Jump to content

Virus infected pc - network pc's can't browse


royds

Recommended Posts

Hi,

I've been trying to fix a pc for my friend as he was infected with around 300 infections (using malwarebytes). Now the pc states its clean with teh full scan. I've also installed the latest MSE and AVG, but when I try to update the programs they are both stating theres no internet. I've also been on the Windows update and got most of the updates done, but the virus defenitions won't come on the list.

While this is going on the other pc's thats on my network have trouble browsing the net and its only when this pc is connected.

I would be grateful for any help, as malwarebytes is updating, but all the anti virus programs wont, which makes me believe that theres still something on.

Cheers for any help.

Link to post
Share on other sites

Hi,

I've been trying to fix a pc for my friend as he was infected with around 300 infections (using malwarebytes). Now the pc states its clean with teh full scan. I've also installed the latest MSE and AVG, but when I try to update the programs they are both stating theres no internet. I've also been on the Windows update and got most of the updates done, but the virus defenitions won't come on the list.

While this is going on the other pc's thats on my network have trouble browsing the net and its only when this pc is connected.

I would be grateful for any help, as malwarebytes is updating, but all the anti virus programs wont, which makes me believe that theres still something on.

Cheers for any help.

still having problems guys, when ever I connect the laptop to the network I get a page cannot be displayed every 2 minutes. I've now got mse updated manually and it founf a few more viruses. I've also got the hijack log below, I can see that theres a few thinga on the list that shoudn't be there but I need your help please ??

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:27:13 AM, on 9/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8181

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} (HomeVendGasCard Class) - https://britishgastopup.paypoint.com/HomeVend.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab

O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win...b?1270812775327

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apache2.2 - Apache Software Foundation - C:\hosting\apache\bin\httpd.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 8901 bytes

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Which infection was MBAM detecting?

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Thanks for the reply. The main virus thats come up last was win32/orsam!rts that MSE caught. AVG then caught a few, I'll have to look in the logs but it was a folder that was on the hard drive something to do with hosts and a russian web site. I did google it and it turned out to be a mailer trojan or someting.

I've attached the logs from MBAM and DDS.

mbam_log_2010_09_07__12_18_20_.txt

mbam_log_2010_09_07__14_57_46_.txt

DDS.txt

Link to post
Share on other sites

  • Staff

Hi,

In the future please post all logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

In the future please post all logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

ComboFix 10-09-09.04 - Owner 09/11/2010 11:59:20.1.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.139 [GMT 1:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\comet systems

c:\program files\comet systems\DM\activeJobs.xml

c:\program files\comet systems\DM\bin\publicKey.pbk

c:\program files\comet systems\DM\completedJobs.xml

c:\program files\comet systems\DM\jobIndex.xml

c:\program files\comet systems\DM\pendingJobs.xml

c:\program files\comet systems\DM\productInfo.xml

c:\program files\comet systems\DM\request.xml

c:\program files\comet systems\DM\response.xml

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\inf\dm.inf

c:\windows\inf\dm.PNF

c:\windows\system32\18467.exe

c:\windows\system32\917671

c:\windows\system32\spool\prtprocs\w32x86\CNMPD86.DLL

c:\windows\system32\spool\prtprocs\w32x86\CNMPP86.DLL

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_C-DillaSrv_(C-DillaSrv)_

-------\Service_C-DillaSrv (C-DillaSrv)

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))

.

2010-09-10 01:01 . 2010-09-10 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search

2010-09-09 20:20 . 2010-09-11 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-09-08 16:33 . 2010-09-08 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search

2010-09-08 11:11 . 2010-09-08 11:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-07 09:55 . 2010-09-07 09:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-09-07 09:54 . 2010-09-07 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 20:21 . 2010-09-09 20:21 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-09 20:21 . 2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-09 20:21 . 2010-09-09 20:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-09 20:21 . 2010-09-09 20:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-09 20:20 . 2008-04-16 14:44 -------- d-----w- c:\program files\AVG

2010-09-09 19:49 . 2010-09-09 19:49 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-09-08 17:33 . 2010-09-08 16:32 -------- d-----w- c:\program files\Windows Desktop Search

2010-09-08 16:44 . 2008-06-12 18:02 -------- d-----w- c:\program files\Microsoft.NET

2010-09-08 14:37 . 2004-08-26 19:13 97616 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\MSBuild

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\Reference Assemblies

2010-09-08 11:12 . 2010-09-06 17:04 97616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-07 20:25 . 2009-07-09 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire

2010-09-07 17:31 . 2003-06-23 19:42 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-09-07 09:54 . 2010-09-07 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2010-06-24 12:10 81920 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"CARPService"="carpserv.exe" [2003-05-21 4608]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 106496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-19 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 136600]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-09 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864]

HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-4-16 81920]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\hosting\\client\\HostingClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:TCP"= 53:TCP:DNSPort

"53:UDP"= 53:UDP:DNSPort

"81:TCP"= 81:TCP:WebPort2

"81:UDP"= 81:UDP:WebPort2

"80:UDP"= 80:UDP:WebPort

"5985:TCP"= 5985:TCP:Windows Remote Management

"80:TCP"= 80:TCP:WebPort

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/9/2010 9:21 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/9/2010 9:21 PM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/9/2010 9:20 PM 308136]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/3/2003 6:01 PM 291328]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/3/2003 6:01 PM 244608]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [7/17/2003 2:01 AM 28280]

S1 eeaf;eeaf;\??\c:\windows\system32\eeaf.sys --> c:\windows\system32\eeaf.sys [?]

S2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [9/28/2009 11:41 PM 24645]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 mrtRate;mrtRate; [x]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2/8/2008 4:09 PM 39040]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/8/2008 4:09 PM 54016]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 1:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 tomcat6;tomcat6;c:\hosting\tomcat\bin\tomcat6.exe [7/20/2007 7:20 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:8181

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270812775327

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-DM_Server - c:\progra~1\COMETS~1\DM\bin\dmserver.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-11 12:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????u?n??|?????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:2a,3b,b7,63,4a,c3,0e,c2,90,aa,c1,28,c0,3b,59,ad,33,28,59,33,61,ca,cd,

60,43,f5,0e,c3,a5,2f,05,de,d9,a6,b3,49,fc,cd,11,c7,e5,25,92,24,1a,75,fa,e7,\

"??"=hex:43,9f,35,a2,3c,80,6a,ba,11,e2,de,cf,bc,6b,ef,dd

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3300)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\DRIVERS\CDANTSRV.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\carpserv.exe

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2010-09-11 12:42:16 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-11 11:41

Pre-Run: 11,816,112,128 bytes free

Post-Run: 13,765,427,200 bytes free

- - End Of File - - D51E1E3AC46A7A9EE66D0C6A2B4A3187

DSS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 13:48:32.87 on Sat 09/11/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\hosting\client\HostingClient.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Owner\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:8181

uInternet Settings,ProxyOverride = *.local;<local>

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun

mRun: [CARPService] carpserv.exe

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken\billmind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hostin~1.lnk - c:\hosting\client\HostingClient.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~2.lnk - c:\program files\quicken\QWDLLS.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270812775327

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-9 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-9 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-9 243024]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-9 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-26 54752]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-3 291328]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-3 244608]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-7-17 28280]

S1 eeaf;eeaf;\??\c:\windows\system32\eeaf.sys --> c:\windows\system32\eeaf.sys [?]

S2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [2009-9-28 24645]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 mrtRate;mrtRate; [x]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2008-2-8 39040]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-2-8 54016]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 tomcat6;tomcat6;c:\hosting\tomcat\bin\tomcat6.exe [2007-7-20 57344]

=============== Created Last 30 ================

2010-09-11 10:53:33 98816 ----a-w- c:\windows\sed.exe

2010-09-11 10:53:33 77312 ----a-w- c:\windows\MBR.exe

2010-09-11 10:53:33 256512 ----a-w- c:\windows\PEV.exe

2010-09-11 10:53:33 161792 ----a-w- c:\windows\SWREG.exe

2010-09-10 01:40:06 0 d-----w- C:\$AVG

2010-09-10 01:01:10 0 d-----w- c:\docume~1\owner\applic~1\Windows Search

2010-09-09 20:21:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-09 20:21:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-09 20:21:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-09 20:20:43 0 d-----w- c:\windows\system32\drivers\Avg

2010-09-09 20:20:14 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-09-09 19:49:12 0 d-----w- c:\program files\Microsoft Security Essentials

2010-09-08 16:34:53 0 d-----w- c:\windows\system32\winrm

2010-09-08 16:34:37 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-09-08 16:33:17 0 d-----w- c:\docume~1\owner\applic~1\Windows Desktop Search

2010-09-08 16:32:03 0 d-----w- c:\program files\Windows Desktop Search

2010-09-08 16:32:02 0 d-----w- c:\windows\system32\GroupPolicy

2010-09-08 16:30:24 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-09-08 16:30:24 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-09-08 16:30:24 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-09-08 14:48:11 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-09-08 14:11:06 0 d-----w- c:\windows\system32\XPSViewer

2010-09-08 14:07:26 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-09-08 14:07:26 117760 ------w- c:\windows\system32\prntvpt.dll

2010-09-08 14:07:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-09-08 14:07:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-09-08 14:07:24 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-09-08 14:07:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-09-08 14:07:22 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-09-08 14:07:19 0 d-----w- C:\b01cbcfd3d87213b05

2010-09-08 13:46:52 0 d-sh--w- c:\documents and settings\owner\IECompatCache

2010-09-08 13:46:17 0 d-sh--w- c:\documents and settings\owner\PrivacIE

2010-09-08 13:43:58 0 d-sh--w- c:\documents and settings\owner\IETldCache

2010-09-08 13:11:07 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-09-08 13:10:21 0 d-----w- c:\windows\ie8updates

2010-09-08 13:09:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-09-08 13:09:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-09-08 13:09:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-09-08 13:09:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-09-08 13:09:20 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-09-08 13:09:19 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-09-08 13:09:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-09-08 13:04:27 0 dc-h--w- c:\windows\ie8

2010-09-08 12:17:43 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-09-08 12:11:31 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2010-09-08 12:11:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-09-08 12:10:09 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-08 12:08:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-09-08 12:08:27 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-09-08 12:06:40 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-09-08 12:04:58 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-09-08 12:04:48 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-09-08 12:04:04 293376 ------w- c:\windows\system32\browserchoice.exe

2010-09-08 12:01:20 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-09-08 12:00:56 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-09-08 12:00:19 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-09-08 12:00:18 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb

2010-09-08 12:00:17 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-09-07 21:04:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-09-07 21:04:00 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-09-07 20:48:48 19569 ----a-w- c:\windows\005722_.tmp

2010-09-07 19:17:01 0 d-----w- c:\windows\system32\wbem\Repository.001

2010-09-07 19:16:16 380416 ------w- c:\windows\system32\irprops.cpl

2010-09-07 19:16:09 217816 -c--a-w- c:\windows\system32\dllcache\wuaucpl.cpl

2010-09-07 19:16:09 217816 ----a-w- c:\windows\system32\wuaucpl.cpl

2010-09-07 19:00:33 19528 ----a-w- c:\windows\002474_.tmp

2010-09-07 18:25:45 12598 ----a-w- c:\windows\system32\wpa.bak

2010-09-07 18:15:58 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime

2010-09-07 18:15:53 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime

2010-09-07 18:15:50 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime

2010-09-07 18:15:45 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime

2010-09-07 18:15:42 72704 -c--a-w- c:\windows\system32\dllcache\wingb.ime

2010-09-07 18:15:39 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime

2010-09-07 18:15:31 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-09-07 18:15:30 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-09-07 18:15:10 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-09-07 18:15:07 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll

2010-09-07 18:15:05 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll

2010-09-07 18:14:28 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll

2010-09-07 18:14:27 65024 -c--a-w- c:\windows\system32\dllcache\unicdime.ime

2010-09-07 18:14:18 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-09-07 18:14:04 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll

2010-09-07 18:14:03 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe

2010-09-07 18:14:01 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe

2010-09-07 18:14:00 571392 -c--a-w- c:\windows\system32\dllcache\tintlgnt.ime

2010-09-07 18:13:54 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-09-07 18:13:52 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-09-07 18:13:50 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-09-07 18:13:21 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-09-07 18:13:08 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll

2010-09-07 18:13:04 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2010-09-07 18:13:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2010-09-07 18:11:49 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2010-09-07 18:11:48 205824 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll

2010-09-07 18:11:41 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll

2010-09-07 18:11:26 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll

2010-09-07 18:11:24 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2010-09-07 18:11:22 79872 -c--a-w- c:\windows\system32\dllcache\rwia001.dll

2010-09-07 18:11:07 26112 -c--a-w- c:\windows\system32\dllcache\romanime.ime

2010-09-07 18:11:00 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2010-09-07 18:09:50 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll

2010-09-07 18:09:49 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll

2010-09-07 18:09:47 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll

2010-09-07 18:09:46 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll

2010-09-07 18:09:11 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2010-09-07 18:08:34 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2010-09-07 18:07:59 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex

2010-09-07 18:07:58 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-09-07 18:07:09 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-09-07 18:07:07 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll

2010-09-07 18:06:57 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2010-09-07 18:06:33 1158818 -c--a-w- c:\windows\system32\dllcache\korwbrkr.lex

2010-09-07 18:06:32 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-09-07 18:06:16 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2010-09-07 18:06:15 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-09-07 18:06:14 7168 -c--a-w- c:\windows\system32\dllcache\kbdnec95.dll

2010-09-07 18:05:40 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll

2010-09-07 18:05:37 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll

2010-09-07 18:05:14 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll

2010-09-07 18:05:13 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll

2010-09-07 18:05:11 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe

2010-09-07 18:05:09 102456 -c--a-w- c:\windows\system32\dllcache\imlang.dll

2010-09-07 18:05:07 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe

2010-09-07 18:05:06 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll

2010-09-07 18:05:05 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe

2010-09-07 18:05:03 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe

2010-09-07 18:05:02 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe

2010-09-07 18:05:00 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe

2010-09-07 18:03:41 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

2010-09-07 18:03:17 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll

2010-09-07 18:03:15 108827 -c--a-w- c:\windows\system32\dllcache\hanja.lex

2010-09-07 18:02:57 11264 -c--a-w- c:\windows\system32\dllcache\fxssend.exe

2010-09-07 18:02:55 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2010-09-07 18:02:41 132608 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll

2010-09-07 18:02:39 111104 -c--a-w- c:\windows\system32\dllcache\fxscfgwz.dll

2010-09-07 18:02:19 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe

2010-09-07 18:02:15 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll

2010-09-07 18:02:02 25856 -c--a-w- c:\windows\system32\dllcache\et4000.sys

2010-09-07 18:02:01 45056 -c--a-w- c:\windows\system32\dllcache\esunid.dll

2010-09-07 18:02:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll

2010-09-07 18:01:58 31744 -c--a-w- c:\windows\system32\dllcache\esucmd.dll

2010-09-07 18:00:46 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime

2010-09-07 18:00:30 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe

2010-09-07 18:00:28 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-09-07 18:00:08 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2010-09-07 18:00:06 21504 -c--a-w- c:\windows\system32\dllcache\cintlgnt.ime

2010-09-07 18:00:05 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll

2010-09-07 18:00:01 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll

2010-09-07 17:59:59 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll

2010-09-07 17:59:58 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll

2010-09-07 17:59:56 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll

2010-09-07 17:59:54 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll

2010-09-07 17:59:51 14336 -c--a-w- c:\windows\system32\dllcache\chgusr.exe

2010-09-07 17:59:49 15872 -c--a-w- c:\windows\system32\dllcache\chgport.exe

2010-09-07 17:59:48 13312 -c--a-w- c:\windows\system32\dllcache\chglogon.exe

2010-09-07 17:59:46 9728 -c--a-w- c:\windows\system32\dllcache\change.exe

2010-09-07 17:59:45 78336 -c--a-w- c:\windows\system32\dllcache\chajei.ime

2010-09-07 17:59:34 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys

2010-09-07 17:59:29 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll

2010-09-07 17:58:23 312832 -c--a-w- c:\windows\system32\dllcache\EXCH_aqueue.dll

2010-09-07 17:58:21 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2010-09-07 17:57:51 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2010-09-07 17:56:56 2134528 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpsnap.dll

2010-09-07 17:56:54 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll

2010-09-07 17:42:25 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-09-07 17:39:10 45568 ----a-w- c:\windows\system32\safrslv.dll

2010-09-07 17:39:10 29696 ----a-w- c:\windows\system32\safrdm.dll

2010-09-07 17:39:09 43520 ----a-w- c:\windows\system32\safrcdlg.dll

2010-09-07 17:39:09 43520 ----a-w- c:\windows\system32\racpldlg.dll

2010-09-07 17:39:02 32768 ----a-w- c:\windows\system32\mnmsrvc.exe

2010-09-07 17:39:02 32768 ----a-w- c:\windows\system32\isrdbg32.dll

2010-09-07 17:37:56 252928 ----a-w- c:\windows\system32\msoeacct.dll

2010-09-07 17:37:56 105984 ----a-w- c:\windows\system32\msoert2.dll

2010-09-07 17:37:54 691712 ----a-w- c:\windows\system32\inetcomm.dll

2010-09-07 17:37:52 192512 ----a-w- c:\windows\system32\schedsvc.dll

2010-09-07 17:37:51 274944 ----a-w- c:\windows\system32\mstask.dll

2010-09-07 17:37:51 12288 ----a-w- c:\windows\system32\mstinit.exe

2010-09-07 17:28:58 6144 ----a-w- c:\windows\system32\dcomcnfg.exe

2010-09-07 16:53:13 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-09-07 16:51:39 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-09-07 16:46:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-09-07 16:32:24 4096 ----a-w- c:\windows\system32\ksuser.dll

2010-09-07 16:32:24 129536 ----a-w- c:\windows\system32\ksproxy.ax

2010-09-07 16:22:13 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2010-09-07 16:01:59 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT

2010-09-07 16:01:51 13608 ----a-r- c:\windows\SETD6.tmp

2010-09-07 16:01:44 1086182 ----a-r- c:\windows\SETC7.tmp

2010-09-07 15:59:04 7655109 ----a-w- c:\windows\setupapi.log.0.old

2010-09-07 09:55:08 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2010-09-07 09:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-07 09:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-07 09:54:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-07 09:54:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-09-07 17:31:57 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2008-05-18 20:28:48 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051820080519\index.dat

============= FINISH: 13:50:04.26 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay. I was not notified of your reply. Replies will be more prompt in the future.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

Hi,

My apologies for the delay. I was not notified of your reply. Replies will be more prompt in the future.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Log below:

ComboFix 10-09-14.04 - Owner 09/15/2010 15:07:39.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.134 [GMT 1:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

2010-09-11 00:24 . 2010-09-11 00:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-09-10 01:40 . 2010-09-10 01:40 -------- d-----w- C:\$AVG

2010-09-10 01:01 . 2010-09-10 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search

2010-09-09 20:21 . 2010-09-09 20:21 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-09 20:21 . 2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-09 20:21 . 2010-09-09 20:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-09 20:21 . 2010-09-09 20:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-09 20:20 . 2010-09-11 10:43 -------- d-----w- c:\windows\system32\drivers\Avg

2010-09-09 20:20 . 2010-09-11 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-09-09 19:50 . 2010-09-09 19:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

2010-09-09 19:49 . 2010-09-09 19:49 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-09-09 19:40 . 2010-09-09 19:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-09-08 16:34 . 2010-09-08 16:34 -------- d-----w- c:\windows\system32\winrm

2010-09-08 16:34 . 2010-09-08 16:35 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-09-08 16:33 . 2010-09-08 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search

2010-09-08 16:32 . 2010-09-08 17:33 -------- d-----w- c:\program files\Windows Desktop Search

2010-09-08 16:32 . 2010-09-08 16:32 -------- d-----w- c:\windows\system32\GroupPolicy

2010-09-08 16:30 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-09-08 16:30 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-09-08 16:30 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-09-08 14:11 . 2010-09-08 14:11 -------- d-----w- c:\windows\system32\XPSViewer

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\MSBuild

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\Reference Assemblies

2010-09-08 14:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-09-08 14:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-09-08 14:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-09-08 14:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-09-08 14:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-09-08 14:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-09-08 14:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-09-08 14:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-09-08 14:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-09-08 14:07 . 2010-09-08 14:09 -------- d-----w- C:\b01cbcfd3d87213b05

2010-09-08 13:46 . 2010-09-08 13:46 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache

2010-09-08 13:46 . 2010-09-08 13:46 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE

2010-09-08 13:43 . 2010-09-08 13:43 -------- d-sh--w- c:\documents and settings\Owner\IETldCache

2010-09-08 13:41 . 2010-09-08 13:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-09-08 13:11 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-09-08 13:10 . 2010-09-08 14:56 -------- d-----w- c:\windows\ie8updates

2010-09-08 13:09 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-09-08 13:09 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-09-08 13:09 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-09-08 13:09 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-09-08 13:09 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-09-08 13:09 . 2010-06-24 16:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-09-08 13:09 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-09-08 13:04 . 2010-09-08 13:08 -------- dc-h--w- c:\windows\ie8

2010-09-08 12:17 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-09-08 12:11 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2010-09-08 12:11 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-09-08 12:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-08 12:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-09-08 12:08 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-09-08 12:04 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-09-08 12:04 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-09-08 12:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-09-08 12:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-09-08 12:00 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-09-08 12:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-09-08 12:00 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-09-08 11:11 . 2010-09-08 11:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-07 21:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-09-07 21:04 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-09-07 19:17 . 2010-09-07 20:15 -------- d-----w- c:\windows\system32\wbem\Repository.001

2010-09-07 18:39 . 2010-09-07 18:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth

2010-09-07 18:15 . 2002-08-29 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-09-07 18:15 . 2002-08-29 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-09-07 18:15 . 2002-08-29 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-09-07 18:15 . 2008-04-14 04:41 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll

2010-09-07 18:15 . 2008-04-14 04:41 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll

2010-09-07 18:14 . 2008-04-14 04:41 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll

2010-09-07 18:14 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-09-07 18:14 . 2008-04-14 04:41 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll

2010-09-07 18:14 . 2002-08-29 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe

2010-09-07 18:14 . 2002-08-29 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe

2010-09-07 18:13 . 2002-08-29 12:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-09-07 18:13 . 2002-08-29 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-09-07 18:13 . 2002-08-29 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-09-07 18:13 . 2002-08-29 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-09-07 18:13 . 2002-08-29 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll

2010-09-07 18:13 . 2001-08-17 21:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2010-09-07 18:13 . 2002-08-29 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2010-09-07 18:11 . 2001-08-17 21:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2010-09-07 18:11 . 2001-08-17 21:36 205824 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll

2010-09-07 18:11 . 2001-08-17 21:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll

2010-09-07 18:11 . 2001-08-17 21:36 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll

2010-09-07 18:11 . 2002-08-29 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2010-09-07 18:11 . 2002-08-29 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia001.dll

2010-09-07 18:11 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2010-09-07 18:10 . 2002-08-29 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe

2010-09-07 18:10 . 2002-08-29 12:00 16384 -c--a-w- c:\windows\system32\dllcache\quser.exe

2010-09-07 18:10 . 2002-08-29 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe

2010-09-07 18:10 . 2002-08-29 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll

2010-09-07 18:10 . 2002-08-29 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll

2010-09-07 18:10 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll

2010-09-07 18:10 . 2008-04-14 04:40 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll

2010-09-07 18:10 . 2008-04-13 21:13 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe

2010-09-07 18:10 . 2008-04-14 04:40 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll

2010-09-07 18:10 . 2008-04-14 04:40 175104 -c--a-w- c:\windows\system32\dllcache\pintlcsa.dll

2010-09-07 18:09 . 2008-04-14 04:40 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll

2010-09-07 18:09 . 2002-08-29 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll

2010-09-07 18:09 . 2002-08-29 12:00 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll

2010-09-07 18:09 . 2008-04-14 04:40 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll

2010-09-07 18:09 . 2001-08-17 21:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2010-09-07 18:08 . 2002-08-29 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2010-09-07 18:07 . 2002-08-29 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-09-07 18:07 . 2002-08-29 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-09-07 18:07 . 2002-08-29 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll

2010-09-07 18:06 . 2001-08-17 21:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2010-09-07 18:06 . 2002-08-29 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-09-07 18:06 . 2002-08-29 12:00 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2010-09-07 18:06 . 2002-08-29 12:00 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-09-07 18:06 . 2002-08-29 12:00 7168 -c--a-w- c:\windows\system32\dllcache\kbdnec95.dll

2010-09-07 18:05 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll

2010-09-07 18:05 . 2002-08-29 12:00 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll

2010-09-07 18:05 . 2008-04-14 04:39 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll

2010-09-07 18:05 . 2002-08-29 12:00 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll

2010-09-07 18:05 . 2002-08-29 12:00 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe

2010-09-07 18:05 . 2008-04-14 04:39 102456 -c--a-w- c:\windows\system32\dllcache\imlang.dll

2010-09-07 18:05 . 2002-08-29 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe

2010-09-07 18:05 . 2008-04-14 04:39 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll

2010-09-07 18:05 . 2004-08-03 21:32 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe

2010-09-07 18:05 . 2002-08-29 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe

2010-09-07 18:05 . 2004-08-03 21:32 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe

2010-09-07 18:05 . 2004-08-03 21:32 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 20:20 . 2008-04-16 14:44 -------- d-----w- c:\program files\AVG

2010-09-08 16:44 . 2008-06-12 18:02 -------- d-----w- c:\program files\Microsoft.NET

2010-09-08 14:37 . 2004-08-26 19:13 97616 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-07 20:25 . 2009-07-09 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire

2010-09-07 17:47 . 2010-09-07 17:47 2678 ----a-w- c:\windows\java\Packages\Data\2KCYF1NJ.DAT

2010-09-07 17:47 . 2010-09-07 17:47 558142 ----a-w- c:\windows\java\Packages\7JBPRL3H.ZIP

2010-09-07 17:47 . 2010-09-07 17:47 2678 ----a-w- c:\windows\java\Packages\Data\CG0I8R7R.DAT

2010-09-07 17:47 . 2010-09-07 17:47 155995 ----a-w- c:\windows\java\Packages\0317VJVV.ZIP

2010-09-07 17:46 . 2010-09-07 17:46 2678 ----a-w- c:\windows\java\Packages\Data\XRTVJZ5N.DAT

2010-09-07 17:46 . 2010-09-07 17:46 2678 ----a-w- c:\windows\java\Packages\Data\1NX7VTB5.DAT

2010-09-07 17:46 . 2010-09-07 17:46 2678 ----a-w- c:\windows\java\Packages\Data\JXZFPBZX.DAT

2010-09-07 17:31 . 2003-06-23 19:42 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2010-06-24 12:10 81920 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"CARPService"="carpserv.exe" [2003-05-21 4608]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 106496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-19 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 136600]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-09 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864]

HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-4-16 81920]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\hosting\\client\\HostingClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:TCP"= 53:TCP:DNSPort

"53:UDP"= 53:UDP:DNSPort

"81:TCP"= 81:TCP:WebPort2

"81:UDP"= 81:UDP:WebPort2

"80:UDP"= 80:UDP:WebPort

"5985:TCP"= 5985:TCP:Windows Remote Management

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/9/2010 9:21 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/9/2010 9:21 PM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/9/2010 9:20 PM 308136]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/3/2003 6:01 PM 291328]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/3/2003 6:01 PM 244608]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [7/17/2003 2:01 AM 28280]

S1 eeaf;eeaf;\??\c:\windows\system32\eeaf.sys --> c:\windows\system32\eeaf.sys [?]

S2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [9/28/2009 11:41 PM 24645]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 mrtRate;mrtRate; [x]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2/8/2008 4:09 PM 39040]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/8/2008 4:09 PM 54016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:8181

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270812775327

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 15:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?3?0?2??????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:2a,3b,b7,63,4a,c3,0e,c2,90,aa,c1,28,c0,3b,59,ad,33,28,59,33,61,ca,cd,

60,43,f5,0e,c3,a5,2f,05,de,d9,a6,b3,49,fc,cd,11,c7,e5,25,92,24,1a,75,fa,e7,\

"??"=hex:43,9f,35,a2,3c,80,6a,ba,11,e2,de,cf,bc,6b,ef,dd

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2880)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-15 15:26:05

ComboFix-quarantined-files.txt 2010-09-15 14:25

ComboFix2.txt 2010-09-11 11:42

Pre-Run: 13,698,936,832 bytes free

Post-Run: 13,684,805,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - F46A78DBF5B2E461662D0639C43D2EBB

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay..

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Please uninstall Limewire before continuing.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

eeaf

mrtRate

KILALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

I had a look for that Limewire and couldn't find it on the add/remove list. I also asked my friend about it and they said they didn't know it was on only Bearshare.

I've found the Limewire in the folder you pointed to and deleted it and also deleted from the registry (if thats ok).

Heres the new logs from combo and DSS:

ComboFix 10-09-14.04 - Owner 09/18/2010 13:44:28.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.139 [GMT 1:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MRTRATE

-------\Service_eeaf

-------\Service_mrtRate

((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))

.

2010-09-10 01:01 . 2010-09-10 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search

2010-09-09 20:20 . 2010-09-11 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-09-08 16:33 . 2010-09-08 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search

2010-09-08 11:11 . 2010-09-08 11:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-07 09:55 . 2010-09-07 09:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-09-07 09:54 . 2010-09-07 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 13:07 . 2004-08-26 19:13 97616 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-18 12:11 . 2010-09-18 12:11 -------- d-----w- c:\program files\CCleaner

2010-09-09 20:21 . 2010-09-09 20:21 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-09 20:21 . 2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-09 20:21 . 2010-09-09 20:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-09 20:21 . 2010-09-09 20:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-09-09 20:20 . 2008-04-16 14:44 -------- d-----w- c:\program files\AVG

2010-09-09 19:49 . 2010-09-09 19:49 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-09-08 17:33 . 2010-09-08 16:32 -------- d-----w- c:\program files\Windows Desktop Search

2010-09-08 16:44 . 2008-06-12 18:02 -------- d-----w- c:\program files\Microsoft.NET

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\MSBuild

2010-09-08 14:10 . 2010-09-08 14:10 -------- d-----w- c:\program files\Reference Assemblies

2010-09-08 11:12 . 2010-09-06 17:04 97616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-07 20:25 . 2009-07-09 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire

2010-09-07 17:31 . 2003-06-23 19:42 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-09-07 09:54 . 2010-09-07 09:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2010-06-24 12:10 81920 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"CARPService"="carpserv.exe" [2003-05-21 4608]

"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 106496]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-19 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 136600]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-09 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864]

HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-4-16 81920]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-09-09 20:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\hosting\\client\\HostingClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:TCP"= 53:TCP:DNSPort

"53:UDP"= 53:UDP:DNSPort

"81:TCP"= 81:TCP:WebPort2

"81:UDP"= 81:UDP:WebPort2

"80:UDP"= 80:UDP:WebPort

"5985:TCP"= 5985:TCP:Windows Remote Management

"80:TCP"= 80:TCP:WebPort

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/9/2010 9:21 PM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/9/2010 9:21 PM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/9/2010 9:20 PM 308136]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/3/2003 6:01 PM 291328]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/3/2003 6:01 PM 244608]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [7/17/2003 2:01 AM 28280]

S2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [9/28/2009 11:41 PM 24645]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2/8/2008 4:09 PM 39040]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/8/2008 4:09 PM 54016]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 1:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 tomcat6;tomcat6;c:\hosting\tomcat\bin\tomcat6.exe [7/20/2007 7:20 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:8181

uInternet Settings,ProxyOverride = *.local;<local>

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270812775327

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-18 14:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?3?0?2??????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1298282688-2669030200-1494100731-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:2a,3b,b7,63,4a,c3,0e,c2,90,aa,c1,28,c0,3b,59,ad,33,28,59,33,61,ca,cd,

60,43,f5,0e,c3,a5,2f,05,de,d9,a6,b3,49,fc,cd,11,c7,e5,25,92,24,1a,75,fa,e7,\

"??"=hex:43,9f,35,a2,3c,80,6a,ba,11,e2,de,cf,bc,6b,ef,dd

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(324)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\DRIVERS\CDANTSRV.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\carpserv.exe

.

**************************************************************************

.

Completion time: 2010-09-18 14:17:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-18 13:17

ComboFix2.txt 2010-09-15 14:26

ComboFix3.txt 2010-09-11 11:42

Pre-Run: 13,812,113,408 bytes free

Post-Run: 13,954,924,544 bytes free

- - End Of File - - 4BFBA70A34888BB9E0989D34150C6AEE

DSS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 15:52:22.34 on Sat 09/18/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.130 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\hosting\client\HostingClient.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Owner\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = http=127.0.0.1:8181

uInternet Settings,ProxyOverride = *.local;<local>

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun

mRun: [CARPService] carpserv.exe

mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quicken\billmind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hostin~1.lnk - c:\hosting\client\HostingClient.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~2.lnk - c:\program files\quicken\QWDLLS.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270812775327

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-9 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-9 29584]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-9 243024]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-9 308136]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-26 54752]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-3 291328]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-3 244608]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-7-17 28280]

S2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [2009-9-28 24645]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2008-2-8 39040]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-2-8 54016]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 tomcat6;tomcat6;c:\hosting\tomcat\bin\tomcat6.exe [2007-7-20 57344]

=============== Created Last 30 ================

2010-09-18 12:11:39 0 d-----w- c:\program files\CCleaner

2010-09-15 14:04:48 0 d-sha-r- C:\cmdcons

2010-09-11 10:53:33 98816 ----a-w- c:\windows\sed.exe

2010-09-11 10:53:33 77312 ----a-w- c:\windows\MBR.exe

2010-09-11 10:53:33 256512 ----a-w- c:\windows\PEV.exe

2010-09-11 10:53:33 161792 ----a-w- c:\windows\SWREG.exe

2010-09-10 01:40:06 0 d-----w- C:\$AVG

2010-09-10 01:01:10 0 d-----w- c:\docume~1\owner\applic~1\Windows Search

2010-09-09 20:21:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-09-09 20:21:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-09-09 20:21:14 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-09 20:20:43 0 d-----w- c:\windows\system32\drivers\Avg

2010-09-09 20:20:14 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-09-09 19:49:12 0 d-----w- c:\program files\Microsoft Security Essentials

2010-09-08 16:34:53 0 d-----w- c:\windows\system32\winrm

2010-09-08 16:34:37 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-09-08 16:33:17 0 d-----w- c:\docume~1\owner\applic~1\Windows Desktop Search

2010-09-08 16:32:03 0 d-----w- c:\program files\Windows Desktop Search

2010-09-08 16:32:02 0 d-----w- c:\windows\system32\GroupPolicy

2010-09-08 16:30:24 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-09-08 16:30:24 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-09-08 16:30:24 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-09-08 14:48:11 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-09-08 14:11:06 0 d-----w- c:\windows\system32\XPSViewer

2010-09-08 14:07:26 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-09-08 14:07:26 117760 ------w- c:\windows\system32\prntvpt.dll

2010-09-08 14:07:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-09-08 14:07:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-09-08 14:07:24 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-09-08 14:07:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-09-08 14:07:22 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-09-08 14:07:19 0 d-----w- C:\b01cbcfd3d87213b05

2010-09-08 13:46:52 0 d-sh--w- c:\documents and settings\owner\IECompatCache

2010-09-08 13:46:17 0 d-sh--w- c:\documents and settings\owner\PrivacIE

2010-09-08 13:43:58 0 d-sh--w- c:\documents and settings\owner\IETldCache

2010-09-08 13:11:07 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-09-08 13:10:21 0 d-----w- c:\windows\ie8updates

2010-09-08 13:09:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-09-08 13:09:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-09-08 13:09:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-09-08 13:09:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-09-08 13:09:20 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-09-08 13:09:19 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-09-08 13:09:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-09-08 13:04:27 0 dc-h--w- c:\windows\ie8

2010-09-08 12:17:43 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-09-08 12:11:31 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2010-09-08 12:11:00 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-09-08 12:10:09 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-08 12:08:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-09-08 12:08:27 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-09-08 12:06:40 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-09-08 12:04:58 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-09-08 12:04:48 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-09-08 12:04:04 293376 ------w- c:\windows\system32\browserchoice.exe

2010-09-08 12:01:20 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-09-08 12:00:56 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-09-08 12:00:19 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-09-08 12:00:18 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb

2010-09-08 12:00:17 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-09-07 21:04:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-09-07 21:04:00 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-09-07 20:48:48 19569 ----a-w- c:\windows\005722_.tmp

2010-09-07 19:17:01 0 d-----w- c:\windows\system32\wbem\Repository.001

2010-09-07 19:16:16 380416 ------w- c:\windows\system32\irprops.cpl

2010-09-07 19:16:09 217816 -c--a-w- c:\windows\system32\dllcache\wuaucpl.cpl

2010-09-07 19:16:09 217816 ----a-w- c:\windows\system32\wuaucpl.cpl

2010-09-07 19:00:33 19528 ----a-w- c:\windows\002474_.tmp

2010-09-07 18:25:45 12598 ----a-w- c:\windows\system32\wpa.bak

2010-09-07 18:15:58 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime

2010-09-07 18:15:53 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime

2010-09-07 18:15:50 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime

2010-09-07 18:15:45 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime

2010-09-07 18:15:42 72704 -c--a-w- c:\windows\system32\dllcache\wingb.ime

2010-09-07 18:15:39 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime

2010-09-07 18:15:31 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-09-07 18:15:30 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-09-07 18:15:10 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-09-07 18:15:07 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll

2010-09-07 18:15:05 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll

2010-09-07 18:14:28 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll

2010-09-07 18:14:27 65024 -c--a-w- c:\windows\system32\dllcache\unicdime.ime

2010-09-07 18:14:18 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2010-09-07 18:14:04 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll

2010-09-07 18:14:03 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe

2010-09-07 18:14:01 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe

2010-09-07 18:14:00 571392 -c--a-w- c:\windows\system32\dllcache\tintlgnt.ime

2010-09-07 18:13:54 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2010-09-07 18:13:52 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2010-09-07 18:13:50 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2010-09-07 18:13:21 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-09-07 18:13:08 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll

2010-09-07 18:13:04 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2010-09-07 18:13:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll

2010-09-07 18:11:49 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2010-09-07 18:11:48 205824 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll

2010-09-07 18:11:41 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll

2010-09-07 18:11:26 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll

2010-09-07 18:11:24 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2010-09-07 18:11:22 79872 -c--a-w- c:\windows\system32\dllcache\rwia001.dll

2010-09-07 18:11:07 26112 -c--a-w- c:\windows\system32\dllcache\romanime.ime

2010-09-07 18:11:00 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2010-09-07 18:09:50 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll

2010-09-07 18:09:49 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll

2010-09-07 18:09:47 36927 -c--a-w- c:\windows\system32\dllcache\padrs411.dll

2010-09-07 18:09:46 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll

2010-09-07 18:09:11 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2010-09-07 18:08:34 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll

2010-09-07 18:07:59 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex

2010-09-07 18:07:58 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-09-07 18:07:09 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2010-09-07 18:07:07 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll

2010-09-07 18:06:57 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2010-09-07 18:06:33 1158818 -c--a-w- c:\windows\system32\dllcache\korwbrkr.lex

2010-09-07 18:06:32 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-09-07 18:06:16 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2010-09-07 18:06:15 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-09-07 18:06:14 7168 -c--a-w- c:\windows\system32\dllcache\kbdnec95.dll

2010-09-07 18:05:40 6144 -c--a-w- c:\windows\system32\dllcache\kbd101a.dll

2010-09-07 18:05:37 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll

2010-09-07 18:05:14 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll

2010-09-07 18:05:13 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll

2010-09-07 18:05:11 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe

2010-09-07 18:05:09 102456 -c--a-w- c:\windows\system32\dllcache\imlang.dll

2010-09-07 18:05:07 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe

2010-09-07 18:05:06 274489 -c--a-w- c:\windows\system32\dllcache\imjputyc.dll

2010-09-07 18:05:05 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe

2010-09-07 18:05:03 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe

2010-09-07 18:05:02 233527 -c--a-w- c:\windows\system32\dllcache\imjprw.exe

2010-09-07 18:05:00 208952 -c--a-w- c:\windows\system32\dllcache\imjpmig.exe

2010-09-07 18:03:41 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

2010-09-07 18:03:17 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll

2010-09-07 18:03:15 108827 -c--a-w- c:\windows\system32\dllcache\hanja.lex

2010-09-07 18:02:57 11264 -c--a-w- c:\windows\system32\dllcache\fxssend.exe

2010-09-07 18:02:55 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll

2010-09-07 18:02:41 132608 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll

2010-09-07 18:02:39 111104 -c--a-w- c:\windows\system32\dllcache\fxscfgwz.dll

2010-09-07 18:02:19 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe

2010-09-07 18:02:15 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll

2010-09-07 18:02:02 25856 -c--a-w- c:\windows\system32\dllcache\et4000.sys

2010-09-07 18:02:01 45056 -c--a-w- c:\windows\system32\dllcache\esunid.dll

2010-09-07 18:02:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll

2010-09-07 18:01:58 31744 -c--a-w- c:\windows\system32\dllcache\esucmd.dll

2010-09-07 18:00:46 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime

2010-09-07 18:00:30 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe

2010-09-07 18:00:28 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe

2010-09-07 18:00:08 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2010-09-07 18:00:06 21504 -c--a-w- c:\windows\system32\dllcache\cintlgnt.ime

2010-09-07 18:00:05 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll

2010-09-07 18:00:01 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll

2010-09-07 17:59:59 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll

2010-09-07 17:59:58 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll

2010-09-07 17:59:56 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll

2010-09-07 17:59:54 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll

2010-09-07 17:59:51 14336 -c--a-w- c:\windows\system32\dllcache\chgusr.exe

2010-09-07 17:59:49 15872 -c--a-w- c:\windows\system32\dllcache\chgport.exe

2010-09-07 17:59:48 13312 -c--a-w- c:\windows\system32\dllcache\chglogon.exe

2010-09-07 17:59:46 9728 -c--a-w- c:\windows\system32\dllcache\change.exe

2010-09-07 17:59:45 78336 -c--a-w- c:\windows\system32\dllcache\chajei.ime

2010-09-07 17:59:34 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys

2010-09-07 17:59:29 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll

2010-09-07 17:58:23 312832 -c--a-w- c:\windows\system32\dllcache\EXCH_aqueue.dll

2010-09-07 17:58:21 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2010-09-07 17:57:51 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2010-09-07 17:56:56 2134528 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpsnap.dll

2010-09-07 17:56:54 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll

2010-09-07 17:42:25 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-09-07 17:41:41 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-09-07 17:39:10 45568 ----a-w- c:\windows\system32\safrslv.dll

2010-09-07 17:39:10 29696 ----a-w- c:\windows\system32\safrdm.dll

2010-09-07 17:39:09 43520 ----a-w- c:\windows\system32\safrcdlg.dll

2010-09-07 17:39:09 43520 ----a-w- c:\windows\system32\racpldlg.dll

2010-09-07 17:39:02 32768 ----a-w- c:\windows\system32\mnmsrvc.exe

2010-09-07 17:39:02 32768 ----a-w- c:\windows\system32\isrdbg32.dll

2010-09-07 17:37:56 252928 ----a-w- c:\windows\system32\msoeacct.dll

2010-09-07 17:37:56 105984 ----a-w- c:\windows\system32\msoert2.dll

2010-09-07 17:37:54 691712 ----a-w- c:\windows\system32\inetcomm.dll

2010-09-07 17:37:52 192512 ----a-w- c:\windows\system32\schedsvc.dll

2010-09-07 17:37:51 274944 ----a-w- c:\windows\system32\mstask.dll

2010-09-07 17:37:51 12288 ----a-w- c:\windows\system32\mstinit.exe

2010-09-07 17:28:58 6144 ----a-w- c:\windows\system32\dcomcnfg.exe

2010-09-07 16:53:13 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-09-07 16:51:39 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-09-07 16:46:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-09-07 16:32:24 4096 ----a-w- c:\windows\system32\ksuser.dll

2010-09-07 16:32:24 129536 ----a-w- c:\windows\system32\ksproxy.ax

2010-09-07 16:22:13 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2010-09-07 16:01:59 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT

2010-09-07 16:01:51 13608 ----a-r- c:\windows\SETD6.tmp

2010-09-07 16:01:44 1086182 ----a-r- c:\windows\SETC7.tmp

2010-09-07 15:59:04 7655109 ----a-w- c:\windows\setupapi.log.0.old

2010-09-07 09:55:08 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2010-09-07 09:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-07 09:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-07 09:54:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-07 09:54:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-09-07 17:31:57 23444 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2008-05-18 20:28:48 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051820080519\index.dat

============= FINISH: 15:53:22.19 ===============

Link to post
Share on other sites

  • Staff
I had a look for that Limewire and couldn't find it on the add/remove list. I also asked my friend about it and they said they didn't know it was on only Bearshare.
The same holds true for BearShare and Frostwire. Both are P2P programs and I see elements of both...

After uninstalling those, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I uninstalled the Frostwire and trie to do the same with Bearshare but that wouldnt come off, so deleted it manually where I could.

I then did those programs you wanted and below are the logs, but when I connected the laptop up to the internet it was still causing the other pc's from connecting to the internet every so often, they just kept showing Page cannot be displayed and my iPod touch kept stating that it wasn't connected to the internet. Once the laptop came off they are all back to normal.

Logs:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6d3c1c83f155b24db5870bde0c5f76b8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-09-20 11:30:37

# local_time=2010-09-20 12:30:37 (+0000, GMT Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777195 100 0 914999 914999 0 0

# compatibility_mode=5891 16776873 100 100 842361 15433191 0 0

# compatibility_mode=8192 67108863 100 0 129 129 0 0

# scanned=65556

# found=1

# cleaned=1

# scan_time=3623

C:\Documents and Settings\Owner\My Documents\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

ESET Online Scanner v3

McAfee Security Scan Plus

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 11

Java 2 Runtime Environment, SE v1.4.2

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Microsoft Security Essentials msseces.exe

````````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Link to post
Share on other sites

I don't know if this of any help, but I not only uninstalled java like you asked, but I also disabled hostingclient.exe as I wasn't sure what it was and so far all the pc's are working on the network including the ipod.

Its installed at:

c:\hosting\client\HostingClient.exe

Do you know what this is please and if we need it ??

Link to post
Share on other sites

  • Staff

Hi,

Can you please zip up this folder and attach it here for us; we would like to investigate it further:

c:\hosting

Have you tried powering both the modem and router off and back on? See if this allows all of the computers to connect.

If no joy, click on Start --> Run, and type in cmd.exe; press Enter.

Enter each of the following commands exactly as shown, pressing Enter after each line:

NETSH FIREWALL RESET

(Enter)

NETSH int ip reset c:\resetlog.txt

(Enter)

netsh winsock reset catalog

(Enter)

Next:

  1. Download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  2. Double-click VEW.exe
  3. Under 'Select log to query', select:
    • Application
    • System

[*]Under 'Select type to list', select:

  • Error

[*] Click the radio button for 'Number of events'

[*]Type 20 in the 1 to 20 box

[*]Then click the Run button.

[*]Notepad will open with the output log.

Please post the Output log in your next reply

Link to post
Share on other sites

As I said all the computers are now connecting to the net, my ipod noticed it the most with ebay not loading up correctly and once I sorted out the last few fixes on the laptop they all came back on correctly.

Now that they are all working right, I still have the hostingclient disabled.

The folder is over 200MB in size, I've zipped it down and its now around 58MB, so if you still want the folder I can upload to somewhere like hotfile or rapidshare.

Only down side to this laptop is that its very slow (512MB memory lol), but everything seems fine now (hopefully).

If you could let me know about the hosting folder I'll get it down asap.

Link to post
Share on other sites

So far so good, but pc still running slow (think that could be down to the memory 512MB).

I don't know if this will help in the research of the hosting folder, but here's the details of the AVG scan before you started helping me with this problem.

AVG scan result:

Infections: 7

Virus found PHP/Zbot

c:\hosting\apache_home\wapdodoit.ru\www\m2\cp.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\botnet_bots.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\botnet_scripts.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\config.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\global.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\reports_db.php

c:\hosting\apache_home\wapdodoit.ru\www\m2\system\reports_files.php

Link to post
Share on other sites

Hi.

Thanks for all your help in this. I went to do what you've asked on PCPitstop and when I tried to turn the laptop on there was a hissing sound and smoke coming from the PSU and the laptop. It has not only blown the inside of the laptop but also blown the PSU - good thing we've got a circuit breaker. So my friends trying to decide if a repair will be cheaper than just getting a new laptop. Thanks again though.

I did notice one thing through all this process, during the whole process of trying to get the laptop fixed I couldn't get the wireless to work at all, even though it had been working the last time it was at my house. I did think it was the driver that was corrupt and reinstalled the driver, but that didn't help.

I guess we'll never know now.

But thanks again for all your hard work.

Link to post
Share on other sites

  • Staff

Unfortunate to hear about the electrical issues.

I did notice one thing through all this process, during the whole process of trying to get the laptop fixed I couldn't get the wireless to work at all, even though it had been working the last time it was at my house. I did think it was the driver that was corrupt and reinstalled the driver, but that didn't help.
It could have been a result of the infection or a number of other things. At this point I cannot say for sure either way.

Is there anything else I can help you with?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.