Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] Pc freezes, fonts looks altered, programs won't run or crash.

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 1st July 2009   #1
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
Unhappy [Active] Pc freezes, fonts looks altered, programs won't run or crash.
I have XP on my PC. The PC will freeze up usually within the first 10-15 mins of reboot. Antivirus programs won't run properly or crash altogether. Some of the fonts or pictures look altered or weird. I can only access my stuff on safe mode. I'm not sure what's going on and what's causing it.

Thanks

R1ck
R1ck is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 2nd July 2009   #2
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Read this post, then post the requested log(s).
broni is offline   Reply With Quote
Old 6th July 2009   #3
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by rpicon at 10:08:38.00 on 2009-07-06
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN.1704 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Rick Picon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.finance.yahoo.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_08\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dExplorerRun: [Msn] c:\JsPbsc.exe
dExplorerRun: [MsnHost] c:\JsPbsc.exe
dExplorerRun: [MsnLoad] c:\JsPbsc.exe
dExplorerRun: [MsnConvert] c:\JsPbsc.exe
dExplorerRun: [MsnMessendger] c:\JsPbsc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1830/SkillGround.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220382079052
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220382073177
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli dlorsfl.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: XUL Cache: {319ADFDA-DC8A-499B-B73B-D0C8016E9E49} - c:\documents and settings\rick picon\local settings\application data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
S0 lafpipqh;lafpipqh; [x]
S0 yzbuhcvb;yzbuhcvb; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-30 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-30 26824]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-30 231704]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-10 17:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\93791246
2009-06-10 17:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13781254
2009-06-08 15:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Schwab Performance Technologies

==================== Find3M ====================

2006-04-20 11:28 56 ---shr-- c:\windows\system32\0DDFEFD744.sys
2006-04-20 11:28 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:09:36.87 ===============
R1ck is offline   Reply With Quote
Old 6th July 2009   #4
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 00:00:00
System Uptime: 2009-07-06 10:01:34 (0 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 109 GiB total, 64.201 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 7.596 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
O: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.
P: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.
S: is NetworkDisk (NTFS) - 128 GiB total, 85.174 GiB free.
T: is NetworkDisk (NTFS) - 136 GiB total, 76.715 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1137: 2009-06-30 14:34:18 - System Checkpoint
RP1138: 2009-06-30 14:34:18 - System Checkpoint
RP1139: 2009-06-30 14:34:18 - System Checkpoint
RP1140: 2009-06-30 14:34:19 - System Checkpoint
RP1141: 2009-06-30 14:34:19 - System Checkpoint
RP1142: 2009-06-30 14:34:19 - System Checkpoint
RP1143: 2009-06-30 14:34:19 - System Checkpoint
RP1144: 2009-06-30 14:34:20 - System Checkpoint
RP1145: 2009-06-30 14:34:20 - System Checkpoint
RP1146: 2009-06-30 14:34:20 - System Checkpoint
RP1147: 2009-06-30 14:34:20 - System Checkpoint
RP1148: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1149: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1150: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1151: 2009-06-30 14:34:21 - RegRun Virus Scan
RP1152: 2009-06-30 14:34:21 - System Checkpoint
RP1153: 2009-06-30 14:34:22 - RegRun Virus Scan
RP1154: 2009-06-30 14:34:22 - System Checkpoint
RP1155: 2009-06-30 14:34:22 - System Checkpoint
RP1156: 2009-06-30 14:34:22 - System Checkpoint
RP1157: 2009-06-30 14:34:23 - RegRun Virus Scan
RP1158: 2009-06-30 14:34:23 - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP1159: 2009-06-30 14:34:23 - RegRun Virus Scan
RP1160: 2009-06-30 14:34:24 - ComboFix created restore point
RP1161: 2009-06-30 14:34:24 - System Checkpoint
RP1162: 2009-06-30 14:34:24 - System Checkpoint
RP1163: 2009-06-30 14:34:25 - System Checkpoint
RP1164: 2009-06-30 14:34:25 - System Checkpoint
RP1165: 2009-06-30 14:34:25 - System Checkpoint
RP1166: 2009-06-30 14:34:25 - System Checkpoint
RP1167: 2009-06-30 14:34:25 - System Checkpoint
RP1168: 2009-06-30 14:34:26 - System Checkpoint
RP1169: 2009-06-30 14:34:26 - System Checkpoint
RP1170: 2009-06-30 14:34:26 - System Checkpoint
RP1171: 2009-06-30 14:34:27 - System Checkpoint
RP1172: 2009-06-30 14:34:27 - System Checkpoint
RP1173: 2009-06-30 14:34:27 - System Checkpoint
RP1174: 2009-06-30 14:34:27 - System Checkpoint
RP1175: 2009-06-30 14:34:28 - RegRun Virus Scan
RP1176: 2009-06-30 14:34:28 - System Checkpoint
RP1177: 2009-06-30 14:34:28 - System Checkpoint
RP1178: 2009-06-30 14:34:29 - System Checkpoint
RP1179: 2009-06-30 14:34:29 - System Checkpoint
RP1180: 2009-06-30 14:34:29 - System Checkpoint
RP1181: 2009-06-30 14:34:30 - System Checkpoint
RP1182: 2009-06-30 14:34:30 - System Checkpoint
RP1183: 2009-06-30 14:34:30 - System Checkpoint
RP1184: 2009-06-30 14:34:31 - System Checkpoint
RP1185: 2009-06-30 14:34:31 - System Checkpoint
RP1186: 2009-06-30 14:34:31 - System Checkpoint
RP1187: 2009-06-30 14:34:31 - System Checkpoint
RP1188: 2009-06-30 14:34:32 - System Checkpoint
RP1189: 2009-06-30 14:34:32 - System Checkpoint
RP1190: 2009-06-30 14:34:32 - System Checkpoint
RP1191: 2009-06-30 14:34:32 - System Checkpoint
RP1192: 2009-06-30 14:34:33 - System Checkpoint
RP1193: 2009-06-30 14:34:33 - System Checkpoint
RP1194: 2009-06-30 14:34:33 - RegRun Virus Scan
RP1195: 2009-06-30 14:34:34 - System Checkpoint
RP1196: 2009-06-30 14:34:34 - System Checkpoint
RP1197: 2009-06-30 14:34:34 - System Checkpoint
RP1198: 2009-06-30 14:34:34 - System Checkpoint
RP1199: 2009-06-30 14:34:35 - System Checkpoint
RP1200: 2009-06-30 14:34:35 - System Checkpoint
RP1201: 2009-06-30 14:34:35 - System Checkpoint
RP1202: 2009-06-30 14:34:35 - System Checkpoint
RP1203: 2009-06-30 14:34:36 - System Checkpoint
RP1204: 2009-06-30 14:34:36 - System Checkpoint
RP1205: 2009-06-30 14:34:36 - System Checkpoint
RP1206: 2009-06-30 14:34:37 - Installed PortfolioCenter Management Console
RP1207: 2009-06-30 14:34:37 - Installed PortfolioCenter
RP1208: 2009-06-30 14:34:37 - System Checkpoint
RP1209: 2009-06-30 14:34:37 - RegRun Virus Scan
RP1210: 2009-06-30 14:34:38 - System Checkpoint
RP1211: 2009-06-30 14:34:38 - System Checkpoint
RP1212: 2009-06-30 14:34:38 - System Checkpoint
RP1213: 2009-06-30 14:34:39 - System Checkpoint
RP1214: 2009-06-30 14:34:39 - System Checkpoint
RP1215: 2009-06-30 14:34:39 - System Checkpoint
RP1216: 2009-06-30 14:34:39 - Removed Better Homes and Gardens Home Designer Suite 6.0
RP1217: 2009-06-30 14:34:39 - System Checkpoint
RP1218: 2009-06-30 14:34:40 - System Checkpoint
RP1219: 2009-06-30 14:34:40 - System Checkpoint
RP1220: 2009-06-30 14:34:40 - RegRun Virus Scan
RP1221: 2009-06-30 14:34:41 - System Checkpoint
RP1222: 2009-06-30 14:34:41 - System Checkpoint
RP1223: 2009-06-30 14:34:42 - System Checkpoint
RP1224: 2009-06-30 14:34:42 - System Checkpoint
RP1225: 2009-06-30 14:34:42 - System Checkpoint
RP1226: 2009-06-30 14:34:42 - System Checkpoint
RP1227: 2009-06-30 14:34:42 - System Checkpoint

==== Installed Programs ======================


==== Event Viewer Messages From Past Week ========

2009-07-06 10:02:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NetworkX yzbuhcvb
2009-07-01 13:51:19, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-07-01 13:44:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: yzbuhcvb
2009-07-01 12:59:33, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
2009-07-01 11:17:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2009-07-01 11:16:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm NetworkX sptd yzbuhcvb

==== End Of File ===========================
R1ck is offline   Reply With Quote
Old 6th July 2009   #5
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
it seems like every time a program runs, i get the pop up message box telling me that it has encountered a problem and it needs to shut down. Do you want to report the problem?
R1ck is offline   Reply With Quote
Old 7th July 2009   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Don't worry about it for now. There is some infection present.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.
broni is offline   Reply With Quote
Old 7th July 2009   #7
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
pc having a hard time running on safe mode and wont run combofix but i got hijackthis..

Logfile of HijackThis v1.99.1
Scan saved at 11:31, on 2009-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Rick Picon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/a...downloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/po...jolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/Advi...veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
R1ck is offline   Reply With Quote
Old 7th July 2009   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

This is outdated HJT version.
Next time...
Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

==================================================================

Delete Combofix, you just downloaded.
Download it from HERE, and follow same instructions to run it.
broni is offline   Reply With Quote
Old 7th July 2009   #9
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
New log From HIJACKTHIS..(newer version)..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19, on 2009-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnLoad] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnConvert] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\DTGIA.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\DTGIA.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/a...downloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/po...jolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/Advi...veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 11839 bytes
R1ck is offline   Reply With Quote
Old 7th July 2009   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

What about Combofix?
broni is offline   Reply With Quote
Old 7th July 2009   #11
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
Here's combofix...took longer to run..

ComboFix 09-07-07.07 - rpicon 2009-07-07 15:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1614 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DEL.bat
c:\documents and settings\All Users\Application Data\93791246.ini
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome.manifest
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\_cfg.js
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\c.js
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\chrome\content\overlay.xul
c:\documents and settings\Rick Picon\Local Settings\Application Data\{319ADFDA-DC8A-499B-B73B-D0C8016E9E49}\install.rdf
C:\V3W2Ju.exe
c:\windows\Installer\e1fe224.msp
c:\windows\Installer\e1fe225.msp
c:\windows\system32\drivers\UACjdvqubrncfrqyhbvh.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\UACfctaagyilociipqcg.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkfjedipiluxvcibgm.log
c:\windows\system32\UACneqwwooqukhtyaftw.dll
c:\windows\system32\UACqmfnthxkjsbyahdbb.dll
c:\windows\system32\UACsgolfafuaygdfbqjt.dll
c:\windows\system32\UACuhujggvltghmoerxf.dat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
C:\Zx5R.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 16:03 . 2009-07-07 16:03 6998 ----a-w- C:\xEkjtM.bat
2009-07-07 16:03 . 2009-07-07 16:03 256 ----a-w- C:\MjvNDt.bat
2009-07-07 15:55 . 2009-07-07 15:55 6998 ----a-w- C:\MOw7Vw.bat
2009-07-07 15:55 . 2009-07-07 15:55 248 ----a-w- C:\imsCBZY.bat
2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-29 16:05 . 2009-06-29 16:05 6998 ----a-w- C:\yZ2iXm.bat
2009-06-29 16:05 . 2009-06-29 16:05 256 ----a-w- C:\bUA.bat
2009-06-29 15:58 . 2009-06-29 15:58 6998 ----a-w- C:\L3r.bat
2009-06-29 15:58 . 2009-06-29 15:58 274 ----a-w- C:\rtHbD6s.bat
2009-06-29 15:35 . 2009-06-29 15:35 6998 ----a-w- C:\umqhLicp.bat
2009-06-29 15:35 . 2009-06-29 15:35 238 ----a-w- C:\EDdKN.bat
2009-06-29 15:20 . 2009-06-29 15:20 6998 ----a-w- C:\HqeT.bat
2009-06-29 15:20 . 2009-06-29 15:20 238 ----a-w- C:\RShDj.bat
2009-06-27 15:07 . 2009-06-27 15:07 6998 ----a-w- C:\MF3d.bat
2009-06-27 15:07 . 2009-06-27 15:07 234 ----a-w- C:\oR3hEE.bat
2009-06-26 21:22 . 2009-06-26 21:22 6998 ----a-w- C:\QY4.bat
2009-06-26 21:22 . 2009-06-26 21:22 249 ----a-w- C:\dezF.bat
2009-06-26 21:06 . 2009-06-26 21:06 6998 ----a-w- C:\vUzvaWg.bat
2009-06-26 21:06 . 2009-06-26 21:06 255 ----a-w- C:\zqz7Y.bat
2009-06-26 21:00 . 2009-06-26 21:00 6998 ----a-w- C:\wfzB3X.bat
2009-06-26 21:00 . 2009-06-26 21:00 275 ----a-w- C:\nA9Aow1.bat
2009-06-26 20:54 . 2009-06-26 20:54 6998 ----a-w- C:\jqSx.bat
2009-06-26 20:54 . 2009-06-26 20:54 253 ----a-w- C:\oGD1dc.bat
2009-06-26 20:39 . 2009-06-26 20:39 6998 ----a-w- C:\aI1O.bat
2009-06-26 20:39 . 2009-06-26 20:39 233 ----a-w- C:\YfDuIl7.bat
2009-06-26 20:32 . 2009-06-26 20:32 6998 ----a-w- C:\koRJVVim.bat
2009-06-26 20:32 . 2009-06-26 20:32 241 ----a-w- C:\HnSd.bat
2009-06-26 20:27 . 2009-06-26 20:27 6998 ----a-w- C:\eOLbd4s.bat
2009-06-26 20:27 . 2009-06-26 20:27 248 ----a-w- C:\mH7xy.bat
2009-06-26 20:19 . 2009-06-26 20:19 6998 ----a-w- C:\RUyy.bat
2009-06-26 20:19 . 2009-06-26 20:19 261 ----a-w- C:\emq.bat
2009-06-26 20:09 . 2009-06-26 20:09 6998 ----a-w- C:\MaH8uA.bat
2009-06-26 20:09 . 2009-06-26 20:09 258 ----a-w- C:\oXf4XG9.bat
2009-06-26 20:06 . 2009-06-26 20:06 6998 ----a-w- C:\wYTk.bat
2009-06-26 20:06 . 2009-06-26 20:06 244 ----a-w- C:\qEX.bat
2009-06-26 20:03 . 2009-06-26 20:03 6998 ----a-w- C:\EcDQ9a.bat
2009-06-26 20:03 . 2009-06-26 20:03 266 ----a-w- C:\leT0.bat
2009-06-26 20:01 . 2009-06-26 20:01 6998 ----a-w- C:\Jz5.bat
2009-06-26 20:01 . 2009-06-26 20:01 250 ----a-w- C:\CFM.bat
2009-06-26 19:57 . 2009-06-26 19:57 6998 ----a-w- C:\lzxi.bat
2009-06-26 19:57 . 2009-06-26 19:57 275 ----a-w- C:\EixHV.bat
2009-06-26 19:34 . 2009-06-26 19:34 6998 ----a-w- C:\kTLkS.bat
2009-06-26 19:34 . 2009-06-26 19:34 240 ----a-w- C:\dAeFjHq.bat
2009-06-26 19:22 . 2009-06-26 19:22 6998 ----a-w- C:\uOHd.bat
2009-06-26 19:22 . 2009-06-26 19:22 240 ----a-w- C:\Oa6D.bat
2009-06-26 19:02 . 2009-06-26 19:02 6998 ----a-w- C:\YtU4qH.bat
2009-06-26 19:02 . 2009-06-26 19:02 267 ----a-w- C:\IgLKnwT.bat
2009-06-26 18:45 . 2009-06-26 18:45 6998 ----a-w- C:\NqYcQQ.bat
2009-06-26 18:45 . 2009-06-26 18:45 274 ----a-w- C:\hZYU.bat
2009-06-26 18:29 . 2009-06-26 18:29 6998 ----a-w- C:\hsDNe.bat
2009-06-26 18:29 . 2009-06-26 18:29 273 ----a-w- C:\HRwRVSG.bat
2009-06-26 18:08 . 2009-06-26 18:08 6998 ----a-w- C:\Bepht8J6.bat
2009-06-26 18:08 . 2009-06-26 18:08 256 ----a-w- C:\eaISlyX.bat
2009-06-26 18:01 . 2009-06-26 18:01 6998 ----a-w- C:\gpzOj2.bat
2009-06-26 18:01 . 2009-06-26 18:01 264 ----a-w- C:\zqJKlgd.bat
2009-06-26 17:22 . 2009-06-26 17:22 6998 ----a-w- C:\NE51wH.bat
2009-06-26 17:22 . 2009-06-26 17:22 247 ----a-w- C:\bd1KSv.bat
2009-06-26 16:36 . 2009-06-26 16:36 6998 ----a-w- C:\ICjs3k.bat
2009-06-26 16:36 . 2009-06-26 16:36 248 ----a-w- C:\rBDE1PuI.bat
2009-06-26 16:34 . 2009-06-26 16:34 6998 ----a-w- C:\MY6oPCw.bat
2009-06-26 16:34 . 2009-06-26 16:34 276 ----a-w- C:\Yhcq.bat
2009-06-26 16:23 . 2009-06-26 16:23 6998 ----a-w- C:\PshX.bat
2009-06-26 16:23 . 2009-06-26 16:23 239 ----a-w- C:\ZgxVSK.bat
2009-06-26 16:16 . 2009-06-26 16:16 6998 ----a-w- C:\YdL.bat
2009-06-26 16:16 . 2009-06-26 16:16 245 ----a-w- C:\ugOssOe7.bat
2009-06-26 16:07 . 2009-06-26 16:07 6998 ----a-w- C:\eMm4sHl.bat
2009-06-26 16:07 . 2009-06-26 16:07 254 ----a-w- C:\GdG.bat
2009-06-26 16:04 . 2009-06-26 16:04 6998 ----a-w- C:\OPVxM1Fv.bat
2009-06-26 16:04 . 2009-06-26 16:04 271 ----a-w- C:\RZEIw.bat
2009-06-26 16:01 . 2009-06-26 16:01 6998 ----a-w- C:\zJ1jOna8.bat
2009-06-26 16:01 . 2009-06-26 16:01 266 ----a-w- C:\tkZnn.bat
2009-06-26 15:50 . 2009-06-26 15:50 6998 ----a-w- C:\udnE.bat
2009-06-26 15:50 . 2009-06-26 15:50 273 ----a-w- C:\iALIqwOH.bat
2009-06-26 15:47 . 2009-06-26 15:47 6998 ----a-w- C:\ANgs.bat
2009-06-26 15:47 . 2009-06-26 15:47 264 ----a-w- C:\Dcx8.bat
2009-06-25 22:09 . 2009-06-25 22:09 6998 ----a-w- C:\THJTB5f3.bat
2009-06-25 22:09 . 2009-06-25 22:09 236 ----a-w- C:\NnG.bat
2009-06-25 21:52 . 2009-06-25 21:52 6998 ----a-w- C:\AHCF4b.bat
2009-06-25 21:52 . 2009-06-25 21:52 242 ----a-w- C:\IBksNM.bat
2009-06-25 21:39 . 2009-06-25 21:39 6998 ----a-w- C:\EfgY.bat
2009-06-25 21:39 . 2009-06-25 21:39 274 ----a-w- C:\IV8KGs9.bat
2009-06-24 18:18 . 2009-06-24 18:18 6998 ----a-w- C:\cVPgyj.bat
2009-06-24 18:18 . 2009-06-24 18:18 267 ----a-w- C:\XWP.bat
2009-06-22 23:40 . 2009-06-22 23:40 6998 ----a-w- C:\S4pj4.bat
2009-06-22 23:40 . 2009-06-22 23:40 259 ----a-w- C:\CcN0PH.bat
2009-06-22 23:39 . 2009-06-22 23:39 6998 ----a-w- C:\tG1JEq.bat
2009-06-22 23:39 . 2009-06-22 23:39 231 ----a-w- C:\XCLgB7S.bat
2009-06-22 23:32 . 2009-06-22 23:32 6998 ----a-w- C:\qHG5cvEw.bat
2009-06-22 23:32 . 2009-06-22 23:32 273 ----a-w- C:\xZOCTdq.bat
2009-06-22 23:29 . 2009-06-22 23:29 6998 ----a-w- C:\m0m.bat
2009-06-22 23:29 . 2009-06-22 23:29 243 ----a-w- C:\SwKy.bat
2009-06-22 23:07 . 2009-06-22 23:07 6998 ----a-w- C:\pubAxry.bat
2009-06-22 23:07 . 2009-06-22 23:07 232 ----a-w- C:\ntIgpf0.bat
2009-06-22 22:59 . 2009-06-22 22:59 6998 ----a-w- C:\t5UA.bat
2009-06-22 22:59 . 2009-06-22 22:59 239 ----a-w- C:\vt7OiQ.bat
2009-06-22 22:51 . 2009-06-22 22:51 6998 ----a-w- C:\B5A.bat
2009-06-22 22:51 . 2009-06-22 22:51 233 ----a-w- C:\IS5.bat
2009-06-22 22:47 . 2009-06-22 22:47 6998 ----a-w- C:\j4EFvY.bat
2009-06-22 22:47 . 2009-06-22 22:47 257 ----a-w- C:\SRBFSefH.bat
2009-06-22 22:42 . 2009-06-22 22:42 6998 ----a-w- C:\maldKyfc.bat
2009-06-22 22:42 . 2009-06-22 22:42 272 ----a-w- C:\vBChyy7V.bat
2009-06-22 22:29 . 2009-06-22 22:29 6998 ----a-w- C:\PH3LlFsl.bat
2009-06-22 22:29 . 2009-06-22 22:29 269 ----a-w- C:\VWwo5.bat
2009-06-22 22:24 . 2009-06-22 22:24 6998 ----a-w- C:\QkEA8.bat
2009-06-22 22:24 . 2009-06-22 22:24 229 ----a-w- C:\gpfauvKP.bat
2009-06-22 22:03 . 2009-06-22 22:03 6998 ----a-w- C:\VTK2.bat
2009-06-22 22:03 . 2009-06-22 22:03 237 ----a-w- C:\Kf08qiY.bat
2009-06-22 21:58 . 2009-06-22 21:58 6998 ----a-w- C:\lXJqq.bat
2009-06-22 21:58 . 2009-06-22 21:58 252 ----a-w- C:\mXHd3NbE.bat
2009-06-22 21:55 . 2009-06-22 21:55 6998 ----a-w- C:\PHgsR.bat
2009-06-22 21:55 . 2009-06-22 21:55 266 ----a-w- C:\bcDB.bat
2009-06-22 21:36 . 2009-06-22 21:36 6998 ----a-w- C:\KTLsj.bat
2009-06-22 21:36 . 2009-06-22 21:36 256 ----a-w- C:\uv9SlG5L.bat
2009-06-22 21:27 . 2009-06-22 21:27 6998 ----a-w- C:\W9NOTkZ.bat
2009-06-22 21:27 . 2009-06-22 21:27 272 ----a-w- C:\PCj3dkbU.bat
2009-06-22 21:15 . 2009-06-22 21:15 6998 ----a-w- C:\ouP.bat
2009-06-22 21:15 . 2009-06-22 21:15 233 ----a-w- C:\P3L0.bat
2009-06-22 21:08 . 2009-06-22 21:08 6998 ----a-w- C:\HSVCvcl7.bat
2009-06-22 21:08 . 2009-06-22 21:08 229 ----a-w- C:\rc9.bat
2009-06-22 21:01 . 2009-06-22 21:01 6998 ----a-w- C:\YlF6.bat
2009-06-22 21:01 . 2009-06-22 21:01 274 ----a-w- C:\vRBA0.bat
2009-06-22 20:59 . 2009-06-22 20:59 6998 ----a-w- C:\g7jxBn.bat
2009-06-22 20:59 . 2009-06-22 20:59 232 ----a-w- C:\irB.bat
2009-06-22 20:47 . 2009-06-22 20:47 6998 ----a-w- C:\KUNRBfu1.bat
2009-06-22 20:47 . 2009-06-22 20:47 258 ----a-w- C:\dU1IZ.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 19:46 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-07 15:02 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 14:58 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-07 14:44 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:40 2 --shatr- c:\windows\winstart.bat
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-22 17:05 . 2009-04-24 20:15 258 ----a-w- C:\ngY.bat
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 22:08 . 2009-06-01 22:08 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 22:02 . 2009-06-01 22:02 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 22:02 . 2009-06-01 22:02 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 00:04 . 2009-06-01 00:04 6998 ----a-w- C:\Z6qmt.bat
2009-06-01 00:04 . 2009-06-01 00:04 275 ----a-w- C:\y3pCH.bat
2009-05-28 15:42 . 2009-05-28 15:42 6998 ----a-w- C:\V6lQa8.bat
2009-05-28 15:42 . 2009-05-28 15:42 256 ----a-w- C:\qLL.bat
2009-05-28 15:29 . 2009-05-28 15:29 6998 ----a-w- C:\eAO89EPG.bat
2009-05-28 15:29 . 2009-05-28 15:29 245 ----a-w- C:\rCvYguTN.bat
2009-05-28 15:03 . 2009-05-28 15:03 6998 ----a-w- C:\aE4fB.bat
2009-05-28 15:03 . 2009-05-28 15:03 261 ----a-w- C:\MMUx5.bat
2009-05-28 14:54 . 2009-05-28 14:54 6998 ----a-w- C:\YZc.bat
2009-05-28 14:54 . 2009-05-28 14:54 262 ----a-w- C:\kb4X2uFY.bat
2009-05-27 21:44 . 2009-05-27 21:44 6998 ----a-w- C:\hDa.bat
2009-05-27 21:44 . 2009-05-27 21:44 265 ----a-w- C:\a3N6V9x.bat
2009-05-27 21:30 . 2009-05-27 21:30 6998 ----a-w- C:\V3x2sGC4.bat
2009-05-27 21:30 . 2009-05-27 21:30 247 ----a-w- C:\QPdQowz.bat
2009-05-27 21:24 . 2009-05-27 21:24 6998 ----a-w- C:\xYE.bat
2009-05-27 21:24 . 2009-05-27 21:24 251 ----a-w- C:\WjZi1yTa.bat
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 21:09 . 2009-05-27 21:09 6998 ----a-w- C:\vKDV.bat
2009-05-27 21:09 . 2009-05-27 21:09 270 ----a-w- C:\I13pBWX.bat
2009-05-27 21:08 . 2009-05-27 21:08 6998 ----a-w- C:\CgHmJWL.bat
2009-05-27 21:08 . 2009-05-27 21:08 234 ----a-w- C:\Nyv.bat
2009-05-27 21:06 . 2009-05-27 21:06 6998 ----a-w- C:\kI1lXYQl.bat
2009-05-27 21:06 . 2009-05-27 21:06 243 ----a-w- C:\dw1yw.bat
2009-05-27 20:59 . 2009-05-27 20:59 6998 ----a-w- C:\K1UsWz.bat
2009-05-27 20:59 . 2009-05-27 20:59 276 ----a-w- C:\jaNz0.bat
2009-05-27 20:46 . 2009-05-27 20:46 6998 ----a-w- C:\wLrf.bat
2009-05-27 20:46 . 2009-05-27 20:46 258 ----a-w- C:\Nkm.bat
2009-05-27 20:42 . 2009-05-27 20:42 6998 ----a-w- C:\VM31W.bat
2009-05-27 20:42 . 2009-05-27 20:42 261 ----a-w- C:\dfFfKDP.bat
2009-05-27 20:37 . 2009-05-27 20:37 6998 ----a-w- C:\ztw.bat
2009-05-27 20:37 . 2009-05-27 20:37 263 ----a-w- C:\DJDbwokh.bat
2009-05-27 20:26 . 2009-05-27 20:26 6998 ----a-w- C:\r6BlrlXa.bat
2009-05-27 20:26 . 2009-05-27 20:26 254 ----a-w- C:\esnLV2IP.bat
2009-05-27 20:09 . 2009-05-27 20:09 6998 ----a-w- C:\lzU.bat
2009-05-27 20:09 . 2009-05-27 20:09 259 ----a-w- C:\ZwoJr6AT.bat
2009-05-27 20:07 . 2009-05-27 20:07 6998 ----a-w- C:\P4D.bat
2009-05-27 20:07 . 2009-05-27 20:07 242 ----a-w- C:\zvGI.bat
2009-05-27 19:56 . 2009-05-27 19:56 6998 ----a-w- C:\wQpa5.bat
2009-05-27 19:56 . 2009-05-27 19:56 264 ----a-w- C:\H67TgySt.bat
2009-05-27 19:43 . 2009-05-27 19:43 6998 ----a-w- C:\oOJD.bat
2009-05-27 19:43 . 2009-05-27 19:43 242 ----a-w- C:\q4pb99n.bat
2009-05-27 19:39 . 2009-05-27 19:39 6998 ----a-w- C:\GAInZVr.bat
2009-05-27 19:39 . 2009-05-27 19:39 247 ----a-w- C:\Qfvs.bat
2009-05-27 19:31 . 2009-05-27 19:31 6998 ----a-w- C:\hkit7A.bat
2009-05-27 19:31 . 2009-05-27 19:31 233 ----a-w- C:\sLgsI3.bat
2009-05-27 19:15 . 2009-05-27 19:15 6998 ----a-w- C:\UJtipqpV.bat
2009-05-27 19:15 . 2009-05-27 19:15 259 ----a-w- C:\T1yIrP9m.bat
2009-05-27 19:09 . 2009-05-27 19:09 6998 ----a-w- C:\ySQP.bat
2009-05-27 19:09 . 2009-05-27 19:09 260 ----a-w- C:\INP.bat
2009-05-27 19:05 . 2009-05-27 19:05 6998 ----a-w- C:\Q7o.bat
2009-05-27 19:05 . 2009-05-27 19:05 234 ----a-w- C:\v5MYPLf.bat
2009-05-27 19:03 . 2009-05-27 19:03 6998 ----a-w- C:\zYEt.bat
2009-05-27 19:03 . 2009-05-27 19:03 240 ----a-w- C:\PWGhGNAx.bat
2009-05-27 19:00 . 2009-05-27 19:00 6998 ----a-w- C:\IU3cUHUW.bat
2009-05-27 19:00 . 2009-05-27 19:00 249 ----a-w- C:\RSILNZ.bat
2009-05-27 18:58 . 2009-05-27 18:58 6998 ----a-w- C:\oIk1L3.bat
2009-05-27 18:58 . 2009-05-27 18:58 255 ----a-w- C:\w0HLv.bat
2009-05-27 18:56 . 2009-05-27 18:56 6998 ----a-w- C:\UoG6mM.bat
2009-05-27 18:56 . 2009-05-27 18:56 256 ----a-w- C:\I4bt0lvQ.bat
2009-05-27 18:37 . 2009-05-27 18:37 6998 ----a-w- C:\aP2Q.bat
2009-05-27 18:37 . 2009-05-27 18:37 235 ----a-w- C:\EBo8BIaC.bat
2009-05-27 18:23 . 2009-05-27 18:23 6998 ----a-w- C:\Z482x0FK.bat
2009-05-27 18:23 . 2009-05-27 18:23 262 ----a-w- C:\WcC.bat
2009-05-27 18:22 . 2009-05-27 18:22 6998 ----a-w- C:\ygsn.bat
2009-05-27 18:22 . 2009-05-27 18:22 232 ----a-w- C:\tbj.bat
2009-05-27 18:17 . 2009-05-27 18:17 6998 ----a-w- C:\Z5OS2WqW.bat
2009-05-27 18:17 . 2009-05-27 18:17 271 ----a-w- C:\Gld5V.bat
2009-05-27 18:08 . 2009-05-27 18:08 6998 ----a-w- C:\L5DZfSVe.bat
2009-05-27 18:08 . 2009-05-27 18:08 271 ----a-w- C:\b0bybXv6.bat
2009-05-27 17:50 . 2009-05-27 17:50 6998 ----a-w- C:\Jfvis.bat
2009-05-27 17:50 . 2009-05-27 17:50 269 ----a-w- C:\cRmo.bat
2009-05-27 17:49 . 2009-05-27 17:49 6998 ----a-w- C:\wZElj.bat
2009-05-27 17:49 . 2009-05-27 17:49 260 ----a-w- C:\T8PX6y.bat
2009-05-27 17:47 . 2009-05-27 17:47 6998 ----a-w- C:\R6IxZS.bat
2009-05-27 17:47 . 2009-05-27 17:47 263 ----a-w- C:\YIZatxR.bat
2009-05-27 17:44 . 2009-05-27 17:44 6998 ----a-w- C:\TrN18f.bat
2009-05-27 17:44 . 2009-05-27 17:44 272 ----a-w- C:\jv89VUe.bat
2009-05-27 17:20 . 2009-05-27 17:20 6998 ----a-w- C:\E9Ozos6.bat
2009-05-27 17:20 . 2009-05-27 17:20 273 ----a-w- C:\GRbp4ad.bat
2009-05-27 17:19 . 2009-05-27 17:19 6998 ----a-w- C:\Njx.bat
2009-05-27 17:19 . 2009-05-27 17:19 272 ----a-w- C:\Yb0qXB.bat
2009-05-27 17:08 . 2009-05-27 17:08 6998 ----a-w- C:\Q1pZS5.bat
2006-04-20 15:28 . 2006-04-17 18:07 56 --sh--r- c:\windows\system32\0DDFEFD744.sys
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-23_19.23.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-08 05:03 . 2005-09-08 05:03 86728 c:\windows\system32\msxml6r.dll
+ 2008-05-20 18:54 . 2009-05-07 19:44 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-05-04 21:51 . 2009-05-04 21:51 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\L bd.sys
+ 2009-04-22 21:49 . 2009-05-04 21:51 64160 c:\windows\system32\drivers\Lbd.sys
- 2009-04-22 21:49 . 2009-03-09 19:06 64160 c:\windows\system32\drivers\Lbd.sys
+ 2004-08-11 23:00 . 2004-08-04 11:00 42496 c:\windows\system32\dllcache\ftp.exe
+ 2006-03-31 17:48 . 2009-07-07 17:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-31 17:48 . 2009-07-07 17:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-31 17:48 . 2009-04-23 19:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-31 17:48 . 2009-07-07 17:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-21 13:21 . 2008-11-21 13:21 32256 c:\windows\system32\_regtlb.dll
- 2002-01-23 16:41 . 2002-01-23 16:41 32256 c:\windows\system32\_regtlb.dll
+ 2006-03-07 13:06 . 2006-03-07 13:06 72704 c:\windows\Installer\ff41.msi
+ 2007-02-08 15:37 . 2007-02-08 15:37 29696 c:\windows\Installer\eb18a32.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 48128 c:\windows\Installer\e1fd56a.msi
+ 2006-11-16 16:22 . 2006-11-16 16:22 94208 c:\windows\Installer\6e9ba01.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 45056 c:\windows\Installer\{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}\NewShortcut2_DD4D0CB203144FEE9081D319301A6CD0.exe
+ 2009-06-08 18:54 . 2009-06-08 18:54 45056 c:\windows\Installer\{6C2ADBE2-429C-42CA-AA13-9557EFF62D0B}\ARPPRODUCTICON.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\PortfolioCenter_34298AB85BEA4A7CAFC4CF479F04CE67.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut8_BEA64D43F7F94E849C0625FA4E0770D5.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut3_56D22B1281B44246B86FC43C35F01F63.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 45056 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\NewShortcut1_5C5D265EA91F453496C034DB53FC982B.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 4150 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\PortfolioCenterSec_A4B51298F6FE450B820CDD53FCFD3308.exe
+ 2009-06-08 19:05 . 2009-06-08 19:05 3638 c:\windows\Installer\{0E81279D-CC2B-4FE6-B103-8A1B948AFED2}\ARPPRODUCTICON.exe
+ 2007-06-25 14:18 . 2009-03-06 15:05 121856 c:\windows\system32\xmllite.dll
- 2007-06-25 14:18 . 2006-07-14 15:51 121856 c:\windows\system32\xmllite.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 382933 c:\windows\system32\spool\drivers\w32x86\acpdfui300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 430163 c:\windows\system32\spool\drivers\w32x86\acpdf300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 382933 c:\windows\system32\spool\drivers\w32x86\3\acpdfui300.dll
+ 2009-06-08 19:06 . 2009-03-06 15:05 430163 c:\windows\system32\spool\drivers\w32x86\3\acpdf300.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2006-03-07 13:15 . 2006-03-07 13:15 634880 c:\windows\Installer\ffbb.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 635904 c:\windows\Installer\ffb0.msi
+ 2006-03-07 13:14 . 2006-03-07 13:14 752640 c:\windows\Installer\ff8e.msi
+ 2006-03-07 13:14 . 2006-03-07 13:14 219136 c:\windows\Installer\ff88.msi
+ 2006-03-07 13:12 . 2006-03-07 13:12 285696 c:\windows\Installer\ff7d.msi
+ 2006-03-07 13:07 . 2006-03-07 13:07 194048 c:\windows\Installer\ff50.msi
+ 2006-03-07 13:06 . 2006-03-07 13:06 656896 c:\windows\Installer\ff46.msi
+ 2006-03-07 13:05 . 2006-03-07 13:05 669696 c:\windows\Installer\ff3c.msi
+ 2006-03-07 13:05 . 2006-03-07 13:05 256000 c:\windows\Installer\ff37.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 398848 c:\windows\Installer\ff15.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 275968 c:\windows\Installer\ff0f.msi
+ 2007-02-08 15:37 . 2007-02-08 15:37 697856 c:\windows\Installer\eb18a2c.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 501248 c:\windows\Installer\e1fd59d.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 501248 c:\windows\Installer\e1fd585.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 506880 c:\windows\Installer\e1fd57f.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 516608 c:\windows\Installer\e1fd577.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 513024 c:\windows\Installer\e1fd570.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 501248 c:\windows\Installer\e1fd54d.msi
+ 2006-11-15 08:02 . 2006-11-15 08:02 428544 c:\windows\Installer\85c527a.msi
+ 2004-08-11 23:20 . 2004-08-11 23:20 264704 c:\windows\Installer\8198.msi
+ 2009-03-24 16:44 . 2009-03-24 16:44 810496 c:\windows\Installer\58f0b.msi
+ 2008-07-30 23:58 . 2008-07-30 23:58 337408 c:\windows\Installer\546c4743.msi
+ 2007-06-27 07:06 . 2007-06-27 07:06 470528 c:\windows\Installer\5227cde.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 406528 c:\windows\Installer\3e32ce02.msi
+ 2009-06-08 18:54 . 2009-06-08 18:54 867328 c:\windows\Installer\3e32cdfe.msi
+ 2007-04-30 16:35 . 2007-04-30 16:35 991744 c:\windows\Installer\3ce73d9a.msi
+ 2006-10-31 08:02 . 2006-10-31 08:02 428544 c:\windows\Installer\3bae09a3.msi
+ 2009-04-22 21:48 . 2009-04-22 21:48 236032 c:\windows\Installer\36b41b.msi
+ 2007-05-17 19:31 . 2007-05-17 19:31 198144 c:\windows\Installer\2bd512fc.msi
+ 2006-10-17 19:56 . 2006-10-17 19:56 187904 c:\windows\Installer\25545152.msi
+ 2007-04-10 16:31 . 2007-04-10 16:31 578048 c:\windows\Installer\1bc4db73.msi
+ 2008-12-01 20:20 . 2008-12-01 20:20 435200 c:\windows\Installer\131a95a6.msi
+ 2008-12-01 20:20 . 2008-12-01 20:20 258560 c:\windows\Installer\131a948f.msi
+ 2008-12-01 20:18 . 2008-12-01 20:18 260096 c:\windows\Installer\131a9481.msi
+ 2008-12-01 20:18 . 2008-12-01 20:18 258560 c:\windows\Installer\131a9470.msi
+ 2006-03-07 13:01 . 2006-03-07 13:01 155136 c:\windows\Installer\1188f.msi
+ 2006-03-07 13:00 . 2006-03-07 13:00 621056 c:\windows\Installer\1188a.msi
+ 2006-05-16 14:48 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
+ 2007-04-27 21:09 . 2006-06-04 06:30 815104 c:\windows\Downloaded Installations\{3727F9F2-EA5E-4F23-9347-54E3141E8EAA}\Baseball Mogul 2006.msi
+ 2006-03-07 13:01 . 2006-03-07 13:01 169472 c:\windows\Downloaded Installations\{2E0EBC61-88B0-453B-9535-FF97D78018BA}\Qualxserve Service Agreement.msi
+ 2004-08-11 23:00 . 2004-08-04 11:00 1326080 c:\windows\system32\webfldrs.msi
+ 2009-06-08 19:06 . 2009-03-06 15:05 3739648 c:\windows\system32\spool\drivers\w32x86\cdintf300.dll
+ 2005-09-08 05:03 . 2005-09-08 05:03 1330888 c:\windows\system32\msxml6.dll
+ 2006-03-31 17:54 . 2006-03-07 13:00 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
+ 2009-06-08 19:06 . 2009-03-06 15:05 3739648 c:\windows\system32\cdintf300.dll
+ 2005-09-23 11:48 . 2005-09-23 11:48 1886720 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\jsredist.msi
+ 2004-10-19 16:07 . 2004-10-19 16:07 5077504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninsta ll.msp
+ 2006-03-07 13:15 . 2006-03-07 13:15 1150464 c:\windows\Installer\ffa0.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 1144832 c:\windows\Installer\ff9a.msi
+ 2006-03-07 13:15 . 2006-03-07 13:15 1142784 c:\windows\Installer\ff94.msi
+ 2006-03-07 13:09 . 2006-03-07 13:09 4410368 c:\windows\Installer\ff5f.msi
+ 2006-03-07 13:04 . 2006-03-07 13:04 1900032 c:\windows\Installer\ff06.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd597.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd591.msi
+ 2007-06-25 13:54 . 2007-06-25 13:54 1652736 c:\windows\Installer\e1fd58b.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 1640960 c:\windows\Installer\e1fd560.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 2022912 c:\windows\Installer\e1fd55a.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 1713152 c:\windows\Installer\e1fd553.msi
+ 2007-06-25 13:53 . 2007-06-25 13:53 2397184 c:\windows\Installer\e1fd547.msi
+ 2007-05-11 19:20 . 2007-05-11 19:20 3005440 c:\windows\Installer\ce8b27b.msi
+ 2007-05-11 19:18 . 2007-05-11 19:18 7424000 c:\windows\Installer\ce8b1b2.msi
+ 2007-05-11 19:16 . 2007-05-11 19:16 1527808 c:\windows\Installer\ce8af81.msi
+ 2006-03-31 18:30 . 2006-03-31 18:30 1620992 c:\windows\Installer\85f35.msi
+ 2006-12-21 21:35 . 2006-12-21 21:35 1428992 c:\windows\Installer\57a20e7.msi
+ 2006-11-03 17:35 . 2006-11-03 17:35 1171968 c:\windows\Installer\559127e.msi
+ 2007-03-31 02:17 . 2007-03-31 02:17 9589248 c:\windows\Installer\5227d44.msp
+ 2007-04-09 02:32 . 2007-04-09 02:32 5131264 c:\windows\Installer\5227d30.msp
+ 2007-03-31 02:20 . 2007-03-31 02:20 5800960 c:\windows\Installer\5227d1c.msp
+ 2007-03-31 02:21 . 2007-03-31 02:21 3886080 c:\windows\Installer\5227c5b.msp
+ 2007-03-27 20:15 . 2007-03-27 20:15 8395776 c:\windows\Installer\5227c07.msp
+ 2007-03-27 20:14 . 2007-03-27 20:14 5566464 c:\windows\Installer\5227bf2.msp
+ 2004-08-11 23:22 . 2004-08-11 23:22 3443712 c:\windows\Installer\5067.msi
+ 2006-04-27 15:09 . 2006-04-27 15:09 1886208 c:\windows\Installer\4f010.msi
+ 2009-06-08 19:05 . 2009-06-08 19:05 5861376 c:\windows\Installer\3e32d10f.msi
+ 2008-07-31 18:22 . 2008-07-31 18:22 1091072 c:\windows\Installer\3d2dc3.msi
+ 2006-09-13 17:28 . 2006-09-13 17:28 3345408 c:\windows\Installer\3bae09ee.msp
+ 2009-04-22 21:48 . 2009-04-22 21:48 1802240 c:\windows\Installer\36b421.msi
+ 2007-11-02 16:52 . 2007-11-02 16:52 1667072 c:\windows\Installer\2873161f.msi
+ 2006-03-31 18:45 . 2006-03-31 18:45 6885888 c:\windows\Installer\1c835.msi
+ 2006-04-27 15:08 . 2006-04-27 15:08 2109440 c:\windows\Installer\1825f.msi
+ 2006-09-19 19:20 . 2006-09-19 19:20 1510912 c:\windows\Installer\17344e09.msi
+ 2006-03-31 18:08 . 2006-03-31 18:08 5864960 c:\windows\Installer\135d5d.msp
+ 2006-04-18 17:48 . 2006-04-18 17:48 1629184 c:\windows\Installer\12d88e00.msp
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2006-05-04 15:13 . 2006-05-04 15:13 6995968 c:\windows\Downloaded Installations\{8BB9063D-AC31-428D-8C46-E8ED667C2AE9}\Microsoft ActiveSync 4.0.msi
+ 2006-09-19 19:20 . 2006-11-02 17:14 3333120 c:\windows\Downloaded Installations\{66896DD9-B1F0-41C6-AFBA-29B28A6749B4}\QBFC3.0.msi
+ 2006-05-16 14:48 . 2006-05-08 14:37 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
+ 2007-04-30 16:35 . 2007-04-30 16:35 6981632 c:\windows\Downloaded Installations\{156D71EC-9396-49C9-AD1A-808FFD897912}\Microsoft ActiveSync 4.0.msi
+ 2005-09-23 11:48 . 2005-09-23 11:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2007-02-08 15:37 . 2007-01-19 18:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-03-07 13:08 . 2006-03-07 13:08 22943232 c:\windows\Installer\ff55.msi
+ 2007-06-25 14:00 . 2007-06-25 14:00 12836352 c:\windows\Installer\e1fde92.msi
+ 2007-03-31 02:22 . 2007-03-31 02:22 10125824 c:\windows\Installer\5227cad.msp
+ 2007-04-22 00:16 . 2007-04-22 00:16 12490752 c:\windows\Installer\5227c99.msp
+ 2007-03-31 02:19 . 2007-03-31 02:19 10893312 c:\windows\Installer\5227c31.msp
+ 2007-03-28 16:12 . 2007-03-28 16:12 10796032 c:\windows\Installer\3ac56.msi
+ 2006-08-09 17:05 . 2006-08-09 17:05 30593024 c:\windows\Installer\21b360a.msi
+ 2004-08-11 23:22 . 2004-08-11 23:22 19204096 c:\windows\Installer\16315.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 19:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate"="c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray"="c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe"=
"c:\\Program Files\\Network Assistant\\Nassi.exe"=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe"=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe"=
"c:\\Program Files\\Xolox\\XoloxEXE.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"= 135:TCPCOM
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3393:TCP"= 3393:TCP:RD-Rick
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S0 lafpipqh;lafpipqh; [x]
S0 yzbuhcvb;yzbuhcvb; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:49]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(864)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Plaxo\3.19.0.16\plx_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-07 15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 19:51
ComboFix2.txt 2009-04-23 19:29
ComboFix3.txt 2009-01-22 18:42

Pre-Run: 66,767,564,800 bytes free
Post-Run: 67,225,214,976 bytes free

694 --- E O F --- 2007-06-27 07:07
R1ck is offline   Reply With Quote
Old 7th July 2009   #12
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Go Start>Run, type in:
cmd
Click OK.

At command prompt, type in:
del c:\*bat
Press Enter.

Close command prompt window.

==============================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\0DDFEFD744.sys


Folder::
c:\program files\AskBarDis

Driver::
lafpipqh
yzbuhcvb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
broni is offline   Reply With Quote
Old 8th July 2009   #13
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
ComboFix 09-07-07.A9 - rpicon 2009-07-08 13:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1469 [GMT -4:00]
Running from: c:\documents and settings\Rick Picon\Desktop\random.exe
Command switches used :: c:\documents and settings\Rick Picon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active


FILE ::
"c:\windows\system32\0DDFEFD744.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0006E2F0.bin
c:\program files\AskBarDis\bar\Cache\0006E3CB.bin
c:\program files\AskBarDis\bar\Cache\0006E4D4.bin
c:\program files\AskBarDis\bar\Cache\0006E551.bin
c:\program files\AskBarDis\bar\Cache\0006E62C.bin
c:\program files\AskBarDis\bar\Cache\0006E6D8.bin
c:\program files\AskBarDis\bar\Cache\0006E765.bin
c:\program files\AskBarDis\bar\Cache\000A9E23
c:\program files\AskBarDis\bar\Cache\000AA901
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\0DDFEFD744.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YZBUHCVB
-------\Service_lafpipqh
-------\Service_yzbuhcvb


((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-07 16:03 . 2009-07-07 16:03 6998 ----a-w- C:\xEkjtM.bat
2009-07-07 16:03 . 2009-07-07 16:03 256 ----a-w- C:\MjvNDt.bat
2009-07-07 15:55 . 2009-07-07 15:55 6998 ----a-w- C:\MOw7Vw.bat
2009-07-07 15:55 . 2009-07-07 15:55 248 ----a-w- C:\imsCBZY.bat
2009-07-01 17:50 . 2008-12-22 19:56 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-06-29 16:05 . 2009-06-29 16:05 6998 ----a-w- C:\yZ2iXm.bat
2009-06-29 16:05 . 2009-06-29 16:05 256 ----a-w- C:\bUA.bat
2009-06-29 15:58 . 2009-06-29 15:58 6998 ----a-w- C:\L3r.bat
2009-06-29 15:58 . 2009-06-29 15:58 274 ----a-w- C:\rtHbD6s.bat
2009-06-29 15:35 . 2009-06-29 15:35 6998 ----a-w- C:\umqhLicp.bat
2009-06-29 15:35 . 2009-06-29 15:35 238 ----a-w- C:\EDdKN.bat
2009-06-29 15:20 . 2009-06-29 15:20 6998 ----a-w- C:\HqeT.bat
2009-06-29 15:20 . 2009-06-29 15:20 238 ----a-w- C:\RShDj.bat
2009-06-27 15:07 . 2009-06-27 15:07 6998 ----a-w- C:\MF3d.bat
2009-06-27 15:07 . 2009-06-27 15:07 234 ----a-w- C:\oR3hEE.bat
2009-06-26 21:22 . 2009-06-26 21:22 6998 ----a-w- C:\QY4.bat
2009-06-26 21:22 . 2009-06-26 21:22 249 ----a-w- C:\dezF.bat
2009-06-26 21:06 . 2009-06-26 21:06 6998 ----a-w- C:\vUzvaWg.bat
2009-06-26 21:06 . 2009-06-26 21:06 255 ----a-w- C:\zqz7Y.bat
2009-06-26 21:00 . 2009-06-26 21:00 6998 ----a-w- C:\wfzB3X.bat
2009-06-26 21:00 . 2009-06-26 21:00 275 ----a-w- C:\nA9Aow1.bat
2009-06-26 20:54 . 2009-06-26 20:54 6998 ----a-w- C:\jqSx.bat
2009-06-26 20:54 . 2009-06-26 20:54 253 ----a-w- C:\oGD1dc.bat
2009-06-26 20:39 . 2009-06-26 20:39 6998 ----a-w- C:\aI1O.bat
2009-06-26 20:39 . 2009-06-26 20:39 233 ----a-w- C:\YfDuIl7.bat
2009-06-26 20:32 . 2009-06-26 20:32 6998 ----a-w- C:\koRJVVim.bat
2009-06-26 20:32 . 2009-06-26 20:32 241 ----a-w- C:\HnSd.bat
2009-06-26 20:27 . 2009-06-26 20:27 6998 ----a-w- C:\eOLbd4s.bat
2009-06-26 20:27 . 2009-06-26 20:27 248 ----a-w- C:\mH7xy.bat
2009-06-26 20:19 . 2009-06-26 20:19 6998 ----a-w- C:\RUyy.bat
2009-06-26 20:19 . 2009-06-26 20:19 261 ----a-w- C:\emq.bat
2009-06-26 20:09 . 2009-06-26 20:09 6998 ----a-w- C:\MaH8uA.bat
2009-06-26 20:09 . 2009-06-26 20:09 258 ----a-w- C:\oXf4XG9.bat
2009-06-26 20:06 . 2009-06-26 20:06 6998 ----a-w- C:\wYTk.bat
2009-06-26 20:06 . 2009-06-26 20:06 244 ----a-w- C:\qEX.bat
2009-06-26 20:03 . 2009-06-26 20:03 6998 ----a-w- C:\EcDQ9a.bat
2009-06-26 20:03 . 2009-06-26 20:03 266 ----a-w- C:\leT0.bat
2009-06-26 20:01 . 2009-06-26 20:01 6998 ----a-w- C:\Jz5.bat
2009-06-26 20:01 . 2009-06-26 20:01 250 ----a-w- C:\CFM.bat
2009-06-26 19:57 . 2009-06-26 19:57 6998 ----a-w- C:\lzxi.bat
2009-06-26 19:57 . 2009-06-26 19:57 275 ----a-w- C:\EixHV.bat
2009-06-26 19:34 . 2009-06-26 19:34 6998 ----a-w- C:\kTLkS.bat
2009-06-26 19:34 . 2009-06-26 19:34 240 ----a-w- C:\dAeFjHq.bat
2009-06-26 19:22 . 2009-06-26 19:22 6998 ----a-w- C:\uOHd.bat
2009-06-26 19:22 . 2009-06-26 19:22 240 ----a-w- C:\Oa6D.bat
2009-06-26 19:02 . 2009-06-26 19:02 6998 ----a-w- C:\YtU4qH.bat
2009-06-26 19:02 . 2009-06-26 19:02 267 ----a-w- C:\IgLKnwT.bat
2009-06-26 18:45 . 2009-06-26 18:45 6998 ----a-w- C:\NqYcQQ.bat
2009-06-26 18:45 . 2009-06-26 18:45 274 ----a-w- C:\hZYU.bat
2009-06-26 18:29 . 2009-06-26 18:29 6998 ----a-w- C:\hsDNe.bat
2009-06-26 18:29 . 2009-06-26 18:29 273 ----a-w- C:\HRwRVSG.bat
2009-06-26 18:08 . 2009-06-26 18:08 6998 ----a-w- C:\Bepht8J6.bat
2009-06-26 18:08 . 2009-06-26 18:08 256 ----a-w- C:\eaISlyX.bat
2009-06-26 18:01 . 2009-06-26 18:01 6998 ----a-w- C:\gpzOj2.bat
2009-06-26 18:01 . 2009-06-26 18:01 264 ----a-w- C:\zqJKlgd.bat
2009-06-26 17:22 . 2009-06-26 17:22 6998 ----a-w- C:\NE51wH.bat
2009-06-26 17:22 . 2009-06-26 17:22 247 ----a-w- C:\bd1KSv.bat
2009-06-26 16:36 . 2009-06-26 16:36 6998 ----a-w- C:\ICjs3k.bat
2009-06-26 16:36 . 2009-06-26 16:36 248 ----a-w- C:\rBDE1PuI.bat
2009-06-26 16:34 . 2009-06-26 16:34 6998 ----a-w- C:\MY6oPCw.bat
2009-06-26 16:34 . 2009-06-26 16:34 276 ----a-w- C:\Yhcq.bat
2009-06-26 16:23 . 2009-06-26 16:23 6998 ----a-w- C:\PshX.bat
2009-06-26 16:23 . 2009-06-26 16:23 239 ----a-w- C:\ZgxVSK.bat
2009-06-26 16:16 . 2009-06-26 16:16 6998 ----a-w- C:\YdL.bat
2009-06-26 16:16 . 2009-06-26 16:16 245 ----a-w- C:\ugOssOe7.bat
2009-06-26 16:07 . 2009-06-26 16:07 6998 ----a-w- C:\eMm4sHl.bat
2009-06-26 16:07 . 2009-06-26 16:07 254 ----a-w- C:\GdG.bat
2009-06-26 16:04 . 2009-06-26 16:04 6998 ----a-w- C:\OPVxM1Fv.bat
2009-06-26 16:04 . 2009-06-26 16:04 271 ----a-w- C:\RZEIw.bat
2009-06-26 16:01 . 2009-06-26 16:01 6998 ----a-w- C:\zJ1jOna8.bat
2009-06-26 16:01 . 2009-06-26 16:01 266 ----a-w- C:\tkZnn.bat
2009-06-26 15:50 . 2009-06-26 15:50 6998 ----a-w- C:\udnE.bat
2009-06-26 15:50 . 2009-06-26 15:50 273 ----a-w- C:\iALIqwOH.bat
2009-06-26 15:47 . 2009-06-26 15:47 6998 ----a-w- C:\ANgs.bat
2009-06-26 15:47 . 2009-06-26 15:47 264 ----a-w- C:\Dcx8.bat
2009-06-25 22:09 . 2009-06-25 22:09 6998 ----a-w- C:\THJTB5f3.bat
2009-06-25 22:09 . 2009-06-25 22:09 236 ----a-w- C:\NnG.bat
2009-06-25 21:52 . 2009-06-25 21:52 6998 ----a-w- C:\AHCF4b.bat
2009-06-25 21:52 . 2009-06-25 21:52 242 ----a-w- C:\IBksNM.bat
2009-06-25 21:39 . 2009-06-25 21:39 6998 ----a-w- C:\EfgY.bat
2009-06-25 21:39 . 2009-06-25 21:39 274 ----a-w- C:\IV8KGs9.bat
2009-06-24 18:18 . 2009-06-24 18:18 6998 ----a-w- C:\cVPgyj.bat
2009-06-24 18:18 . 2009-06-24 18:18 267 ----a-w- C:\XWP.bat
2009-06-22 23:40 . 2009-06-22 23:40 6998 ----a-w- C:\S4pj4.bat
2009-06-22 23:40 . 2009-06-22 23:40 259 ----a-w- C:\CcN0PH.bat
2009-06-22 23:39 . 2009-06-22 23:39 6998 ----a-w- C:\tG1JEq.bat
2009-06-22 23:39 . 2009-06-22 23:39 231 ----a-w- C:\XCLgB7S.bat
2009-06-22 23:32 . 2009-06-22 23:32 6998 ----a-w- C:\qHG5cvEw.bat
2009-06-22 23:32 . 2009-06-22 23:32 273 ----a-w- C:\xZOCTdq.bat
2009-06-22 23:29 . 2009-06-22 23:29 6998 ----a-w- C:\m0m.bat
2009-06-22 23:29 . 2009-06-22 23:29 243 ----a-w- C:\SwKy.bat
2009-06-22 23:07 . 2009-06-22 23:07 6998 ----a-w- C:\pubAxry.bat
2009-06-22 23:07 . 2009-06-22 23:07 232 ----a-w- C:\ntIgpf0.bat
2009-06-22 22:59 . 2009-06-22 22:59 6998 ----a-w- C:\t5UA.bat
2009-06-22 22:59 . 2009-06-22 22:59 239 ----a-w- C:\vt7OiQ.bat
2009-06-22 22:51 . 2009-06-22 22:51 6998 ----a-w- C:\B5A.bat
2009-06-22 22:51 . 2009-06-22 22:51 233 ----a-w- C:\IS5.bat
2009-06-22 22:47 . 2009-06-22 22:47 6998 ----a-w- C:\j4EFvY.bat
2009-06-22 22:47 . 2009-06-22 22:47 257 ----a-w- C:\SRBFSefH.bat
2009-06-22 22:42 . 2009-06-22 22:42 6998 ----a-w- C:\maldKyfc.bat
2009-06-22 22:42 . 2009-06-22 22:42 272 ----a-w- C:\vBChyy7V.bat
2009-06-22 22:29 . 2009-06-22 22:29 6998 ----a-w- C:\PH3LlFsl.bat
2009-06-22 22:29 . 2009-06-22 22:29 269 ----a-w- C:\VWwo5.bat
2009-06-22 22:24 . 2009-06-22 22:24 6998 ----a-w- C:\QkEA8.bat
2009-06-22 22:24 . 2009-06-22 22:24 229 ----a-w- C:\gpfauvKP.bat
2009-06-22 22:03 . 2009-06-22 22:03 6998 ----a-w- C:\VTK2.bat
2009-06-22 22:03 . 2009-06-22 22:03 237 ----a-w- C:\Kf08qiY.bat
2009-06-22 21:58 . 2009-06-22 21:58 6998 ----a-w- C:\lXJqq.bat
2009-06-22 21:58 . 2009-06-22 21:58 252 ----a-w- C:\mXHd3NbE.bat
2009-06-22 21:55 . 2009-06-22 21:55 6998 ----a-w- C:\PHgsR.bat
2009-06-22 21:55 . 2009-06-22 21:55 266 ----a-w- C:\bcDB.bat
2009-06-22 21:36 . 2009-06-22 21:36 6998 ----a-w- C:\KTLsj.bat
2009-06-22 21:36 . 2009-06-22 21:36 256 ----a-w- C:\uv9SlG5L.bat
2009-06-22 21:27 . 2009-06-22 21:27 6998 ----a-w- C:\W9NOTkZ.bat
2009-06-22 21:27 . 2009-06-22 21:27 272 ----a-w- C:\PCj3dkbU.bat
2009-06-22 21:15 . 2009-06-22 21:15 6998 ----a-w- C:\ouP.bat
2009-06-22 21:15 . 2009-06-22 21:15 233 ----a-w- C:\P3L0.bat
2009-06-22 21:08 . 2009-06-22 21:08 6998 ----a-w- C:\HSVCvcl7.bat
2009-06-22 21:08 . 2009-06-22 21:08 229 ----a-w- C:\rc9.bat
2009-06-22 21:01 . 2009-06-22 21:01 6998 ----a-w- C:\YlF6.bat
2009-06-22 21:01 . 2009-06-22 21:01 274 ----a-w- C:\vRBA0.bat
2009-06-22 20:59 . 2009-06-22 20:59 6998 ----a-w- C:\g7jxBn.bat
2009-06-22 20:59 . 2009-06-22 20:59 232 ----a-w- C:\irB.bat
2009-06-22 20:47 . 2009-06-22 20:47 6998 ----a-w- C:\KUNRBfu1.bat
2009-06-22 20:47 . 2009-06-22 20:47 258 ----a-w- C:\dU1IZ.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 17:18 . 2006-05-08 18:17 -------- d-----w- c:\program files\Plaxo
2009-07-08 16:03 . 2008-07-31 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-08 04:59 . 2006-11-03 17:35 -------- d-----w- c:\program files\LogMeIn
2009-07-07 19:59 . 2006-04-11 15:30 -------- d-----w- c:\program files\Network Assistant
2009-07-07 19:19 . 2006-12-29 16:30 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:18 . 2008-05-08 18:26 -------- d-----w- c:\program files\SmartDraw 2008
2009-07-01 17:50 . 2009-02-17 17:40 2 --shatr- c:\windows\winstart.bat
2009-07-01 17:50 . 2009-02-17 17:39 -------- d-----w- c:\program files\UnHackMe
2009-07-01 17:49 . 2008-07-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-22 17:05 . 2009-04-24 20:15 258 ----a-w- C:\ngY.bat
2009-06-08 20:42 . 2008-02-12 19:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-08 19:05 . 2006-03-07 13:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 18:54 . 2006-03-31 18:32 -------- d-----w- c:\program files\Schwab Performance Technologies
2009-06-01 22:09 . 2009-06-01 22:09 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 22:09 . 2009-04-23 14:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 22:08 . 2009-06-01 22:08 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 22:02 . 2009-06-01 22:02 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 22:02 . 2009-06-01 22:02 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 00:04 . 2009-06-01 00:04 6998 ----a-w- C:\Z6qmt.bat
2009-06-01 00:04 . 2009-06-01 00:04 275 ----a-w- C:\y3pCH.bat
2009-05-28 15:42 . 2009-05-28 15:42 6998 ----a-w- C:\V6lQa8.bat
2009-05-28 15:42 . 2009-05-28 15:42 256 ----a-w- C:\qLL.bat
2009-05-28 15:29 . 2009-05-28 15:29 6998 ----a-w- C:\eAO89EPG.bat
2009-05-28 15:29 . 2009-05-28 15:29 245 ----a-w- C:\rCvYguTN.bat
2009-05-28 15:03 . 2009-05-28 15:03 6998 ----a-w- C:\aE4fB.bat
2009-05-28 15:03 . 2009-05-28 15:03 261 ----a-w- C:\MMUx5.bat
2009-05-28 14:54 . 2009-05-28 14:54 6998 ----a-w- C:\YZc.bat
2009-05-28 14:54 . 2009-05-28 14:54 262 ----a-w- C:\kb4X2uFY.bat
2009-05-27 21:44 . 2009-05-27 21:44 6998 ----a-w- C:\hDa.bat
2009-05-27 21:44 . 2009-05-27 21:44 265 ----a-w- C:\a3N6V9x.bat
2009-05-27 21:30 . 2009-05-27 21:30 6998 ----a-w- C:\V3x2sGC4.bat
2009-05-27 21:30 . 2009-05-27 21:30 247 ----a-w- C:\QPdQowz.bat
2009-05-27 21:24 . 2009-05-27 21:24 6998 ----a-w- C:\xYE.bat
2009-05-27 21:24 . 2009-05-27 21:24 251 ----a-w- C:\WjZi1yTa.bat
2009-05-27 21:11 . 2009-05-27 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-27 21:09 . 2009-05-27 21:09 6998 ----a-w- C:\vKDV.bat
2009-05-27 21:09 . 2009-05-27 21:09 270 ----a-w- C:\I13pBWX.bat
2009-05-27 21:08 . 2009-05-27 21:08 6998 ----a-w- C:\CgHmJWL.bat
2009-05-27 21:08 . 2009-05-27 21:08 234 ----a-w- C:\Nyv.bat
2009-05-27 21:06 . 2009-05-27 21:06 6998 ----a-w- C:\kI1lXYQl.bat
2009-05-27 21:06 . 2009-05-27 21:06 243 ----a-w- C:\dw1yw.bat
2009-05-27 20:59 . 2009-05-27 20:59 6998 ----a-w- C:\K1UsWz.bat
2009-05-27 20:59 . 2009-05-27 20:59 276 ----a-w- C:\jaNz0.bat
2009-05-27 20:46 . 2009-05-27 20:46 6998 ----a-w- C:\wLrf.bat
2009-05-27 20:46 . 2009-05-27 20:46 258 ----a-w- C:\Nkm.bat
2009-05-27 20:42 . 2009-05-27 20:42 6998 ----a-w- C:\VM31W.bat
2009-05-27 20:42 . 2009-05-27 20:42 261 ----a-w- C:\dfFfKDP.bat
2009-05-27 20:37 . 2009-05-27 20:37 6998 ----a-w- C:\ztw.bat
2009-05-27 20:37 . 2009-05-27 20:37 263 ----a-w- C:\DJDbwokh.bat
2009-05-27 20:26 . 2009-05-27 20:26 6998 ----a-w- C:\r6BlrlXa.bat
2009-05-27 20:26 . 2009-05-27 20:26 254 ----a-w- C:\esnLV2IP.bat
2009-05-27 20:09 . 2009-05-27 20:09 6998 ----a-w- C:\lzU.bat
2009-05-27 20:09 . 2009-05-27 20:09 259 ----a-w- C:\ZwoJr6AT.bat
2009-05-27 20:07 . 2009-05-27 20:07 6998 ----a-w- C:\P4D.bat
2009-05-27 20:07 . 2009-05-27 20:07 242 ----a-w- C:\zvGI.bat
2009-05-27 19:56 . 2009-05-27 19:56 6998 ----a-w- C:\wQpa5.bat
2009-05-27 19:56 . 2009-05-27 19:56 264 ----a-w- C:\H67TgySt.bat
2009-05-27 19:43 . 2009-05-27 19:43 6998 ----a-w- C:\oOJD.bat
2009-05-27 19:43 . 2009-05-27 19:43 242 ----a-w- C:\q4pb99n.bat
2009-05-27 19:39 . 2009-05-27 19:39 6998 ----a-w- C:\GAInZVr.bat
2009-05-27 19:39 . 2009-05-27 19:39 247 ----a-w- C:\Qfvs.bat
2009-05-27 19:31 . 2009-05-27 19:31 6998 ----a-w- C:\hkit7A.bat
2009-05-27 19:31 . 2009-05-27 19:31 233 ----a-w- C:\sLgsI3.bat
2009-05-27 19:15 . 2009-05-27 19:15 6998 ----a-w- C:\UJtipqpV.bat
2009-05-27 19:15 . 2009-05-27 19:15 259 ----a-w- C:\T1yIrP9m.bat
2009-05-27 19:09 . 2009-05-27 19:09 6998 ----a-w- C:\ySQP.bat
2009-05-27 19:09 . 2009-05-27 19:09 260 ----a-w- C:\INP.bat
2009-05-27 19:05 . 2009-05-27 19:05 6998 ----a-w- C:\Q7o.bat
2009-05-27 19:05 . 2009-05-27 19:05 234 ----a-w- C:\v5MYPLf.bat
2009-05-27 19:03 . 2009-05-27 19:03 6998 ----a-w- C:\zYEt.bat
2009-05-27 19:03 . 2009-05-27 19:03 240 ----a-w- C:\PWGhGNAx.bat
2009-05-27 19:00 . 2009-05-27 19:00 6998 ----a-w- C:\IU3cUHUW.bat
2009-05-27 19:00 . 2009-05-27 19:00 249 ----a-w- C:\RSILNZ.bat
2009-05-27 18:58 . 2009-05-27 18:58 6998 ----a-w- C:\oIk1L3.bat
2009-05-27 18:58 . 2009-05-27 18:58 255 ----a-w- C:\w0HLv.bat
2009-05-27 18:56 . 2009-05-27 18:56 6998 ----a-w- C:\UoG6mM.bat
2009-05-27 18:56 . 2009-05-27 18:56 256 ----a-w- C:\I4bt0lvQ.bat
2009-05-27 18:37 . 2009-05-27 18:37 6998 ----a-w- C:\aP2Q.bat
2009-05-27 18:37 . 2009-05-27 18:37 235 ----a-w- C:\EBo8BIaC.bat
2009-05-27 18:23 . 2009-05-27 18:23 6998 ----a-w- C:\Z482x0FK.bat
2009-05-27 18:23 . 2009-05-27 18:23 262 ----a-w- C:\WcC.bat
2009-05-27 18:22 . 2009-05-27 18:22 6998 ----a-w- C:\ygsn.bat
2009-05-27 18:22 . 2009-05-27 18:22 232 ----a-w- C:\tbj.bat
2009-05-27 18:17 . 2009-05-27 18:17 6998 ----a-w- C:\Z5OS2WqW.bat
2009-05-27 18:17 . 2009-05-27 18:17 271 ----a-w- C:\Gld5V.bat
2009-05-27 18:08 . 2009-05-27 18:08 6998 ----a-w- C:\L5DZfSVe.bat
2009-05-27 18:08 . 2009-05-27 18:08 271 ----a-w- C:\b0bybXv6.bat
2009-05-27 17:50 . 2009-05-27 17:50 6998 ----a-w- C:\Jfvis.bat
2009-05-27 17:50 . 2009-05-27 17:50 269 ----a-w- C:\cRmo.bat
2009-05-27 17:49 . 2009-05-27 17:49 6998 ----a-w- C:\wZElj.bat
2009-05-27 17:49 . 2009-05-27 17:49 260 ----a-w- C:\T8PX6y.bat
2009-05-27 17:47 . 2009-05-27 17:47 6998 ----a-w- C:\R6IxZS.bat
2009-05-27 17:47 . 2009-05-27 17:47 263 ----a-w- C:\YIZatxR.bat
2009-05-27 17:44 . 2009-05-27 17:44 6998 ----a-w- C:\TrN18f.bat
2009-05-27 17:44 . 2009-05-27 17:44 272 ----a-w- C:\jv89VUe.bat
2009-05-27 17:20 . 2009-05-27 17:20 6998 ----a-w- C:\E9Ozos6.bat
2009-05-27 17:20 . 2009-05-27 17:20 273 ----a-w- C:\GRbp4ad.bat
2009-05-27 17:19 . 2009-05-27 17:19 6998 ----a-w- C:\Njx.bat
2009-05-27 17:19 . 2009-05-27 17:19 272 ----a-w- C:\Yb0qXB.bat
2009-05-27 17:08 . 2009-05-27 17:08 6998 ----a-w- C:\Q1pZS5.bat
2006-04-20 15:28 . 2006-04-17 18:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2007-06-22 20:02 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-04-25 3334144]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"PlaxoUpdate"="c:\program files\Plaxo\3.19.0.16\PlaxoHelper_en.exe" [2009-02-09 371271]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PlaxoSysTray"="c:\program files\Plaxo\3.19.0.16\PlaxoSysTray.exe" [2009-02-09 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 49263]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-07 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-07 169472]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Logitech Hardware Abstraction Layer"="c:\windows\KHALMNPR.EXE" [2006-05-10 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-3-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-10 593920]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-8 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 14:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe"=
"c:\\Program Files\\Network Assistant\\Nassi.exe"=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe"=
"c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe"=
"c:\\Program Files\\Xolox\\XoloxEXE.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"= 135:TCPCOM
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3393:TCP"= 3393:TCP:RD-Rick
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-22 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-06-27 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1003344]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:49]

2009-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 16:46]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Subscribe with RSSRadio
Trusted Zone: advisorservices.com\www
Trusted Zone: advisorservices.com\www1
Trusted Zone: advisorservices.com\www2
Trusted Zone: musicmatch.com\online
DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://b1-www.advisorservices.com/advisorweb/file/urldownloader.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx
DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://www.advisorservices.com/AdvisorWeb/ActiveX/veoExpress.CAB
FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\coh2bzuj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 13:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LMIinit.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3312)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Plaxo\3.19.0.16\plx_hook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Java\jre1.5.0_08\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-08 13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 17:22
ComboFix2.txt 2009-07-07 19:51
ComboFix3.txt 2009-04-23 19:29
ComboFix4.txt 2009-01-22 18:42

Pre-Run: 67,202,015,232 bytes free
Post-Run: 67,183,960,064 bytes free

466 --- E O F --- 2007-06-27 07:07
R1ck is offline   Reply With Quote
Old 8th July 2009   #14
Member
 
Profile:
Join Date: Jul 2009
Posts: 17
Computer Experience:
intermediate
R1ck Reputation Level
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27, on 2009-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rick Picon\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\WINDOWS\KHALMNPR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1830/SkillGround.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25D9AA40-ED39-11D2-A038-009027078284} (UrlDownloader Class) - https://b1-www.advisorservices.com/a...downloader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1220382079052
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220382073177
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/po...jolauncher.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} (LASDetectX Control) - https://www.laserapp.com/dev/detect/lavdetect.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} (veoExpress.ctlVeoExpress) - https://www.advisorservices.com/Advi...veoExpress.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aribaglb.local
O17 - HKLM\Software\..\Telephony: DomainName = aribaglb.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aribaglb.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12778 bytes
R1ck is offline   Reply With Quote
Old 9th July 2009   #15
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,597
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

It looks to me, you didn't:

Quote:
Go Start>Run, type in:
cmd
Click OK.

At command prompt, type in:
del c:\*bat
Press Enter.

Close command prompt window.
What happened?
broni is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« [Active] Virus blocking system restore and Internet | [Resolved] Malware registry keeps getting infected »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Google redirect problem [DDS fails], browsers crash Nikolette Malware and Virus Removal 56 5th April 2009 09:37
[InActive] IE popups and many programs won't run galaxy Malware and Virus Removal 7 24th February 2009 02:55
strange music and peculiar PC behaviour help justingt5 Malware and Virus Removal 10 15th December 2007 06:02
My ISP says I have posted spam Michael Hooker Malware and Virus Removal 12 19th September 2007 03:42
Need some help with a HJT log BillB Malware and Virus Removal 1 10th March 2006 13:39


All times are GMT +1. The time now is 02:28.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32