Jump to content

I have 2 nasty files that malwarebytes, combofix, hijackthis, cacls.exe is not working please help


IT Expert
 Share

Recommended Posts

O2 - BHO: (no name) - {24D0552A-D226-434E-B955-E34867FB5D79} - c:\windows\system32\iszyodn.dll

O2 - BHO: (no name) - {8739BFA5-123A-498D-BA7E-73AD7D40B0D5} - C:\WINDOWS\System32\dssenhn.dll

Here are the 2 files, seems to be a rootkit, avg internet security doesnt kill it, malwarebytes doesnt, hijackthis doesnt, combofix doesnt, unable to cacls.exe it, ran sfc /scannnow, still nothing. Any help woud be greatly appreciated!!

PS. Nothings attached to the explorer.exe, beep.sys driver is fine. Please dont say format, im looking for a true fix that doesnt require a format

Link to post
Share on other sites

Here is the log from the malwarebytes scan

Malwarebytes' Anti-Malware 1.31

Database version: 1519

Windows 5.1.2600 Service Pack 3

2008-12-18 07:39:59 PM

mbam-log-2008-12-18 (19-39-59).txt

Scan type: Full Scan (C:\|)

Objects scanned: 128737

Time elapsed: 1 hour(s), 12 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24d0552a-d226-434e-b955-e34867fb5d79} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{24d0552a-d226-434e-b955-e34867fb5d79} (Trojan.BHO.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8739bfa5-123a-498d-ba7e-73ad7d40b0d5} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{8739bfa5-123a-498d-ba7e-73ad7d40b0d5} (Trojan.BHO.H) -> Delete on reboot.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\SYSTEM32\iszyodn.dll (Trojan.BHO.H) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\dssenhn.dll (Trojan.BHO.H) -> Delete on reboot.

Link to post
Share on other sites

And here is the Hijackthis log. This is after trying to remove the issues from it and restarted computer. After rescanning its still shows the 2 main issues.

O2 - BHO: (no name) - {8739BFA5-123A-498D-BA7E-73AD7D40B0D5} -

C:\WINDOWS\System32\dssenhn.dll

O2 - BHO: (no name) - {24D0552A-D226-434E-B955-E34867FB5D79} -

c:\windows\system32\iszyodn.dll

Logfile of HijackThis v1.99.1

Scan saved at 09:29, on 2008-12-18

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Documents and Settings\Owner\Desktop\remote tools\h-renamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {24D0552A-D226-434E-B955-E34867FB5D79} - c:\windows\system32\iszyodn.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {8739BFA5-123A-498D-BA7E-73AD7D40B0D5} - C:\WINDOWS\System32\dssenhn.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R1800 on D121VRC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P41 "Auto EPSON Stylus Photo R1800 on D121VRC1" /O19 "\\D121VRC1\Printer3" /M "Stylus Photo R1800"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /M "Stylus Photo R1800" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpn.childrensmemorial.org/Citrix/IC...ca32/wficat.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227207426953

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx

O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service (file missing)

Link to post
Share on other sites

After locating these 2 files in the registry:

HKEY_Local_Machine/Software/Classes/CLSID/24D0552A-D226-434E-B955-E34867FB5D79/InproServer32/iszyodn.dll

HKEY_Local_Machine/Software/Classes/CLSID/8739BFA5-123A-498D-BA7E-73AD7D40B0D5/InproServer32/dssenhn.dll

I tried to modify the binary code, access denied. So i tried to run c:\windows\system32\cacls.exe dssenhn.dll /d everyone still is denying it. Theres nothing on google about this new aged infection. Please someone respond ASAP with an idea of what to try

Link to post
Share on other sites

You likely have something present that's just reinstalling them.

Your best bet is to post in the hijackthis forum for help. One of our experts should be able to help you out. Assuming this is a personal computer, and not a clients?

Link to post
Share on other sites

Ok will do thanks, and no its not a clients, its my cousins. He alway seems to stump me by infecting his computer with some new age trash, I would be very interested to see what and where this something is thats reinstalling it. I have search high and low in the registry. ran just about every GOOD infected detection and removal tool that I know with the same issue....

Link to post
Share on other sites

Ok will do thanks, and no its not a clients, its my cousins. He alway seems to stump me by infecting his computer with some new age trash, I would be very interested to see what and where this something is thats reinstalling it. I have search high and low in the registry. ran just about every GOOD infected detection and removal tool that I know with the same issue....

Instead of throwing everything but a blow torch at it, Just wait until one of our Forum assistants comes along. They have a specific procedure that is followed to determine whats sticking around and how best to deal with it. Without posing your cousins computer at potential risk.

I'll PM one of them for you and see if he can take a look at this thread.

Link to post
Share on other sites

Just scanned with Avenger for rootkits

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Also ran Mcafee Rootkit detective, same thing found nothing.

Link to post
Share on other sites

Just ran RSIT:

Here is the Log File....

Logfile of random's system information tool 1.05 (written by random/random)

Run by Owner at 2008-12-19 01:06:16

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 88 GB (80%) free of 110 GB

Total RAM: 512 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:06, on 2008-12-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Documents and Settings\Owner\Desktop\remote tools\RSIT.exe

C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {24D0552A-D226-434E-B955-E34867FB5D79} - c:\windows\system32\iszyodn.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {8739BFA5-123A-498D-BA7E-73AD7D40B0D5} - C:\WINDOWS\System32\dssenhn.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /O12 "EP1394D3_001" /M "Stylus Photo R1800"

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R1800 on D121VRC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P41 "Auto EPSON Stylus Photo R1800 on D121VRC1" /O19 "\\D121VRC1\Printer3" /M "Stylus Photo R1800"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P24 "EPSON Stylus Photo R1800" /M "Stylus Photo R1800" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://vpn.childrensmemorial.org/Citrix/IC...ca32/wficat.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227207426953

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars/customerxsigned42.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx

O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--

End of file - 7979 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24D0552A-D226-434E-B955-E34867FB5D79}]

c:\windows\system32\iszyodn.dll [2001-08-17 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-03 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8739BFA5-123A-498D-BA7E-73AD7D40B0D5}]

C:\WINDOWS\System32\dssenhn.dll [2008-11-12 120576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2008-12-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

c:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2008-12-03 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

"KBD"=C:\HP\KBD\KBD.EXE [2001-07-06 61440]

"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2001-08-07 143360]

"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2001-08-07 90112]

"PS2"=C:\WINDOWS\system32\ps2.exe [2001-07-03 81920]

"EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE [2004-09-08 98304]

"Auto EPSON Stylus Photo R1800 on D121VRC1"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE [2004-09-08 98304]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE [2004-09-08 98304]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"

.scr - install -

.scr - config -

======List of files/folders created in the last 1 months======

2008-12-19 01:06:18 ----D---- C:\Program Files\trend micro

2008-12-19 01:06:15 ----D---- C:\rsit

2008-12-19 00:37:20 ----D---- C:\Avenger

2008-12-19 00:37:19 ----A---- C:\avenger.txt

2008-12-18 11:15:30 ----D---- C:\Program Files\TeamViewer

2008-12-09 22:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-09 22:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-09 22:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-09 22:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-03 09:09:43 ----HD---- C:\$AVG8.VAULT$

2008-12-03 02:06:45 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2008-12-03 02:06:30 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR

2008-12-03 02:04:47 ----D---- C:\Program Files\AVG

2008-12-03 02:04:47 ----A---- C:\WINDOWS\system32\avgfwdx.dll

2008-12-03 02:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2008-12-02 06:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-12-02 06:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-12-02 06:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2008-12-02 06:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-12-02 06:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-12-02 06:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-12-02 06:06:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-12-02 06:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-12-02 06:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-12-02 06:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-12-02 06:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-12-02 06:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2008-12-02 06:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-12-02 06:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-12-02 06:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2008-12-02 06:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$

2008-12-02 06:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-12-02 06:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-12-02 06:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-12-02 06:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-12-02 06:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-12-02 06:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-12-02 06:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$

2008-12-02 05:05:16 ----A---- C:\WINDOWS\OEWABLog.txt

2008-12-02 05:04:23 ----D---- C:\WINDOWS\Prefetch

2008-12-02 04:55:06 ----A---- C:\WINDOWS\setuplog.txt

2008-12-02 04:53:40 ----N---- C:\WINDOWS\system32\msxml6r.dll

2008-12-02 04:53:40 ----N---- C:\WINDOWS\system32\msxml6.dll

2008-12-02 04:53:35 ----N---- C:\WINDOWS\system32\aaclient.dll

2008-12-02 04:53:34 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2008-12-02 04:53:34 ----N---- C:\WINDOWS\system32\azroles.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3svc.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3msm.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dot3api.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dimsroam.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2008-12-02 04:53:33 ----N---- C:\WINDOWS\system32\credssp.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eapsvc.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eapqec.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eappprxy.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eapphost.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eappgnui.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eappcfg.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\eapolqec.dll

2008-12-02 04:53:32 ----N---- C:\WINDOWS\system32\dot3ui.dll

2008-12-02 04:53:30 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2008-12-02 04:53:30 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2008-12-02 04:53:30 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\mmcperf.exe

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\mmcex.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\kmsvc.dll

2008-12-02 04:53:29 ----N---- C:\WINDOWS\system32\kbdpash.dll

2008-12-02 04:53:28 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2008-12-02 04:53:28 ----N---- C:\WINDOWS\system32\mssha.dll

2008-12-02 04:53:27 ----N---- C:\WINDOWS\system32\napstat.exe

2008-12-02 04:53:27 ----N---- C:\WINDOWS\system32\napmontr.dll

2008-12-02 04:53:27 ----N---- C:\WINDOWS\system32\napipsec.dll

2008-12-02 04:53:24 ----N---- C:\WINDOWS\system32\onex.dll

2008-12-02 04:53:23 ----N---- C:\WINDOWS\system32\photometadatahandler.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\setupn.exe

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\rhttpaa.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\rasqec.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\qutil.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\qcliprov.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\qagentrt.dll

2008-12-02 04:53:22 ----N---- C:\WINDOWS\system32\qagent.dll

2008-12-02 04:53:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll

2008-12-02 04:53:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll

2008-12-02 04:53:21 ----N---- C:\WINDOWS\system32\tzchange.exe

2008-12-02 04:53:21 ----N---- C:\WINDOWS\system32\tspkg.dll

2008-12-02 04:53:21 ----N---- C:\WINDOWS\system32\tsgqec.dll

2008-12-02 04:53:20 ----N---- C:\WINDOWS\system32\wmphoto.dll

2008-12-02 04:53:20 ----N---- C:\WINDOWS\system32\wlanapi.dll

2008-12-02 04:53:17 ----D---- C:\WINDOWS\system32\scripting

2008-12-02 04:53:15 ----D---- C:\WINDOWS\l2schemas

2008-12-02 04:53:14 ----D---- C:\WINDOWS\system32\en

2008-12-02 04:30:07 ----D---- C:\4e28fb7dcefe4202782df58e1ae5ce

2008-12-01 22:51:20 ----SHD---- C:\RECYCLER

2008-12-01 22:48:03 ----D---- C:\Program Files\Ashampoo

2008-12-01 19:44:57 ----A---- C:\ComboFix.txt

2008-12-01 19:39:42 ----D---- C:\WINDOWS\temp

2008-12-01 17:13:44 ----D---- C:\WINDOWS\ie7updates

2008-12-01 17:12:45 ----D---- C:\WINDOWS\WBEM

2008-12-01 17:12:44 ----D---- C:\WINDOWS\system32\en-US

2008-12-01 17:11:19 ----HDC---- C:\WINDOWS\ie7

2008-12-01 17:10:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

2008-12-01 17:10:20 ----D---- C:\0dedacf35a1cf99cb2bb526ec195

2008-12-01 17:10:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

2008-12-01 17:09:29 ----D---- C:\815c00ccf8315da0cf44

2008-12-01 17:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$

2008-12-01 17:09:13 ----N---- C:\WINDOWS\system32\xmllite.dll

2008-12-01 17:06:33 ----D---- C:\WINDOWS\network diagnostic

2008-12-01 17:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$

2008-12-01 17:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

2008-12-01 16:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$

2008-12-01 16:50:30 ----A---- C:\WINDOWS\imsins.BAK

2008-12-01 16:45:12 ----A---- C:\WINDOWS\system32\wmpns.dll

2008-12-01 16:43:25 ----N---- C:\WINDOWS\system32\proxycfg.exe

2008-12-01 16:43:25 ----N---- C:\WINDOWS\system32\logman.exe

2008-12-01 16:43:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\bthserv.dll

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\bthci.dll

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\blastcln.exe

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\auditusr.exe

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2008-12-01 16:43:10 ----N---- C:\WINDOWS\system32\ati3duag.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\fltlib.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\extmgr.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\dxdiagn.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\d3d9.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\cmsetacl.dll

2008-12-01 16:43:09 ----N---- C:\WINDOWS\system32\btpanui.dll

2008-12-01 16:43:08 ----N---- C:\WINDOWS\system32\httpapi.dll

2008-12-01 16:43:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2008-12-01 16:43:08 ----N---- C:\WINDOWS\system32\fwcfg.dll

2008-12-01 16:43:08 ----N---- C:\WINDOWS\system32\fsquirt.exe

2008-12-01 16:43:08 ----N---- C:\WINDOWS\system32\fltmc.exe

2008-12-01 16:43:08 ----A---- C:\WINDOWS\system32\ieencode.dll

2008-12-01 16:43:07 ----N---- C:\WINDOWS\system32\kbdfi1.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\msdadiag.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\mp4sdmod.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdukx.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdsmsno.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdno1.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdmlt48.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdmlt47.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdmaori.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdinmal.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdinben.dll

2008-12-01 16:43:06 ----N---- C:\WINDOWS\system32\kbdinbe1.dll

2008-12-01 16:43:05 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\powercfg.exe

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\pnrpnsp.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\p2psvc.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\p2pnetsh.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\p2pgraph.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\p2pgasvc.dll

2008-12-01 16:43:04 ----N---- C:\WINDOWS\system32\p2p.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\w3ssl.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\twext.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\strmfilt.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\smbinst.exe

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\slserv.exe

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\slrundll.exe

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\slgen.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\slextspk.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\slcoinst.dll

2008-12-01 16:43:03 ----N---- C:\WINDOWS\system32\sdhcinst.dll

2008-12-01 16:43:02 ----N---- C:\WINDOWS\system32\xmlprov.dll

2008-12-01 16:43:02 ----N---- C:\WINDOWS\system32\wuaueng1.dll

2008-12-01 16:43:02 ----N---- C:\WINDOWS\system32\wuauclt1.exe

2008-12-01 16:43:02 ----N---- C:\WINDOWS\system32\wshbth.dll

2008-12-01 16:43:02 ----N---- C:\WINDOWS\system32\winshfhc.dll

2008-12-01 16:43:02 ----A---- C:\WINDOWS\system32\wscsvc.dll

2008-12-01 16:43:02 ----A---- C:\WINDOWS\system32\wscntfy.exe

2008-12-01 16:43:01 ----N---- C:\WINDOWS\system32\xmlprovi.dll

2008-12-01 16:43:01 ----N---- C:\WINDOWS\slrundll.exe

2008-12-01 16:42:59 ----D---- C:\WINDOWS\peernet

2008-12-01 16:42:57 ----D---- C:\WINDOWS\provisioning

2008-12-01 16:24:28 ----D---- C:\4561c0cdf6909e8d971ad42be408

2008-12-01 16:21:51 ----D---- C:\WINDOWS\system32\NtmsData

2008-12-01 15:00:15 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-01 14:01:27 ----A---- C:\Boot.bak

2008-12-01 14:01:22 ----RASHD---- C:\cmdcons

2008-12-01 13:59:59 ----A---- C:\WINDOWS\zip.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\VFIND.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\SWSC.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\SWREG.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\sed.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\grep.exe

2008-12-01 13:59:59 ----A---- C:\WINDOWS\fdsv.exe

2008-12-01 13:58:48 ----D---- C:\WINDOWS\ERDNT

2008-12-01 13:58:48 ----D---- C:\Qoobox

2008-12-01 13:38:26 ----D---- C:\!KillBox

2008-12-01 12:19:50 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes

2008-12-01 12:19:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-12-01 12:19:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-01 11:46:11 ----D---- C:\Program Files\CrossLoop

2008-12-01 11:39:07 ----D---- C:\Documents and Settings\Owner\Application Data\TeamViewer

2008-11-20 16:33:03 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-20 11:29:32 ----D---- C:\Program Files\Windows Live Safety Center

2008-11-20 11:14:00 ----A---- C:\WINDOWS\system32\esent.dll

2008-11-20 11:09:25 ----D---- C:\WINDOWS\pss

2008-11-20 11:04:12 ----D---- C:\WINDOWS\system32\PreInstall

2008-11-20 11:04:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2008-11-20 11:04:07 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-20 11:02:50 ----D---- C:\WINDOWS\system32\bits

2008-11-20 11:00:49 ----A---- C:\WINDOWS\system32\winhttp.dll

2008-11-20 11:00:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2008-11-20 11:00:49 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2008-11-20 11:00:49 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2008-11-20 10:58:06 ----A---- C:\WINDOWS\system32\wups2.dll

2008-11-20 10:58:06 ----A---- C:\WINDOWS\system32\wups.dll

2008-11-20 10:58:04 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2008-11-20 10:58:04 ----A---- C:\WINDOWS\system32\wucltui.dll

2008-11-20 10:58:03 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2008-11-20 10:58:03 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2008-11-20 10:58:03 ----A---- C:\WINDOWS\system32\wuapi.dll

2008-11-20 10:57:29 ----D---- C:\WINDOWS\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2008-12-19 01:06:18 ----RD---- C:\Program Files

2008-12-19 00:38:36 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt

2008-12-19 00:37:20 ----D---- C:\WINDOWS\system32\drivers

2008-12-19 00:37:03 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-19 00:26:57 ----D---- C:\WINDOWS

2008-12-18 20:31:12 ----RSHD---- C:\WINDOWS\system32\dllcache

2008-12-18 17:27:32 ----D---- C:\WINDOWS\SYSTEM32

2008-12-18 15:56:51 ----D---- C:\WINDOWS\Debug

2008-12-18 06:00:48 ----D---- C:\WINDOWS\INF

2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-11 00:22:44 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM

2008-12-09 22:51:29 ----D---- C:\Program Files\Internet Explorer

2008-12-09 16:30:35 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-09 03:39:36 ----A---- C:\WINDOWS\album.ini

2008-12-04 06:07:38 ----HD---- C:\Config.Msi

2008-12-04 06:01:29 ----SHD---- C:\WINDOWS\Installer

2008-12-03 02:04:40 ----D---- C:\WINDOWS\WinSxS

2008-12-03 02:04:40 ----D---- C:\Program Files\Common Files\Microsoft Shared

2008-12-02 23:16:58 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft

2008-12-02 06:06:36 ----D---- C:\Program Files\Messenger

2008-12-02 06:02:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-02 06:02:28 ----D---- C:\WINDOWS\Registration

2008-12-02 06:02:23 ----RSD---- C:\WINDOWS\assembly

2008-12-02 05:03:31 ----D---- C:\WINDOWS\system32\Setup

2008-12-02 05:03:31 ----D---- C:\WINDOWS\AppPatch

2008-12-02 05:03:30 ----D---- C:\WINDOWS\system32\wbem

2008-12-02 05:03:29 ----D---- C:\WINDOWS\FONTS

2008-12-02 05:03:01 ----D---- C:\WINDOWS\security

2008-12-02 04:53:38 ----D---- C:\WINDOWS\ime

2008-12-02 04:53:37 ----D---- C:\WINDOWS\HELP

2008-12-02 04:53:18 ----D---- C:\WINDOWS\system32\usmt

2008-12-02 04:53:13 ----D---- C:\Program Files\Movie Maker

2008-12-02 04:49:41 ----D---- C:\WINDOWS\system32\Restore

2008-12-02 04:49:40 ----D---- C:\WINDOWS\system32\npp

2008-12-02 04:49:39 ----D---- C:\WINDOWS\msagent

2008-12-02 04:49:38 ----D---- C:\WINDOWS\srchasst

2008-12-02 04:49:37 ----D---- C:\Program Files\NetMeeting

2008-12-02 04:49:35 ----D---- C:\WINDOWS\system32\Com

2008-12-02 04:49:32 ----D---- C:\Program Files\Windows NT

2008-12-02 04:49:32 ----D---- C:\Program Files\Windows Media Player

2008-12-02 04:49:32 ----D---- C:\Program Files\Outlook Express

2008-12-02 04:49:28 ----D---- C:\Program Files\Common Files\System

2008-12-02 04:49:10 ----D---- C:\WINDOWS\system32\oobe

2008-12-02 04:49:08 ----D---- C:\WINDOWS\SYSTEM

2008-12-02 04:44:58 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-12-02 04:42:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-12-02 04:38:05 ----D---- C:\WINDOWS\ehome

2008-12-01 22:39:06 ----D---- C:\Program Files\EMusic

2008-12-01 22:02:05 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-01 21:56:32 ----A---- C:\WINDOWS\win.ini

2008-12-01 21:55:41 ----D---- C:\Program Files\Google

2008-12-01 21:55:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-12-01 21:55:17 ----HD---- C:\Program Files\InstallShield Installation Information

2008-12-01 19:41:30 ----A---- C:\WINDOWS\system.ini

2008-12-01 19:40:05 ----D---- C:\WINDOWS\system32\config

2008-12-01 19:39:09 ----D---- C:\Program Files\Common Files

2008-12-01 18:00:08 ----D---- C:\Documents and Settings

2008-12-01 17:12:39 ----D---- C:\WINDOWS\MEDIA

2008-12-01 16:53:35 ----SHD---- C:\System Volume Information

2008-12-01 16:45:22 ----RASH---- C:\boot.ini

2008-12-01 16:43:24 ----D---- C:\WINDOWS\system32\mui

2008-12-01 16:37:11 ----RD---- C:\WINDOWS\WEB

2008-12-01 16:36:52 ----RASH---- C:\NTDETECT.COM

2008-12-01 12:00:58 ----D---- C:\WINDOWS\system32\MsDtc

2008-12-01 12:00:43 ----D---- C:\WINDOWS\repair

2008-12-01 11:45:07 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe

2008-11-20 14:16:55 ----SD---- C:\WINDOWS\Tasks

2008-11-20 10:58:11 ----HD---- C:\Program Files\WindowsUpdate

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 98440]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 90632]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-17 63232]

R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-03 29208]

R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]

R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]

R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2001-09-16 13716]

R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-09-24 463848]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 42752]

S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-03 29208]

S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-14 206976]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]

S3 epppdt;EPSON 1394.3 Class; C:\WINDOWS\System32\DRIVERS\epppdt.sys [2004-08-31 31269]

S3 epppdtpr;EPSON 1394.3 Printer Class; C:\WINDOWS\System32\DRIVERS\epppdtpr.sys [2004-08-31 14457]

S3 Freedom;FREEDOM Miniport; C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS []

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]

S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]

S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]

S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2001-11-15 12338]

S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [2001-08-17 3328]

S3 S3SavageNB;S3SavageNB; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-03 874776]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]

R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-03 1212184]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-19 152984]

R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe [2007-10-08 157000]

R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-15 185640]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

-----------------EOF-----------------

Here is the Info File.....

info.txt logfile of random's system information tool 1.05 2008-12-19 01:06:55

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}

AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"

Ashampoo WinOptimizer 5.10-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe"

AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Belkin USB Ethernet-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Belkin Components\Belkin USB Ethernet Software\Uninst.isu" -c"C:\Program Files\Belkin Components\Belkin USB Ethernet Software\ELUTILS.DLL"

Blasterball Wild-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6F6456A-DB80-4769-985C-E4F9342202D0}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

ComcastSUPPORT-->"C:\Program Files\Support.com\bin\tgfix.exe" /rm /nq

CrossLoop 2.41-->"C:\Program Files\CrossLoop\unins000.exe"

Dark Orbit-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {BF225650-36EB-45E8-9666-572A88F31D59}

Detto IntelliMover-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}\Setup.exe"

Diff Doc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SoftInterface, Inc.\Diff Doc\Uninst.isu"

EPSON 1394.3 Printer Devices-->epppdtun.exe

EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\Setup.exe" -l0x9 UNINST

EPSON PhotoCenter -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76E927F-E292-434B-9661-3858F5D7BF63}\setup.exe" -l0x9 anything

EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM

EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON RAW Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64D662BF-462F-4747-A2E4-B6A7FA63BDB8}\Setup.exe" -l0x9 /COMPANE

EPSON SPR1800 Reference Guide-->C:\Program Files\epson\guide\spr1800_e\uninstall.exe

GemMaster 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {1E6ADBB1-4D4E-4A02-A269-75243222C467}

Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Care Pack Core-->MsiExec.exe /I{3BC341BD-3736-45F0-B0E0-5664792AC528}

hp center-->C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903

HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG

HP LaserJet 2200 Uninstaller-->C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200\setup.exe uninst22.ini

HP LaserJet P2015 Series 1.0-->C:\Program Files\HP\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot

HP Learning Adventure-->c:\program files\HPSelect\Frontend\uninstall.exe

HP RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}

HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}

Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf

InterVideo WinDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

KazooStudio-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Kazoo3D\KazooStudio\Uninst.isu" -c"C:\Program Files\Kazoo3D\KazooStudio\UnInst.dll"

KBD-->C:\HP\KBD\KBD.EXE uninstalled

Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MarketBrowser-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35845E72-E34A-11D4-817D-005004D0F1FA}\Setup.exe" -uninst

MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}

Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Word 2002-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}

Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}

Microsoft Works and Money 2002 Setup Launcher-->C:\Program Files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\

MonacoEZcolor Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7467335-BFC5-4028-95F4-4471C428429A}\setup.exe"

MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

My Photo Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\My Photo Center\Uninst.isu"

Palm Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall

Photo Loader 2.2E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst

Photohands 1.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"

PigPen-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}

Premium ICC Color Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CAF232B-6260-455E-B3E9-320190955F04}\Setup.exe" -l0x9 anything

PS2-->C:\WINDOWS\system32\ps2.exe uninstall

Python 1.5 combined Win32 extensions-->C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG

Python 1.5.2 (final)-->C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG

Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG

RoadRunner-->MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}

S3 Gamma-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'

S3 Savage4 Family Display Switch2 Utility-->S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2

SabreWing 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {6F0DE0D5-2556-4A64-9892-07BAE121B7EC}

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sonic Foundry Super Duper Music Looper XPress-->MsiExec.exe /I{7B4BB888-B44E-4B91-BEE9-FE14B312B58C}

Space Rocks-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {419C98C4-D884-4174-B710-CBF3863767DA}

Speedway-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6CAB2F4-26A4-48F4-A35D-CA83063E3928}

Stamps.com Internet Postage-->C:\PROGRA~1\STAMPS~1.COM\UNWISE.EXE C:\PROGRA~1\STAMPS~1.COM\INSTALL.LOG

Studio-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pinnacle\Studio\Studio7.isu" -a -cC:\WINDOWS\Studio7.dll

StuffIt 11-->MsiExec.exe /X{9D2B054C-D335-4870-ADFB-BC645CCC3C76}

Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG

TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

USB-->C:\WINDOWS\system32\usb.exe uninstall

Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"

War Games Virtual Warfare Demo-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {AF0DBCA4-1DBA-4507-89CC-883B25920FFB}

Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}

WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WordPerfect Office 2002 Try Before You Buy-->C:\WINDOWS\Corel\uninst32.exe

WordPerfect Office 2002 Try Before You Buy-->MsiExec.exe /I{29D88826-2AB9-11D5-8854-00902761A46D}

======Security center information======

AV: AVG Internet Security

FW: AVG Firewall

System event log

Computer Name: DALTON

Event Code: 4377

Message: Windows XP Hotfix KB904706 was installed.

Record Number: 18427

Source Name: NtServicePack

Time Written: 20081120162740.000000-480

Event Type: information

User: DALTON\Owner

Computer Name: DALTON

Event Code: 19

Message: Installation Successful: Windows successfully installed the following update: Security Update for Windows XP (KB908531)

Record Number: 18426

Source Name: Windows Update Agent

Time Written: 20081120162735.000000-480

Event Type: information

User:

Computer Name: DALTON

Event Code: 4377

Message: Windows XP Hotfix KB908531 was installed.

Record Number: 18425

Source Name: NtServicePack

Time Written: 20081120162729.000000-480

Event Type: information

User: DALTON\Owner

Computer Name: DALTON

Event Code: 19

Message: Installation Successful: Windows successfully installed the following update: Security Update for Windows XP (KB905749)

Record Number: 18424

Source Name: Windows Update Agent

Time Written: 20081120162720.000000-480

Event Type: information

User:

Computer Name: DALTON

Event Code: 4377

Message: Windows XP Hotfix KB905749 was installed.

Record Number: 18423

Source Name: NtServicePack

Time Written: 20081120162714.000000-480

Event Type: information

User: DALTON\Owner

Application event log

Computer Name: DALTON

Event Code: 2001

Message: EAPOL service was started successfully

Record Number: 101

Source Name: EAPOL

Time Written: 20021126152745.000000-480

Event Type: information

User:

Computer Name: DALTON

Event Code: 5000

Message:

Record Number: 100

Source Name: McLogEvent

Time Written: 20021125231348.000000-480

Event Type: information

User: NT AUTHORITY\SYSTEM

Computer Name: DALTON

Event Code: 2001

Message: EAPOL service was started successfully

Record Number: 99

Source Name: EAPOL

Time Written: 20021125231331.000000-480

Event Type: information

User:

Computer Name: DALTON

Event Code: 2

Message: Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

Record Number: 98

Source Name: crypt32

Time Written: 20021109151924.000000-480

Event Type: information

User:

Computer Name: DALTON

Event Code: 7

Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 97

Source Name: crypt32

Time Written: 20021109151924.000000-480

Event Type: information

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\Common Files\Autodesk Shared

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0102

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Link to post
Share on other sites

I still havent heard back from anyone from either this post and this post Here http://forum.hijackthis.de/showthread.php?p=246781

Please can someone help?

Link to post
Share on other sites

Never seen a BHO put up such as fight before, nothing is killing them. there has to been away....

Link to post
Share on other sites

still waiting for some advice..... Malwarebytes need to update there diffenisions to beable to hand this one

Link to post
Share on other sites

Scanned for rootkits with AVG Internet Security, Mcafee Rootkit detective, and Avenger, all 3 shown up clean. So its not a rootkit if so its not showing up with theses. Any idea on these BHOs?

Link to post
Share on other sites

Hello Nick. Go ahead and completely remove all the self-promotional signature information please.

Once you have done that run and post a new RSIT log.

Also Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.

Please do not post logs with any of the self-promoting sig info remaining. I do not want to have this thread lead away from the task of malware removal.

We will review the situation once all logs have been posted.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.