,37,a4,ad,59,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ad,c5,13,a1,1e,

6b,9c,80,df,20,58,62,78,6b,cf,c8,42,40,11,65,5b,bb,0e,54,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3c,8d,9e,44,ba,

e2,98,6a,fb,a7,78,e6,12,2f,9a,ea,bd,2b,5a,34,8b,48,9c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,39,ce,b4,dc,fe,

c6,8c,1c,01,3a,48,fc,e8,04,4a,f1,62,08,74,80,c2,c2,f5,db,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4a,12,39,3b,cb,

cd,a9,6c,f6,0f,4e,58,98,5b,89,c9,43,07,0b,4c,54,92,f6,ae,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,10,7a,eb,a8,f9,

c3,1d,f8,3d,ce,ea,26,2d,45,aa,78,d4,5b,bb,ee,bf,28,64,e2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,80,51,4b,a6,ba,

de,0f,60,2a,b7,cc,b5,b9,7f,41,e7,a0,5c,69,00,6a,32,bf,c8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,09,9d,1d,fe,

0f,5e,2f,6c,43,2d,1e,aa,22,2f,9c,46,38,86,99,be,bc,b9,c4,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2468)

c:\windows\system32\WININET.dll

c:\docume~1\Keri\LOCALS~1\TempIadHide3.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Creative\ShareDLL\Mediadet.exe

c:\program files\Uniblue\RegistryBooster 2009\registrybooster.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-09-27 22:22 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-27 03:21

Pre-Run: 28,187,258,880 bytes free

Post-Run: 28,271,276,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

387 --- E O F --- 2009-09-10 08:05

_____________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:00:00 PM, on 9/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Creative\ShareDLL\Mediadet.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll (file missing)

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\RunOnce: [uniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe" delay 20000

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.avg.com

O15 - Trusted Zone: http://www.grisoft.com

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114470380718

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173024646187

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 11461 bytes

These are my log files.

Thanks for your help.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Dirlook::

c:\program files\beftta

C:\program files\xrljel

Driver::

ZASVAIEK

File::

c:\windows\system32\zasvaiek.oag

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

-screen317

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Hi,

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

-screen317

************************

ComboFix 09-09-25.01 - Keri 09/26/2009 23:26.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.438 [GMT -5:00]

Running from: c:\documents and settings\Keri\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Keri\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\zasvaiek.oag"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ZASVAIEK

-------\Service_ZASVAIEK

((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))

.

2009-09-27 02:12 . 2009-09-27 02:12 -------- d-----w- c:\program files\Uniblue

2009-09-26 23:49 . 2009-09-10 19:54 269648 ----a-w- c:\program files\mbamservice.exe

2009-09-26 23:49 . 2009-09-10 19:54 420176 ----a-w- c:\program files\mbamgui.exe

2009-09-26 23:49 . 2009-09-10 19:54 79696 ----a-w- c:\program files\zlib.dll

2009-09-26 23:49 . 2009-09-10 19:54 46416 ----a-w- c:\program files\ssubtmr6.dll

2009-09-26 23:49 . 2009-09-10 19:53 70992 ----a-w- c:\program files\mbamext.dll

2009-09-26 23:49 . 2009-09-10 19:53 1312080 ----a-w- c:\program files\mbam.exe

2009-09-26 23:49 . 2009-09-26 23:55 -------- d-----w- c:\program files\Languages

2009-09-26 23:49 . 2009-09-26 23:55 16317 ----a-w- c:\program files\unins000.dat

2009-09-26 23:49 . 2009-09-26 23:54 699216 ----a-w- c:\program files\unins000.exe

2009-09-26 23:49 . 2009-09-10 19:53 163664 ----a-w- c:\program files\mbam.dll

2009-09-26 23:31 . 2009-09-26 23:32 -------- d-----w- c:\program files\ERUNT

2009-09-26 22:42 . 2009-09-26 22:38 812344 ----a-w- c:\program files\HJTInstall.exe

2009-09-26 21:47 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-26 21:47 . 2009-09-26 22:35 -------- d-----w- c:\program files\antikeri

2009-09-26 21:47 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-26 21:17 . 2009-09-26 21:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-26 05:49 . 2009-09-27 03:59 -------- d-----w- c:\program files\trend micro

2009-09-26 05:49 . 2009-09-26 05:49 -------- d-----w- C:\rsit

2009-09-26 04:26 . 2009-09-26 04:26 -------- d-----w- c:\documents and settings\Keri\Application Data\SUPERAntiSpyware.com

2009-09-26 00:57 . 2009-09-26 00:57 -------- d-----w- C:\AVGTemp

2009-09-24 16:44 . 2009-09-24 16:44 -------- d-----w- c:\documents and settings\Keri\Application Data\AVG8

2009-09-23 03:58 . 2009-09-23 04:00 -------- d-----w- c:\documents and settings\Keri\Local Settings\Application Data\Temp

2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-09-22 17:22 . 2009-09-22 17:22 -------- d-----w- c:\documents and settings\Keri\Local Settings\Application Data\Real

2009-09-22 17:14 . 2009-09-22 17:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-09-22 17:00 . 2009-09-26 21:42 0 ----a-r- c:\windows\win32k.sys

2009-09-17 03:07 . 2009-09-18 17:01 -------- d-----w- c:\program files\beftta

2009-09-17 03:06 . 2009-09-22 17:03 -------- d-----w- c:\program files\xrljel

2009-09-11 03:13 . 2009-09-11 03:13 -------- d-sh--w- c:\documents and settings\Keri\IECompatCache

2009-09-09 20:50 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 02:12 . 2009-01-30 02:48 -------- d-----w- c:\documents and settings\Keri\Application Data\Uniblue

2009-09-26 23:55 . 2009-09-26 23:49 10498 ----a-w- c:\program files\unins000.msg

2009-09-26 21:47 . 2009-01-29 23:59 -------- d-----w- c:\documents and settings\Keri\Application Data\Malwarebytes

2009-09-26 21:47 . 2009-01-28 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-26 21:29 . 2009-01-29 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-26 06:02 . 2008-12-03 01:46 0 ----a-w- c:\documents and settings\Kole\Local Settings\Application Data\prvlcl.dat

2009-09-26 05:27 . 2009-01-28 04:06 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-26 04:52 . 2005-06-27 20:42 -------- d-----w- c:\program files\Common Files\Real

2009-09-26 04:45 . 2005-06-27 20:45 -------- d-----w- c:\program files\Google

2009-09-26 02:49 . 2008-11-09 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-26 02:47 . 2007-07-29 23:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-22 17:20 . 2006-07-11 23:35 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-09-10 19:54 . 2009-09-26 23:49 496976 ----a-w- c:\program files\vbalsgrid6.ocx

2009-09-10 19:37 . 2009-09-26 23:49 16400 ----a-w- c:\program files\changes.rtf

2009-09-09 22:20 . 2009-07-09 03:25 -------- d-----w- c:\program files\Common Files\Apple

2009-08-27 03:19 . 2005-10-05 19:38 -------- d-----w- c:\documents and settings\Keri\Application Data\OpenOffice.org2

2009-08-27 03:19 . 2009-08-27 03:19 1687 ----a-w- c:\program files\Transaction.csv

2009-08-19 13:19 . 2009-02-02 19:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-19 13:19 . 2009-02-02 19:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-19 13:19 . 2009-02-02 19:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-07 03:51 . 2009-08-07 03:51 -------- d-----w- c:\program files\TomTom International B.V

2009-08-07 03:50 . 2009-01-10 15:18 -------- d-----w- c:\program files\TomTom HOME 2

2009-08-05 09:01 . 2002-09-03 16:46 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-07-30 20:27 . 2009-09-26 23:49 59015 ----a-w- c:\program files\mbam.chm

2009-07-17 19:01 . 2002-09-03 16:27 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-07 03:52 . 2009-06-27 21:04 117443 ----a-w- c:\windows\hpoins11.dat

2009-07-03 17:09 . 2005-02-18 21:19 915456 ------w- c:\windows\system32\wininet.dll

2009-06-06 15:26 . 2009-06-06 15:26 42567136 ----a-w- c:\program files\93.71_forceware_winxp2k_english_whql.exe

2009-05-19 03:38 . 2009-05-19 03:38 295392 ----a-w- c:\program files\att june.xls

2009-05-19 03:34 . 2009-05-19 03:33 251788 ----a-w- c:\program files\att may.xls

2009-05-19 03:27 . 2009-05-19 03:27 209482 ----a-w- c:\program files\att april.xls

2009-03-09 23:58 . 2009-03-09 23:57 62270256 ----a-w- c:\program files\avg_free_stf_en_85_278a1439.exe

2009-02-16 21:50 . 2009-02-16 21:50 117583 ----a-w- c:\program files\hsa 2008.xps

2009-02-12 17:06 . 2009-02-12 17:06 28868320 ----a-w- c:\program files\FileFormatConverters.exe

2009-01-22 05:00 . 2009-01-22 03:27 54157776 ----a-w- c:\program files\avg_free_stf_en_8_176a1400.exe

2009-01-17 23:35 . 2009-01-17 23:35 210421 ----a-w- c:\program files\200801.xps

2009-01-17 23:25 . 2009-01-17 23:25 209194 ----a-w- c:\program files\2008.xps

2009-01-05 00:31 . 2009-09-26 23:49 4124 ----a-w- c:\program files\license.txt

2008-11-09 17:40 . 2008-11-09 17:40 50689960 ----a-w- c:\program files\avg_free_stf_en_8_173a1373.exe

2008-08-29 02:19 . 2008-08-29 02:04 94205580 ----a-w- c:\program files\PhoneTool.zip

2007-08-02 04:16 . 2007-08-02 04:16 1297952 ----a-w- c:\program files\office2003-kb834691-client-enu.exe

2007-07-13 01:18 . 2007-07-13 00:13 92672 ----a-w- c:\program files\kidcam.xls[1]

2007-07-13 01:18 . 2007-07-13 01:04 96256 ----a-w- c:\program files\kidcam1.xls

2007-06-04 10:14 . 2007-06-04 10:13 7036008 ----a-w- c:\program files\yahoo_alohasolitaire_tm5-3.exe

2007-05-30 12:33 . 2007-05-30 12:33 4061616 ----a-w- c:\program files\LEO_Setup.EXE

2006-11-30 15:05 . 2006-11-30 15:05 217 ----a-w- c:\program files\setup.ini

2006-03-16 11:57 . 2006-03-16 11:45 508240 ----a-w- c:\program files\ie6setupOe.exe

2005-12-02 15:14 . 2005-12-02 15:13 9079232 ----a-w- c:\program files\yahoo_gemshop_tm5-3.exe

2005-11-25 20:57 . 2005-11-25 20:56 3406800 ----a-w- c:\program files\pcshowbuzz10.exe

2005-10-12 01:16 . 2005-10-12 01:15 381480 ----a-w- c:\program files\msgr7us.exe

2005-10-07 15:57 . 2005-10-07 15:57 851808 ----a-w- c:\program files\Windows-KB890830-V1.8-ENU.exe

2002-07-26 22:02 . 2009-06-05 05:53 153088 ----a-w- c:\program files\UNWISE.EXE

2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\program files\beftta ----

---- Directory of c:\program files\xrljel ----

((((((((((((((((((((((((((((( SnapShot@2009-09-27_03.13.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-27 04:38 . 2009-09-27 04:38 16384 c:\windows\temp\Perflib_Perfdata_7e0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-14 16384]

"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]

"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]

"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]

"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-19 2007832]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"PCLEUSBTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 196608]

"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 196608]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]

"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-10-15 03:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-19 13:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/2/2009 2:07 PM 335240]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/2/2009 2:07 PM 297752]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/7/2009 9:31 AM 92008]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/9/2009 7:06 PM 108552]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/28/2008 10:34 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Trusted Zone: avg.com\www

Trusted Zone: grisoft.com\www

Trusted Zone: microsoft.com\windowsupdate

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-26 23:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???(???????????????E?@?Disc Detector?A????? ?A?? ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?? ??????~?B~??????????@?$?????????????????B??????????????????????????@??????r?B

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-1637723038-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,17,05,30,37,5b,

94,ca,17,e2,63,26,f1,3f,c8,ff,68,1a,1a,63,72,e5,85,d5,45,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4AFC04A3-B551-4B68-9BEB-8677D90150D9}\InprocServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\wincontrol.dll"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,6b,f5,ab,32,2e,

ed,7e,0a,6a,9c,d6,61,af,45,84,18,4d,fe,81,16,ca,da,44,52,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f9,d9,91,73,40,

bd,38,23,ff,7c,85,e0,43,d4,0e,fe,8c,c1,f3,a7,4e,dc,fa,d1,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}\InprocServer32]

@DACL=(02 0000)

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,80,1a,58,a7,af,

be,be,f4,86,8c,21,01,be,91,eb,e7,a1,18,dc,39,15,ed,13,98,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,0e,32,6b,17,0f,

81,7c,23,f5,1d,4d,73,a8,13,5c,05,95,e5,f4,6b,37,a4,ad,59,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ad,c5,13,a1,1e,

6b,9c,80,df,20,58,62,78,6b,cf,c8,42,40,11,65,5b,bb,0e,54,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3c,8d,9e,44,ba,

e2,98,6a,fb,a7,78,e6,12,2f,9a,ea,bd,2b,5a,34,8b,48,9c,07,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,39,ce,b4,dc,fe,

c6,8c,1c,01,3a,48,fc,e8,04,4a,f1,62,08,74,80,c2,c2,f5,db,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4a,12,39,3b,cb,

cd,a9,6c,f6,0f,4e,58,98,5b,89,c9,43,07,0b,4c,54,92,f6,ae,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,10,7a,eb,a8,f9,

c3,1d,f8,3d,ce,ea,26,2d,45,aa,78,d4,5b,bb,ee,bf,28,64,e2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,80,51,4b,a6,ba,

de,0f,60,2a,b7,cc,b5,b9,7f,41,e7,a0,5c,69,00,6a,32,bf,c8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,09,9d,1d,fe,

0f,5e,2f,6c,43,2d,1e,aa,22,2f,9c,46,38,86,99,be,bc,b9,c4,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(988)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Creative\ShareDLL\Mediadet.exe

c:\windows\system32\rundll32.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-09-27 23:45 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-27 04:44

ComboFix2.txt 2009-09-27 03:22

Pre-Run: 28,281,610,240 bytes free

Post-Run: 28,250,808,320 bytes free

359 --- E O F --- 2009-09-10 08:05

*******************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:48:09 PM, on 9/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\Creative\ShareDLL\Mediadet.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll (file missing)

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.avg.com

O15 - Trusted Zone: http://www.grisoft.com

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114470380718

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173024646187

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 11192 bytes

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please delete the following folders:

c:\program files\beftta

c:\program files\xrljel

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Hi,

Please delete the following folders:

c:\program files\beftta

c:\program files\xrljel

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

**************

I left F-Secure online scan running and went to bed. Either there was nothing open or my husband closed anything that was still open. I did not have the opportunity to do the automatic cleaning or save a report. I do not know if anything finished or not. I did continue with your instructions and ran the Security Check. The report is included below. I did also try to run Malwarebytes' Anti-Malware and Spy bot. Same messages, no permissions. What next?

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 8.5

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Windows Defender Signatures

HijackThis 2.0.2

Java 6 Update 13

Java 6 Update 3

Java 6 Update 4

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.3

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

``````````````````````````````

DNS Vulnerability Check:

`````````End of Log```````````

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Try this online scanner instead:

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Try this online scanner instead:

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Try this instead:

Please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.

-screen317

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Try this instead:

Please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.

-screen317

*************

Since my last post I re-ran F-Secure Online Scanner and rebooted. I will include the logs. I can now run Malwarebytes and Superantispyware. However something was missed for Spybot. I had removed in through the control panel. I was going to uninstall and reinstall as you suggested. I still do not have permissions to delete the other or to install over it because it is read only protected. I am also having a problem with Adobe.

"Error 1402. Could not open key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Run\Optional Components\MSFS.

Verify that you have sufficient access to that key, or contact your support personnel."

Scanning Report

Sunday, September 27, 2009 22:24:52 - 22:44:44

Computer name: FAMILY

Scanning type: Quick scan

Target: System

--------------------------------------------------------------------------------

7 malware found

TrackingCookie.Questionmarket (spyware)

System (Disinfected)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Revsci (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 4157

System: 4157

Not scanned: 0

Actions:

Disinfected: 7

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 8.5

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Windows Defender Signatures

HijackThis 2.0.2

Java 6 Update 16

Java 2 Runtime Environment, SE v1.4.2

Adobe Flash Player 10

Adobe Reader 8.1.3

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

``````````````````````````````

DNS Vulnerability Check:

`````````End of Log```````````

Malwarebytes' Anti-Malware 1.41

Database version: 2866

Windows 5.1.2600 Service Pack 3

9/27/2009 11:16:59 PM

mbam-log-2009-09-27 (23-16-59).txt

Scan type: Quick Scan

Objects scanned: 131610

Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{4afc04a3-b551-4b68-9beb-8677d90150d9} (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log\2009 Jan 27 - 11_35_22 PM_312.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log\2009 Jan 28 - 03_00_01 AM_937.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log\2009 Jan 28 - 03_00_02 AM_265.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log\2009 Jan 29 - 03_00_00 AM_890.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Log\2009 Jan 29 - 03_00_01 AM_171.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Keri\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Some things are better!!

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
We'll deal with Spybot in a bit.

Is this when running Adobe? Or when uninstalling it? Follow the steps here to fix it:

http://kb2.adobe.com/cps/329/329137.html

Let me know how it goes.

-screen317

**************

I cannot load Adove 9 until 8.1. until AVG 8.1.3 is unstalled (no permissions for that removal) I went to the adobe with the link that you suggested, according to the website that you suggested, I am supposed to edit permission on HKEY files, but how do I find the hkey files. I thought that I found them, but I can not locate the file that my error writes about.

This is my last post for the night. I can not staty up with you until 3:00 am again. I will work on whatever you need me to in the morning.

Thank you for your help.

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Click Start --> Run, type in regedit, and press Enter.

HKEY isn't a file; it's in the Registry. You'll see it when you open Regedit.

OK, I found the registry, but not the file requested by Adobe 9.

These are some other messages I am recieving:

A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Live Search (search.live.com). Internet Explorer will now search seting where you can change this setting or install more search providers"

"The windows installer sericed failed to start. Contact your support personnell"

"Windows cannot load the user profile but has logged ?????" I didn't get the rest of that message.

Please help me resolve these issues.

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
I can't seem to send add any posts.

I am sorry I did not give enough info. I am new to forums. I thought that the history in previous post on my topic would give info on what has been happening with my computer.

I have twice tried to send the logs you requested, but had an error message that the page requested could not be found.

I am going to try again with only this text.

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
I am sorry I did not give enough info. I am new to forums. I thought that the history in previous post on my topic would give info on what has been happening with my computer.

I have twice tried to send the logs you requested, but had an error message that the page requested could not be found.

I am going to try again with only this text.

That worked.

I was unable to copy and paste the logs, so I am trying using attachments.

Error message was "The website was unable to display the webpage.

mbam_log_2009_10_03__08_03_17_.txt

10_03_09_log.txt

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Hi,

Let's take a step back here.

You're referring to previous posts while being vague.

Right this moment, provide as much detail as possible, and tell me specifically what issues you are currently facing.

-screen317

I downloaded MBAM but it doesn't run, nor does spy bot. I get the following message: "Windows cannot access

the specified device path or file. You may not have the appropriate permissions to access the item."

That was on 9/26/09.

You told me to run combofix.com and:

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system

After sending you my logs, I was instructed to open Notepad Copy/paste

Dirlook::

c:\program files\beftta

C:\program files\xrljel

Driver::

ZASVAIEK

File::

c:\windows\system32\zasvaiek.oag

then drag the CFScript into ComboFix.exe, reboot then post the contents of Combofix.txt in your next

reply together with a new HijackThis log.

Please delete the following folders:

c:\program files\beftta

c:\program files\xrljel

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

download my Security Check

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

When I tried to delete the 2 program files you wrote about, I was able to delete the c:\program files\beftta and did search for

c:\program files\xrljel, which did not exist then I proceeded with the F-Secure.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi Keri,

Yes it does. :D

Glad we're on the same page here.

Please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply.

Next, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    Spybot
    :folderfind
    Spybot


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

-screen317

Link to post
Share on other sites
4ks

4ks

Posted
  • Author
Posted
Hi Keri,

Yes it does. :D

Glad we're on the same page here.

Please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply.

Next, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    Spybot
    :folderfind
    Spybot


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

-screen317

Running from: C:\Documents and Settings\Keri\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Keri\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.3616.34541390

[1] 2009-06-28 06:42:16 33530 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.3616.34541390 ()

Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.3616.34541390

[1] 2009-06-28 06:42:16 40685 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.3616.34541390 ()

Finished!

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 00:38 on 04/10/2009 by Keri (Administrator - Elevation successful)

========== filefind ==========

Searching for "Spybot"

No files found.

========== folderfind ==========

Searching for "Spybot"

No folders found.

-=End Of File=-

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.