Solved my router is going CRAZY please help

rayfalcon · 2009/01/11

[Resolved] my router is going CRAZY please help

hello all my router linksys wrt54g and a siemens adsl t1 modem goes crazy non stop lights and activity I leave my system going 24-7 since it seems that every time i shut down (power off) it has to be reloaded however even when i am not using the internet something or someone has my internet working its little memory to death. its already burned up 2 routers and 3 modems any suggestions.......besides hijack this or that combo fix program they wrecked my system before and im not ready to have to reload yet. I do have spybot search and destroy full eddition on my pc but it never finds any infections whatsoever

I dont know if this is related or not but Im at my wits end on this one too
every 3 -4 days sometimes later sometimes sooner I will be doing something like watching a video on or offline even a dvd or talking to my friends on yahho msn or aim and all the sudden my computer just restarts itsself for no apparent reason.... I've check my processor core amd athlon 950 mhz for over clocking over heating and even bad checksums but nothing apparently wrong there so i checked my cmos and bios checksums and configurations and everything checks out i managed to snoop in the system 32 folder and find a log file abt 3 months back and it said that there was a conflict in hardware and give the pcid enumerator of the hardware in question so i looked it up on my computer and system icon and the advanced hardware list it was my voodoo3 2000 video card so i uninstalled it and then shut down my sytem and removed it from the system and started back up but the system just keeeps restarting randomly
please email me personally if you find any suggestions.
also i want to be able to use my msn messenger without haveing that stupid little usnsvc.exe running any way to do it without destroying my windows live messenger 8.*?
heres my email address Removed by Moderator to save you from the spam harvesters.

noahdfear · 2009/01/11

Welcome to WindowsBBS rayfalcon

I would be very interested in hearing how ComboFix 'wrecked your system', and if that was done in another forum, I would appreciate a link to the topic.

Lets see what kind of traffic is moving through your system. Download TCPView from Microsoft Sysinternals.
When you experience the apparent unwarranted traffic through the router, run the program.
Wait for it to populate then click File>Save As
Save the file as TCPView.txt on your desktop and post it's contents here for review.

rayfalcon · 2009/01/11

re:combofix

"noahdfear said: ↑

Welcome to WindowsBBS rayfalcon

I would be very interested in hearing how ComboFix 'wrecked your system', and if that was done in another forum, I would appreciate a link to the topic.

Lets see what kind of traffic is moving through your system. Download TCPView from Microsoft Sysinternals.
When you experience the apparent unwarranted traffic through the router, run the program.
Wait for it to populate then click File>Save As
Save the file as TCPView.txt on your desktop and post it's contents here for review.
Click to expand...

the site that combofix used to destroy my system was drwin.com and pcdoctor.com but please do not go to these sites I had to completely redo my system after loosing $30.00 for the scam software that never showed up it placed a little yellow triangle type aleart in my menu bar beside my clock after i downloaded and installed combofix.exe and smitfraud remover also spybot search and destroy detected it (combo fix ) as a win32 trojan and a trojan dropper whatever that is.
it could just have been a fake site that was to blame instead of the actuall software but it seems odd that it all happened at almost the exact same time.

rayfalcon · 2009/01/11

below is what tcpview shows i've never seen the netbios on there before what is it, and is it differant from the regular bios? also can the netbios give a person or system acess to my cmos or bios? They change every .5 seconds and a vast amount are in red and some are in like a neon green highlight

lsass.exe:616 UDP delta-force1:isakmp *:*
lsass.exe:616 UDP delta-force1:4500 *:*
services.exe:596 TCP delta-force1.windstream:1328 59.154.45.60:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1344 nullmx.catholicfcu.com:smtp SYN_SENT
services.exe:596 UDP delta-force1:1361 *:*
services.exe:596 TCP delta-force1.windstream:1366 cluster-d.mailcontrol.com:smtp SYN_SENT
services.exe:596 UDP delta-force1:1367 *:*
services.exe:596 TCP delta-force1.windstream:1375 mx1.centrum.cz:smtp SYN_SENT
services.exe:596 UDP delta-force1:1395 *:*
services.exe:596 UDP delta-force1:1407 *:*
services.exe:596 UDP delta-force1:1411 *:*
services.exe:596 UDP delta-force1:1401 *:*
services.exe:596 UDP delta-force1:1409 *:*
services.exe:596 UDP delta-force1:1412 *:*
services.exe:596 UDP delta-force1:1414 *:*
services.exe:596 UDP delta-force1:1420 *:*
services.exe:596 UDP delta-force1:1418 *:*
services.exe:596 TCP delta-force1.windstream:1432 203.129.81.50:smtp ESTABLISHED
services.exe:596 UDP delta-force1:1428 *:*
services.exe:596 TCP delta-force1.windstream:1442 64.122.7.33:smtp CLOSE_WAIT
services.exe:596 TCP delta-force1.windstream:1469 216.163.188.57:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1473 208.51.210.21:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1476 74.128.0.19:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1465 208.42.176.114:smtp CLOSE_WAIT
services.exe:596 TCP delta-force1.windstream:1462 168.95.5.12:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1489 218.219.54.55:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1485 64.18.6.13:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1458 213.243.1.188:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1471 212.74.100.17:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1468 202.216.64.130:smtp ESTABLISHED
services.exe:596 UDP delta-force1:1481 *:*
services.exe:596 UDP delta-force1:1447 *:*
services.exe:596 UDP delta-force1:1482 *:*
services.exe:596 UDP delta-force1:1486 *:*
services.exe:596 UDP delta-force1:1455 *:*
services.exe:596 UDP delta-force1:1487 *:*
services.exe:596 UDP delta-force1:1460 *:*
services.exe:596 UDP delta-force1:1464 *:*
services.exe:596 UDP delta-force1:1480 *:*
services.exe:596 UDP delta-force1:1453 *:*
services.exe:596 UDP delta-force1:1484 *:*
services.exe:596 UDP delta-force1:1488 *:*
services.exe:596 UDP delta-force1:1461 *:*
services.exe:596 TCP delta-force1.windstream:1525 212.67.202.199:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1501 213.120.92.212:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1500 217.28.176.107:smtp CLOSE_WAIT
services.exe:596 TCP delta-force1.windstream:1516 208.123.68.4:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1495 mail.global.frontbridge.com:smtp ESTABLISHED
services.exe:596 TCP delta-force1.windstream:1526 193.42.138.43:smtp SYN_SENT
services.exe:596 TCP delta-force1.windstream:1506 87.139.105.231:smtp SYN_SENT
services.exe:596 UDP delta-force1:1527 *:*
services.exe:596 UDP delta-force1:1508 *:*
services.exe:596 UDP delta-force1:1520 *:*
services.exe:596 UDP delta-force1:1524 *:*
services.exe:596 UDP delta-force1:1497 *:*
services.exe:596 UDP delta-force1:1528 *:*
services.exe:596 UDP delta-force1:1521 *:*
services.exe:596 UDP delta-force1:1518 *:*
services.exe:596 UDP delta-force1:1522 *:*
services.exe:596 UDP delta-force1:1503 *:*
services.exe:596 UDP delta-force1:1507 *:*
services.exe:596 UDP delta-force1:1519 *:*
services.exe:596 UDP delta-force1:1492 *:*
svchost.exe:1036 UDP delta-force1:1043 *:*
svchost.exe:1036 UDP delta-force1:1047 *:*
svchost.exe:1036 UDP delta-force1:1040 *:*
svchost.exe:1036 UDP delta-force1:1044 *:*
svchost.exe:1036 UDP delta-force1:1048 *:*
svchost.exe:1036 UDP delta-force1:1025 *:*
svchost.exe:1036 UDP delta-force1:1041 *:*
svchost.exe:1036 UDP delta-force1:1045 *:*
svchost.exe:1036 UDP delta-force1:1042 *:*
svchost.exe:1036 UDP delta-force1:1046 *:*
svchost.exe:1212 UDP delta-force1.windstream:1900 *:*
svchost.exe:1212 UDP delta-force1:1900 *:*
svchost.exe:884 TCP delta-force1:epmap delta-force1:0 LISTENING
svchost.exe:956 UDP delta-force1.windstream:ntp *:*
svchost.exe:956 UDP delta-force1:ntp *:*
System:4 TCP delta-force1:microsoft-ds delta-force1:0 LISTENING
System:4 TCP delta-force1.windstream:netbios-ssn delta-force1:0 LISTENING
System:4 UDP delta-force1.windstream:netbios-ns *:*
System:4 UDP delta-force1:microsoft-ds *:*
System:4 UDP delta-force1.windstream:netbios-dgm *:*

noahdfear · 2009/01/11

I can assure you that ComboFix did not install any such software, and neither of those sites is a legit malware removal site. The real ComboFix has some files embedded that some apps might tag as a threat because of their abilities, but even all of the major av vendors are aware that ComboFix is a tool on the up-and-up.

Now, the TCPView log suggests that you might have an infection sending out mass emails, eg; smtp protocol connections to multiple IP addresses.
I recommend you do an online scan with Kaspersky as shown here then post the scan report here when complete. I would also suggest an RSIT log as shown here.

Moving this topic to the Malware and Virus Removal forum.

wildfire · 2009/01/11

Hi rayfalcon,

EDIT
Ignore this post Dave responded whilst I was tyoing.

It looks like you're infected with an email worm or maybe part of a spambot network, I'm sure Dave (noahdfear) will respond soon with assistance but if you know how you may want to block outgoing port 25 (SMTP) on your firewall.

This will mean you can't send emails but we can restore that service once any infections are cleared.

To help Dave read this and prepare the required logs, I'm sure staff will soon move this thread the the Malware and Virus Removal forum.

rayfalcon · 2009/01/11

"noahdfear said: ↑

I can assure you that ComboFix did not install any such software, and neither of those sites is a legit malware removal site. The real ComboFix has some files embedded that some apps might tag as a threat because of their abilities, but even all of the major av vendors are aware that ComboFix is a tool on the up-and-up.

Now, the TCPView log suggests that you might have an infection sending out mass emails, eg; smtp protocol connections to multiple IP addresses.
I recommend you do an online scan with Kaspersky as shown here then post the scan report here when complete. I would also suggest an RSIT log as shown here.
Moving this topic to the Malware and Virus Removal forum.
Click to expand...

Ok below is the mbam log file i will seperate the 2 differant logs into 2 post
i went ahead and removed the infections that it shows. thank you so far for your help

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 3

1/11/2009 4:35:44 PM
mbam-log-2009-01-11 (16-35-44).txt

Scan type: Quick Scan
Objects scanned: 44753
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\d8a9332c.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

rayfalcon · 2009/01/11

this is the first of 2 log files that RSIT created i will seperate them in this post with the = signsin between them

Logfile of random's system information tool 1.05 (written by random/random)
Run by charles johnson at 2009-01-11 16:17:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (31%) free of 10 GB
Total RAM: 511 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:22 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\charles johnson\Desktop\RSIT.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\trend micro\charles johnson.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://windstream.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Pokers internet explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {a062f21e-486f-442e-bf6f-c9471e9605e3} - (no file)
O2 - BHO: SingleInstance Class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1228539307261
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228590434842
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://games.bigfishgames.com/en_luxor2/online/mjolauncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...e/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9a57b18e-2f5d-11d5-8997-00104bd12d94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\fltlib32.dll,C:\WINDOWS\System32\ftsrch32.dll,C:\WINDOWS\System32\gcdef32.dll,C:\WINDOWS\System32\getuname32.dll,C:\WINDOWS\System32\glu3232.dll,C:\WINDOWS\System32\h323msp32.dll,C:\WINDOWS\System32\hccoin32.dll,C:\WINDOWS\System32\hid32.dll,C:\WINDOWS\System32\hnetcfg32.dll,C:\WINDOWS\System32\hostmib32.dll,C:\WINDOWS\System32\hsfcisp232.dll,C:\WINDOWS\System32\httpapi32.dll,C:\WINDOWS\System32\hypertrm32.dll,C:\WINDOWS\System32\iashlpr32.dll,C:\WINDOWS\System32\iaspolcy32.dll,C:\WINDOWS\System32\iasrecst32.dll,C:\WINDOWS\System32\iassvcs32.dll,C:\WINDOWS\System32\icardie32.dll,C:\WINDOWS\System32\icfgnt532.dll nvdesk32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: JFWService (jfwservice) - Freedom Scientific BLV Group, LLC - C:\Program Files\Freedom Scientific\JAWS\6.20\jfw.exe

--
End of file - 5633 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478d38-c3f9-4efb-9b51-7695eca05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-21 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6f74-2d53-2644-206d7942484f}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a062f21e-486f-442e-bf6f-c9471e9605e3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdad4da1-61a2-4fd8-9c17-86f7ac245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck "=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!) "=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avg8_tray]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-21 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
C:\WINDOWS\system32\nview.dll [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NVMCTRAY.DLL [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\superantispyware]
D:\Program Files\SUPERAntiSpyware.exe [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc "=2
"6to4 "=2
"JavaQuickStarterService "=2
"NVSvc "=2
"SNMPTRAP "=3
"SNMP "=2
"avg8wd "=2
"avg8emc "=2
"AppMgmt "=3
"ICF "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\WINDOWS\System32\fltlib32.dll,C:\WINDOWS\System32\ftsrch32.dll,C:\WINDOWS\System32\gcdef32.dll,C:\WINDOWS\System32\getuname32.dll,C:\WINDOWS\System32\glu3232.dll,C:\WINDOWS\System32\h323msp32.dll,C:\WINDOWS\System32\hccoin32.dll,C:\WINDOWS\System32\hid32.dll,C:\WINDOWS\System32\hnetcfg32.dll,C:\WINDOWS\System32\hostmib32.dll,C:\WINDOWS\System32\hsfcisp232.dll,C:\WINDOWS\System32\httpapi32.dll,C:\WINDOWS\System32\hypertrm32.dll,C:\WINDOWS\System32\iashlpr32.dll,C:\WINDOWS\System32\iaspolcy32.dll,C:\WINDOWS\System32\iasrecst32.dll,C:\WINDOWS\System32\iassvcs32.dll,C:\WINDOWS\System32\icardie32.dll,C:\WINDOWS\System32\icfgnt532.dll nvdesk32.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2008-12-21 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=D:\Program Files\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
C:\WINDOWS\system32\geBtUnon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoFolderOptions "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 1 months======

2009-01-11 16:18:00 ----D---- C:\Program Files\trend micro
2009-01-11 16:17:57 ----D---- C:\rsit
2009-01-11 16:17:18 ----D---- C:\Documents and Settings\charles johnson\Application Data\Malwarebytes
2009-01-11 16:17:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-11 16:17:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-08 00:03:57 ----D---- C:\Program Files\Veoh Networks
2009-01-07 23:39:18 ----D---- C:\WINDOWS\LastGood
2009-01-01 09:28:42 ----D---- C:\WINDOWS\speech
2009-01-01 09:27:51 ----A---- C:\WINDOWS\system32\JAWSVID.DLL
2009-01-01 09:27:50 ----A---- C:\WINDOWS\system32\dcmc0d0.dll
2009-01-01 09:27:22 ----D---- C:\Documents and Settings\charles johnson\Application Data\Freedom Scientific
2009-01-01 09:26:21 -------- C:\WINDOWS\system32\FSVIDRDP.DLL
2009-01-01 09:26:21 -------- C:\WINDOWS\system32\FSVIDICA.DLL
2009-01-01 09:25:39 ----D---- C:\Program Files\Rainbow Technologies
2009-01-01 09:25:31 -------- C:\WINDOWS\system32\USafe32.DLL
2009-01-01 09:25:31 -------- C:\WINDOWS\system32\RainbowSSD5.39.2.exe
2009-01-01 09:25:31 -------- C:\WINDOWS\system32\FieldExUtil.exe
2009-01-01 09:25:29 ----A---- C:\WINDOWS\system32\tmpPrst.dll
2009-01-01 09:24:48 ----D---- C:\Program Files\ssce
2009-01-01 09:24:48 -------- C:\WINDOWS\SSCE5232.DLL
2009-01-01 09:24:45 ----D---- C:\Documents and Settings\All Users\Application Data\Freedom Scientific
2009-01-01 09:24:38 -------- C:\WINDOWS\system32\wa4jfw.dll
2009-01-01 09:24:18 ----D---- C:\Program Files\Freedom Scientific
2009-01-01 09:23:55 -------- C:\WINDOWS\system32\fsbrldspapi.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\Zx7Uninstall.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\dcmuser.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\dcmkrnl.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\bypass_pca.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\bypass_jfwvid.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\bypass_idd.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\bypass_gwm.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\bypass_dolntdrv.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\system32\BSUninstall.dll
2009-01-01 08:28:54 -------- C:\WINDOWS\dcmuser.ini
2008-12-28 02:55:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-28 02:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 01:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\DFX
2008-12-28 01:38:04 ----D---- C:\Program Files\Common Files\DFX
2008-12-28 00:54:31 ----D---- C:\Documents and Settings\charles johnson\Application Data\vlc
2008-12-28 00:52:54 ----D---- C:\Program Files\VideoLAN
2008-12-27 21:07:49 ----D---- C:\Documents and Settings\charles johnson\Application Data\Yahoo!
2008-12-27 21:07:49 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-27 21:05:41 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-27 21:05:38 ----D---- C:\Program Files\Yahoo!
2008-12-27 18:38:29 ----D---- C:\WINDOWS\LastGood.Tmp
2008-12-23 02:51:30 ----A---- C:\WINDOWS\system32\nvqtwk.dll
2008-12-23 02:51:29 ----A---- C:\WINDOWS\system32\nvdmcpl.dll
2008-12-23 02:51:29 ----A---- C:\WINDOWS\system32\nvdesk32.dll
2008-12-23 02:51:27 ----D---- C:\cabs
2008-12-23 02:45:42 ----A---- C:\BIOSID.TXT
2008-12-23 02:36:01 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-22 20:31:28 ----D---- C:\Documents and Settings\charles johnson\Application Data\CyberLink
2008-12-22 16:52:37 ----D---- C:\NVIDIA
2008-12-22 16:01:48 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-22 16:01:12 ----D---- C:\Documents and Settings\charles johnson\Application Data\SystemRequirementsLab
2008-12-22 03:33:52 ----HD---- C:\$AVG8.VAULT$
2008-12-21 20:33:22 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-21 20:31:54 ----D---- C:\Program Files\AVG
2008-12-21 20:31:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-19 06:08:01 ----D---- C:\Documents and Settings\charles johnson\Application Data\uTorrent
2008-12-16 23:09:17 ----A---- C:\WINDOWS\system32\db5e0765-.txt
2008-12-16 23:01:43 ----A---- C:\pf.txt
2008-12-16 23:00:59 ----D---- C:\WINDOWS\system32\zn
2008-12-16 23:00:59 ----D---- C:\WINDOWS\system32\L5
2008-12-16 22:59:22 ----A---- C:\ps.txt
2008-12-16 22:59:13 ----D---- C:\WINDOWS\system32\whSLD02
2008-12-16 22:59:13 ----D---- C:\Temp
2008-12-16 22:51:12 ----D---- C:\Program Files\VIV Wizard
2008-12-16 22:50:31 ----D---- C:\Program Files\NFS Wizard
2008-12-16 17:55:05 ----A---- C:\WINDOWS\GnuHashes.ini
2008-12-15 18:38:59 ----D---- C:\need for speed 3cracked by -=rogue=-
2008-12-15 18:38:33 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-12-15 16:42:37 ----D---- C:\WINDOWS\Minidump
2008-12-15 01:31:45 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-15 01:31:31 ----D---- C:\Documents and Settings\charles johnson\Application Data\SUPERAntiSpyware.com
2008-12-15 01:28:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-15 00:18:31 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-12-14 22:44:45 ----A---- C:\WINDOWS\iun6002ev.exe
2008-12-14 22:44:22 ----D---- C:\Program Files\Bejeweled 2 Deluxe
2008-12-14 22:30:26 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-12-14 22:26:00 ----A---- C:\WINDOWS\uninst.exe
2008-12-14 19:23:37 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2008-12-14 19:23:36 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2008-12-14 19:23:30 ----A---- C:\WINDOWS\system32\unam4ie.exe
2008-12-14 19:23:26 ----A---- C:\WINDOWS\system32\vidx16.dll
2008-12-14 19:23:26 ----A---- C:\WINDOWS\system32\qcut.dll
2008-12-14 19:23:24 ----A---- C:\WINDOWS\system32\w95inf32.dll
2008-12-14 19:23:24 ----A---- C:\WINDOWS\system32\w95inf16.dll
2008-12-14 19:21:34 ----D---- C:\Program Files\GT Interactive
2008-12-14 19:04:46 ----D---- C:\WINDOWS\nview
2008-12-14 09:00:16 ----D---- C:\WINDOWS\Profiles
2008-12-14 09:00:09 ----D---- C:\Program Files\Common Files\Adobe
2008-12-14 09:00:09 ----D---- C:\Program Files\Adobe
2008-12-13 22:46:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-13 01:41:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-12-13 01:29:22 ----D---- C:\Documents and Settings\charles johnson\Application Data\Mozilla

======List of files/folders modified in the last 1 months======

2009-01-11 16:18:00 ----RD---- C:\Program Files
2009-01-11 16:17:13 ----D---- C:\WINDOWS\system32\drivers
2009-01-11 09:52:59 ----D---- C:\WINDOWS\Temp
2009-01-10 23:11:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 23:08:53 ----D---- C:\WINDOWS
2009-01-09 21:50:05 ----D---- C:\WINDOWS\system32
2009-01-07 23:43:53 ----SHD---- C:\WINDOWS\Installer
2009-01-07 23:43:48 ----D---- C:\Program Files\Common Files
2009-01-07 23:43:17 ----D---- C:\Program Files\RealArcade
2009-01-07 23:40:48 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-07 23:40:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-07 23:39:18 ----HD---- C:\WINDOWS\inf
2009-01-07 23:39:02 ----D---- C:\My Games
2009-01-01 09:25:30 ----A---- C:\WINDOWS\system32\c3n96if.dll
2008-12-30 02:28:43 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 01:37:13 ----D---- C:\Documents and Settings\charles johnson\Application Data\LimeWire
2008-12-27 19:26:03 ----D---- C:\Program Files\Internet Explorer
2008-12-27 18:29:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-27 18:09:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-27 18:09:45 ----A---- C:\WINDOWS\regedit.exe
2008-12-27 18:06:57 ----D---- C:\Documents and Settings
2008-12-25 21:29:26 ----N---- C:\WINDOWS\win.ini
2008-12-25 21:29:26 ----N---- C:\WINDOWS\system.ini
2008-12-25 21:29:26 ----ASH---- C:\boot.ini
2008-12-23 02:54:02 ----D---- C:\WINDOWS\Help
2008-12-22 02:55:29 ----D---- C:\WINDOWS\network diagnostic
2008-12-21 20:31:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-21 20:31:33 ----D---- C:\WINDOWS\WinSxS
2008-12-21 20:30:20 ----SD---- C:\Documents and Settings\charles johnson\Application Data\Microsoft
2008-12-19 06:55:40 ----D---- C:\Program Files\LimeWire
2008-12-16 23:02:02 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-15 21:47:04 ----D---- C:\WINDOWS\security
2008-12-15 17:50:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-15 17:47:31 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 17:45:31 ----D---- C:\WINDOWS\system32\wbem
2008-12-15 16:42:18 ----D---- C:\WINDOWS\system32\en-us
2008-12-15 16:42:17 ----D---- C:\WINDOWS\Media
2008-12-14 19:23:37 ----D---- C:\Program Files\Windows Media Player
2008-12-14 19:04:57 ----D---- C:\WINDOWS\system32\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgldx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-21 324872]
R1 avgmfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-21 27656]
R1 avgtdix;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-21 107272]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R2 sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2004-08-04 36224]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 nv4;nv4; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2001-08-30 829305]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 3dfxvs;3dfxvs; C:\WINDOWS\System32\DRIVERS\3dfxvsm.sys [2001-10-03 148352]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-30 829305]
S3 SASENUM;SASENUM; \??\D:\Program Files\SASENUM.SYS []
S3 tmpassthrump;tmpassthrump; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
R3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S2 jfwservice;JFWService; C:\Program Files\Freedom Scientific\JAWS\6.20\jfw.exe [2005-06-22 3280959]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2009-01-11 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S4 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S4 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-21 903960]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-21 298264]
S4 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2008-12-16 14336]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2001-08-30 57344]
S4 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S4 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]

-----------------EOF-----------------

==================================================================

heres the 2nd log file it contains similar items howeve it includes a buch of error details and other problems that i was unaware of until now

info.txt logfile of random's system information tool 1.05 2009-01-11 16:19:27

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll "
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini "
Delta Force Land Warrior-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\NovaLogic\Delta Force Land Warrior\Uninst.isu "
Gold Miner Vegas--> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\goldminervegas.rguninst" "AddRemove "
Grand Theft Auto-->C:\WINDOWS\IsUninst.exe -f "d:\program files\gta2\Uninst.isu "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
JAWS 6.20-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068978CC-8F9A-4E0C-A3FA-66C8C4801D7A}\Setup.exe"
LimeWire PRO 4.18.8--> "D:\Program Files\LimeWire\uninstall.exe "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mystery Case Files: Ravenhearst --> "D:\Program Files\Mystery Case Files - Ravenhearst\Uninstall.exe "
Need For Speed III Demo-->C:\WINDOWS\UNINST.EXE -f "d:\Program Files\Electronic Arts\Need For Speed III Demo\DeIsL1.isu" -c "d:\Program Files\Electronic Arts\Need For Speed III Demo\eauninst.dll "
NFS Wizard v0.5.0.79--> "D:\NFS Wizard\unins000.exe "
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Security Update for Windows Internet Explorer 7 (KB938127-v2)--> "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956390)--> "C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Veoh Web Player Beta--> "C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe "
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->D:\winrar\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: MACHINENAME
Event Code: 4
Message: AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 5
Source Name: ACPI
Time Written: 20081205180436.000000-300
Event Type: error
User:

Computer Name: MACHINENAME
Event Code: 5
Message: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 4
Source Name: ACPI
Time Written: 20081205180436.000000-300
Event Type: error
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 3
Source Name: EventLog
Time Written: 20081205175958.000000-300
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Uniprocessor Free.

Record Number: 2
Source Name: EventLog
Time Written: 20081205175958.000000-300
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used.

Record Number: 1
Source Name: Serial
Time Written: 20081205180008.000000-300
Event Type: information
User:

Application event log

Computer Name: DELTA-FORCE1
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Record Number: 61
Source Name: Application Error
Time Written: 20081207113102.000000-300
Event Type: error
User:

Computer Name: DELTA-FORCE1
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16735, faulting module unknown, version 0.0.0.0, fault address 0x4dc37ce5.

Record Number: 60
Source Name: Application Error
Time Written: 20081207113055.000000-300
Event Type: error
User:

Computer Name: DELTA-FORCE1
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16735, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Record Number: 59
Source Name: Application Error
Time Written: 20081207112138.000000-300
Event Type: error
User:

Computer Name: DELTA-FORCE1
Event Code: 4097
Message: The application, C:\Program Files\Internet Explorer\IEXPLORE.EXE, generated an application error
The error occurred on 12/07/2008 @ 11:21:32.271
The exception generated was c0000005 at address 7C91B1FA (ntdll!RtlpWaitForCriticalSection)

Record Number: 58
Source Name: DrWatson
Time Written: 20081207112132.000000-300
Event Type: information
User:

Computer Name: DELTA-FORCE1
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16735, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Record Number: 57
Source Name: Application Error
Time Written: 20081207112130.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=0402
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO

-----------------EOF-----------------

noahdfear · 2009/01/11

I know you stated that you previously felt ComboFix borked your computer, but I feel it was not truly ComboFix that harmed anything. I'm telling you this because I want to use ComboFix to finish cleaning up your machine, which still has a number of rogue remnants. A look through this forum will show that it has been used countless times with much success. That said .........

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

Side note - it's very likely that activity such as: C:\need for speed 3cracked by -=rogue=- : is what got you infected. I recommend you steer well clear of cracked software.

rayfalcon · 2009/01/11

it said that avg was running but i disabled it completely and locked up on the first run so i had to run it again but heres the log file

ComboFix 09-01-10.03 - charles johnson 2009-01-11 8:45:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.312 [GMT -5:00]
Running from: c:\documents and settings\charles johnson\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\charles johnson\Application Data\0200000088af5bae511C.manifest
c:\documents and settings\charles johnson\Application Data\0200000088af5bae511O.manifest
c:\documents and settings\charles johnson\Application Data\0200000088af5bae511P.manifest
c:\documents and settings\charles johnson\Application Data\0200000088af5bae511S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\c3n96if.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\68.tmp
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
c:\windows\system32\L5
c:\windows\system32\tmpPrst.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icf
-------\Service_avg

((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-11 16:18 . 2009-01-11 16:19 <DIR> d-------- c:\program files\trend micro
2009-01-11 16:17 . 2009-01-11 16:19 <DIR> d-------- C:\rsit
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Malwarebytes
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 16:17 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 16:17 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 00:03 . 2009-01-08 00:03 <DIR> d-------- c:\program files\Veoh Networks
2009-01-01 09:28 . 2009-01-01 09:29 <DIR> d-------- c:\windows\speech
2009-01-01 09:27 . 2009-01-01 09:27 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Freedom Scientific
2009-01-01 09:27 . 2009-01-11 20:32 2,000,000 --a----t- c:\windows\system32\HJSMEM.DAT
2009-01-01 09:27 . 2001-08-30 23:56 1,998,729 --a------ c:\windows\system32\dcmc0d0.dll
2009-01-01 09:27 . 2005-06-16 11:56 125,128 --a------ c:\windows\system32\JAWSVID.DLL
2009-01-01 09:26 . 2005-06-16 11:57 127,504 --------- c:\windows\system32\FSVIDICA.DLL
2009-01-01 09:26 . 2005-06-16 11:57 127,472 --------- c:\windows\system32\FSVIDRDP.DLL
2009-01-01 09:25 . 2009-01-01 09:25 <DIR> d-------- c:\program files\Rainbow Technologies
2009-01-01 09:25 . 2005-06-22 16:13 4,117,632 --------- c:\windows\system32\RainbowSSD5.39.2.exe
2009-01-01 09:25 . 2005-06-22 16:13 94,208 --------- c:\windows\system32\USafe32.DLL
2009-01-01 09:25 . 2005-06-22 16:13 33,584 --------- c:\windows\system32\FieldExUtil.chm
2009-01-01 09:25 . 2005-06-22 16:13 32,768 --------- c:\windows\system32\FieldExUtil.exe
2009-01-01 09:25 . 2005-06-22 16:13 3,318 --------- c:\windows\system32\drivers\fsbrldsp.Inf
2009-01-01 09:24 . 2009-01-01 09:24 <DIR> d-------- c:\program files\ssce
2009-01-01 09:24 . 2009-01-01 09:25 <DIR> d-------- c:\program files\Freedom Scientific
2009-01-01 09:24 . 2009-01-01 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Freedom Scientific
2009-01-01 09:24 . 2005-06-22 16:13 145,920 --------- c:\windows\SSCE5232.DLL
2009-01-01 09:24 . 2005-06-22 16:13 36,864 --------- c:\windows\system32\wa4jfw.dll
2009-01-01 09:23 . 2005-06-22 16:13 29,952 --------- c:\windows\system32\drivers\fsbrldsp.sys
2009-01-01 09:23 . 2005-06-22 16:13 20,480 --------- c:\windows\system32\drivers\wdmstub.sys
2009-01-01 09:23 . 2005-06-22 14:53 16,470 --------- c:\windows\system32\fsbrldspapi.dll
2009-01-01 08:28 . 2005-06-16 11:54 69,632 --------- c:\windows\system32\dcmuser.dll
2009-01-01 08:28 . 2005-06-16 11:54 57,344 --------- c:\windows\system32\Zx7Uninstall.dll
2009-01-01 08:28 . 2005-06-16 11:54 57,344 --------- c:\windows\system32\BSUninstall.dll
2009-01-01 08:28 . 2005-06-16 11:54 53,248 --------- c:\windows\system32\bypass_jfwvid.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_pca.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_idd.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_gwm.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_dolntdrv.dll
2009-01-01 08:28 . 2005-06-16 11:54 9,216 --------- c:\windows\system32\dcmkrnl.dll
2009-01-01 08:28 . 2005-06-16 11:54 380 --------- c:\windows\dcmuser.ini
2008-12-28 02:55 . 2008-12-29 20:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 02:55 . 2008-12-29 01:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 01:38 . 2008-12-28 01:38 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-28 01:38 . 2008-12-28 01:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\DFX
2008-12-28 00:54 . 2008-12-28 01:44 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\vlc
2008-12-28 00:52 . 2008-12-28 00:52 <DIR> d-------- c:\program files\VideoLAN
2008-12-27 21:09 . 2008-12-27 21:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PeerNetworking
2008-12-27 21:07 . 2008-12-27 21:07 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Yahoo!
2008-12-27 21:07 . 2008-12-27 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-27 21:05 . 2008-12-27 21:08 <DIR> d-------- c:\program files\Yahoo!
2008-12-27 21:05 . 2008-12-27 21:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-27 19:26 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-27 18:29 . 2008-12-27 19:37 <DIR> d-------- c:\documents and settings\charles johnson\.housecall6.6
2008-12-23 02:51 . 2008-12-23 02:51 <DIR> d-------- C:\cabs
2008-12-23 02:51 . 2001-08-30 23:56 110,592 --a------ c:\windows\system32\nvqtwk.dll
2008-12-23 02:51 . 2001-08-30 23:56 102,400 --a------ c:\windows\system32\nvdesk32.dll
2008-12-23 02:51 . 2001-08-30 23:56 73,728 --a------ c:\windows\system32\nvdmcpl.dll
2008-12-23 02:36 . 2006-05-19 03:28 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-22 20:31 . 2008-12-22 20:31 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\CyberLink
2008-12-22 16:52 . 2008-12-23 02:43 <DIR> d-------- C:\NVIDIA
2008-12-22 16:01 . 2008-12-22 16:12 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-22 16:01 . 2008-12-22 16:01 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\SystemRequirementsLab
2008-12-22 03:33 . 2008-12-25 03:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-21 20:33 . 2008-12-21 20:33 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-21 20:33 . 2008-12-21 20:33 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-21 20:33 . 2008-12-21 20:33 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-21 20:33 . 2008-12-21 20:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-21 20:32 . 2009-01-11 20:29 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-21 20:31 . 2008-12-21 20:31 <DIR> d-------- c:\program files\AVG
2008-12-21 20:31 . 2008-12-21 20:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-19 06:08 . 2009-01-07 23:37 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\uTorrent
2008-12-16 23:02 . 2008-12-16 23:03 2 --a------ C:\-797064268
2008-12-16 23:00 . 2008-12-16 23:04 <DIR> d-------- c:\windows\system32\zn
2008-12-16 22:59 . 2008-12-23 04:33 <DIR> d-------- c:\windows\system32\whSLD02
2008-12-16 22:59 . 2008-12-16 23:01 <DIR> d-------- c:\temp\REX81
2008-12-16 22:59 . 2008-12-28 03:36 <DIR> d-------- C:\Temp
2008-12-16 22:51 . 2008-12-16 22:51 <DIR> d-------- c:\program files\VIV Wizard
2008-12-16 22:50 . 2008-12-16 22:50 <DIR> d-------- c:\program files\NFS Wizard
2008-12-15 18:38 . 2008-12-22 03:41 <DIR> d-------- C:\need for speed 3cracked by -=rogue=-
2008-12-15 18:31 . 2008-12-15 18:36 2,819,737 --a------ C:\(PC - GAMES) Super Mario bross. ORIGINALE!!!.zip
2008-12-15 18:30 . 2008-12-15 18:49 251,368,819 --a------ C:\PC GAMES GTA-Grand Theft Auto- Vice City- Full Version.zip
2008-12-15 16:23 . 2008-12-16 04:40 16 --a------ c:\windows\popcinfo.dat
2008-12-15 01:31 . 2008-12-15 01:31 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\SUPERAntiSpyware.com
2008-12-15 01:31 . 2008-12-15 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-15 01:28 . 2008-12-15 01:28 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 00:18 . 2008-12-15 00:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-12-14 22:44 . 2008-12-15 16:16 <DIR> d-------- c:\program files\Bejeweled 2 Deluxe
2008-12-14 22:44 . 2008-12-14 22:43 720,896 --a------ c:\windows\iun6002ev.exe
2008-12-14 22:30 . 2008-12-14 22:30 147,456 --a------ c:\windows\system32\vbzip10.dll
2008-12-14 22:26 . 1998-08-31 11:52 299,008 --a------ c:\windows\uninst.exe
2008-12-14 19:23 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2008-12-14 19:23 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2008-12-14 19:23 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2008-12-14 19:23 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2008-12-14 19:23 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2008-12-14 19:23 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2008-12-14 19:23 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2008-12-14 19:23 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd
2008-12-14 19:23 . 2008-12-14 19:23 4,608 --a------ c:\windows\system32\w95inf32.dll
2008-12-14 19:23 . 2008-12-14 19:23 2,272 --a------ c:\windows\system32\w95inf16.dll
2008-12-14 19:21 . 2008-12-14 19:21 <DIR> d-------- c:\program files\GT Interactive
2008-12-14 19:04 . 2008-12-14 19:04 <DIR> d-------- c:\windows\nview
2008-12-14 09:00 . 2008-12-14 09:00 <DIR> d-------- c:\windows\Profiles
2008-12-14 09:00 . 2008-12-14 09:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-13 22:46 . 2008-12-15 16:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 01:41 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-12-13 01:41 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-12-13 01:29 . 2008-12-13 01:29 0 --a------ c:\windows\nsreg.dat
2008-12-11 02:42 . 2008-12-11 02:42 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-11 02:40 . 2008-12-11 02:41 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-11 02:02 . 2008-12-11 02:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2008-12-11 02:01 . 2008-12-11 02:01 <DIR> d-------- c:\program files\CyberLink
2008-12-11 01:51 . 2008-12-11 01:51 208,636 --a------ C:\AnalysisLog.sr0
2008-12-11 01:38 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-11 00:16 . 2008-12-11 00:16 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-11 00:05 . 2009-01-07 23:40 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-12-11 00:01 . 2009-01-07 23:40 <DIR> d-------- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 04:43 --------- d-----w c:\program files\RealArcade
2008-12-28 06:37 --------- d-----w c:\documents and settings\charles johnson\Application Data\LimeWire
2008-12-27 23:09 146,432 ----a-w c:\windows\regedit.exe
2008-12-19 11:55 --------- d-----w c:\program files\LimeWire
2008-12-17 04:02 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-09 21:12 --------- d-----w c:\documents and settings\charles johnson\Application Data\LimeWireTurbo
2008-12-08 05:48 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-08 05:48 --------- d-----w c:\program files\Java
2008-12-07 20:17 --------- d-----w c:\program files\NovaLogic
2008-12-07 17:10 --------- d-----w c:\program files\Windows Live
2008-12-07 17:08 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-06 04:20 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 d:\program files\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-12-21 20:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL "= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avg8_tray]
--a------ 2008-12-21 20:32 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-07-28 14:19 49152 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-08 00:48 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\superantispyware]
--a------ 2008-12-04 13:50 1809648 d:\program files\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-07-28 14:19 852038 c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 14:19 323584 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc "=2 (0x2)
"6to4 "=2 (0x2)
"JavaQuickStarterService "=2 (0x2)
"NVSvc "=2 (0x2)
"SNMPTRAP "=3 (0x3)
"SNMP "=2 (0x2)
"avg8wd "=2 (0x2)
"avg8emc "=2 (0x2)
"AppMgmt "=3 (0x3)
"ICF "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 avgrkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-21 12552]
R1 avgldx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-21 324872]
R1 avgtdix;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-21 107272]
R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2008-12-04 55024]
S1 d8a9332c;d8a9332c;c:\windows\system32\drivers\d8a9332c.sys --> c:\windows\system32\drivers\d8a9332c.sys [?]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2008-12-05 148352]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2008-12-04 7408]
S3 tmpassthrump;tmpassthrump;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-21 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-21 298264]
S4 jfwservice;JFWService;c:\program files\Freedom Scientific\JAWS\6.20\jfw.exe [2009-01-01 3280959]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -

BHO-{a062f21e-486f-442e-bf6f-c9471e9605e3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://windstream.net/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 08:47:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
d:\program files\SASWINLO.dll
.
Completion time: 2009-01-11 8:51:25
ComboFix-quarantined-files.txt 2009-01-11 13:50:08

Pre-Run: 3,459,985,408 bytes free
Post-Run: 3,449,982,976 bytes free

288 --- E O F --- 2008-12-07 17:03:15

noahdfear · 2009/01/11

Why did you not allow the Recovery Console to be installed?

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Driver::
d8a9332c
tmpassthrump
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
 "ICF "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

rayfalcon · 2009/01/12

i wasnt sure what it was and i thought that it would take and run windows recovery Im sorry I shall let it be installed if you think its really neccessary by the way on avg will that cfscript disable it? I completely set everything to manual but combofix detects it as still running realtime protection

rayfalcon · 2009/01/12

ok heres the latest scan i still can not get avg 8.0 realtime scan disabled no matter what i do
by the way now when i send or recieve emails it has an attachment of 0000108.htm the numbers vary but all have the same layout 0000 then a variable number followed with the htm extension should i open one of them to see what it is or not?

ComboFix 09-01-11.04 - charles johnson 2009-01-12 13:51:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.311 [GMT -5:00]
Running from: c:\documents and settings\charles johnson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\charles johnson\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d8a9332c
-------\Service_tmpassthrump

((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-11 16:18 . 2009-01-11 16:19 <DIR> d-------- c:\program files\trend micro
2009-01-11 16:17 . 2009-01-11 16:19 <DIR> d-------- C:\rsit
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Malwarebytes
2009-01-11 16:17 . 2009-01-11 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 16:17 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 16:17 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 00:03 . 2009-01-08 00:03 <DIR> d-------- c:\program files\Veoh Networks
2009-01-01 09:28 . 2009-01-01 09:29 <DIR> d-------- c:\windows\speech
2009-01-01 09:27 . 2009-01-01 09:27 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Freedom Scientific
2009-01-01 09:27 . 2009-01-11 20:32 2,000,000 --a----t- c:\windows\system32\HJSMEM.DAT
2009-01-01 09:27 . 2001-08-30 23:56 1,998,729 --a------ c:\windows\system32\dcmc0d0.dll
2009-01-01 09:27 . 2005-06-16 11:56 125,128 --a------ c:\windows\system32\JAWSVID.DLL
2009-01-01 09:26 . 2005-06-16 11:57 127,504 --------- c:\windows\system32\FSVIDICA.DLL
2009-01-01 09:26 . 2005-06-16 11:57 127,472 --------- c:\windows\system32\FSVIDRDP.DLL
2009-01-01 09:25 . 2009-01-01 09:25 <DIR> d-------- c:\program files\Rainbow Technologies
2009-01-01 09:25 . 2005-06-22 16:13 4,117,632 --------- c:\windows\system32\RainbowSSD5.39.2.exe
2009-01-01 09:25 . 2005-06-22 16:13 94,208 --------- c:\windows\system32\USafe32.DLL
2009-01-01 09:25 . 2005-06-22 16:13 33,584 --------- c:\windows\system32\FieldExUtil.chm
2009-01-01 09:25 . 2005-06-22 16:13 32,768 --------- c:\windows\system32\FieldExUtil.exe
2009-01-01 09:25 . 2005-06-22 16:13 3,318 --------- c:\windows\system32\drivers\fsbrldsp.Inf
2009-01-01 09:24 . 2009-01-01 09:24 <DIR> d-------- c:\program files\ssce
2009-01-01 09:24 . 2009-01-01 09:25 <DIR> d-------- c:\program files\Freedom Scientific
2009-01-01 09:24 . 2009-01-01 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Freedom Scientific
2009-01-01 09:24 . 2005-06-22 16:13 145,920 --------- c:\windows\SSCE5232.DLL
2009-01-01 09:24 . 2005-06-22 16:13 36,864 --------- c:\windows\system32\wa4jfw.dll
2009-01-01 09:23 . 2005-06-22 16:13 29,952 --------- c:\windows\system32\drivers\fsbrldsp.sys
2009-01-01 09:23 . 2005-06-22 16:13 20,480 --------- c:\windows\system32\drivers\wdmstub.sys
2009-01-01 09:23 . 2005-06-22 14:53 16,470 --------- c:\windows\system32\fsbrldspapi.dll
2009-01-01 08:28 . 2005-06-16 11:54 69,632 --------- c:\windows\system32\dcmuser.dll
2009-01-01 08:28 . 2005-06-16 11:54 57,344 --------- c:\windows\system32\Zx7Uninstall.dll
2009-01-01 08:28 . 2005-06-16 11:54 57,344 --------- c:\windows\system32\BSUninstall.dll
2009-01-01 08:28 . 2005-06-16 11:54 53,248 --------- c:\windows\system32\bypass_jfwvid.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_pca.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_idd.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_gwm.dll
2009-01-01 08:28 . 2005-06-16 11:54 49,152 --------- c:\windows\system32\bypass_dolntdrv.dll
2009-01-01 08:28 . 2005-06-16 11:54 9,216 --------- c:\windows\system32\dcmkrnl.dll
2009-01-01 08:28 . 2005-06-16 11:54 380 --------- c:\windows\dcmuser.ini
2008-12-28 02:55 . 2008-12-29 20:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 02:55 . 2008-12-29 01:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-28 01:38 . 2008-12-28 01:38 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-28 01:38 . 2008-12-28 01:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\DFX
2008-12-28 00:54 . 2008-12-28 01:44 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\vlc
2008-12-28 00:52 . 2008-12-28 00:52 <DIR> d-------- c:\program files\VideoLAN
2008-12-27 21:09 . 2008-12-27 21:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\PeerNetworking
2008-12-27 21:07 . 2008-12-27 21:07 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\Yahoo!
2008-12-27 21:07 . 2008-12-27 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-27 21:05 . 2008-12-27 21:08 <DIR> d-------- c:\program files\Yahoo!
2008-12-27 21:05 . 2008-12-27 21:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-27 19:26 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-27 18:29 . 2008-12-27 19:37 <DIR> d-------- c:\documents and settings\charles johnson\.housecall6.6
2008-12-23 02:51 . 2008-12-23 02:51 <DIR> d-------- C:\cabs
2008-12-23 02:51 . 2001-08-30 23:56 110,592 --a------ c:\windows\system32\nvqtwk.dll
2008-12-23 02:51 . 2001-08-30 23:56 102,400 --a------ c:\windows\system32\nvdesk32.dll
2008-12-23 02:51 . 2001-08-30 23:56 73,728 --a------ c:\windows\system32\nvdmcpl.dll
2008-12-23 02:36 . 2006-05-19 03:28 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-22 20:31 . 2008-12-22 20:31 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\CyberLink
2008-12-22 16:52 . 2008-12-23 02:43 <DIR> d-------- C:\NVIDIA
2008-12-22 16:01 . 2008-12-22 16:12 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-22 16:01 . 2008-12-22 16:01 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\SystemRequirementsLab
2008-12-22 03:33 . 2008-12-25 03:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-21 20:33 . 2008-12-21 20:33 324,872 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-21 20:33 . 2008-12-21 20:33 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-21 20:33 . 2008-12-21 20:33 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-21 20:33 . 2008-12-21 20:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-21 20:32 . 2009-01-11 20:29 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-21 20:31 . 2008-12-21 20:31 <DIR> d-------- c:\program files\AVG
2008-12-21 20:31 . 2008-12-21 20:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-19 06:08 . 2009-01-07 23:37 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\uTorrent
2008-12-16 23:02 . 2008-12-16 23:03 2 --a------ C:\-797064268
2008-12-16 23:00 . 2008-12-16 23:04 <DIR> d-------- c:\windows\system32\zn
2008-12-16 22:59 . 2008-12-23 04:33 <DIR> d-------- c:\windows\system32\whSLD02
2008-12-16 22:59 . 2008-12-16 23:01 <DIR> d-------- c:\temp\REX81
2008-12-16 22:59 . 2008-12-28 03:36 <DIR> d-------- C:\Temp
2008-12-16 22:51 . 2008-12-16 22:51 <DIR> d-------- c:\program files\VIV Wizard
2008-12-16 22:50 . 2008-12-16 22:50 <DIR> d-------- c:\program files\NFS Wizard
2008-12-15 18:38 . 2008-12-22 03:41 <DIR> d-------- C:\need for speed 3cracked by -=rogue=-
2008-12-15 18:31 . 2008-12-15 18:36 2,819,737 --a------ C:\(PC - GAMES) Super Mario bross. ORIGINALE!!!.zip
2008-12-15 18:30 . 2008-12-15 18:49 251,368,819 --a------ C:\PC GAMES GTA-Grand Theft Auto- Vice City- Full Version.zip
2008-12-15 16:23 . 2008-12-16 04:40 16 --a------ c:\windows\popcinfo.dat
2008-12-15 01:31 . 2008-12-15 01:31 <DIR> d-------- c:\documents and settings\charles johnson\Application Data\SUPERAntiSpyware.com
2008-12-15 01:31 . 2008-12-15 01:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-15 01:28 . 2008-12-15 01:28 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 00:18 . 2008-12-15 00:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-12-14 22:44 . 2008-12-15 16:16 <DIR> d-------- c:\program files\Bejeweled 2 Deluxe
2008-12-14 22:44 . 2008-12-14 22:43 720,896 --a------ c:\windows\iun6002ev.exe
2008-12-14 22:30 . 2008-12-14 22:30 147,456 --a------ c:\windows\system32\vbzip10.dll
2008-12-14 22:26 . 1998-08-31 11:52 299,008 --a------ c:\windows\uninst.exe
2008-12-14 19:23 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2008-12-14 19:23 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2008-12-14 19:23 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2008-12-14 19:23 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2008-12-14 19:23 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2008-12-14 19:23 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2008-12-14 19:23 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2008-12-14 19:23 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd
2008-12-14 19:23 . 2008-12-14 19:23 4,608 --a------ c:\windows\system32\w95inf32.dll
2008-12-14 19:23 . 2008-12-14 19:23 2,272 --a------ c:\windows\system32\w95inf16.dll
2008-12-14 19:21 . 2008-12-14 19:21 <DIR> d-------- c:\program files\GT Interactive
2008-12-14 19:04 . 2008-12-14 19:04 <DIR> d-------- c:\windows\nview
2008-12-14 09:00 . 2008-12-14 09:00 <DIR> d-------- c:\windows\Profiles
2008-12-14 09:00 . 2008-12-14 09:00 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-13 22:46 . 2008-12-15 16:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 01:41 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-12-13 01:41 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-12-13 01:29 . 2008-12-13 01:29 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 04:43 --------- d-----w c:\program files\RealArcade
2009-01-08 04:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 04:40 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-28 06:37 --------- d-----w c:\documents and settings\charles johnson\Application Data\LimeWire
2008-12-27 23:09 146,432 ----a-w c:\windows\regedit.exe
2008-12-19 11:55 --------- d-----w c:\program files\LimeWire
2008-12-11 07:42 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-11 07:02 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-11 07:01 --------- d-----w c:\program files\CyberLink
2008-12-09 21:12 --------- d-----w c:\documents and settings\charles johnson\Application Data\LimeWireTurbo
2008-12-08 05:48 --------- d-----w c:\program files\Java
2008-12-07 20:17 --------- d-----w c:\program files\NovaLogic
2008-12-07 17:10 --------- d-----w c:\program files\Windows Live
2008-12-07 17:08 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-06 04:20 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_16.37.00.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 d:\program files\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-12-21 20:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL "= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avg8_tray]
--a------ 2008-12-21 20:32 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-07-28 14:19 49152 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-08 00:48 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\superantispyware]
--a------ 2008-12-04 13:50 1809648 d:\program files\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-07-28 14:19 852038 c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 14:19 323584 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc "=2 (0x2)
"JavaQuickStarterService "=2 (0x2)
"NVSvc "=2 (0x2)
"SNMPTRAP "=3 (0x3)
"SNMP "=2 (0x2)
"avg8wd "=2 (0x2)
"avg8emc "=2 (0x2)
"AppMgmt "=3 (0x3)
"jfwservice "=2 (0x2)
"p2pimsvc "=3 (0x3)
"PNRPSvc "=3 (0x3)
"p2psvc "=3 (0x3)
"p2pgasvc "=3 (0x3)
"usnjsvc "=3 (0x3)
"WLSetupSvc "=3 (0x3)
"wuauserv "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 avgrkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-21 12552]
R1 avgldx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-21 324872]
R1 avgtdix;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-21 107272]
R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2008-12-04 55024]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2008-12-05 148352]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2008-12-04 7408]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-21 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-21 298264]
S4 jfwservice;JFWService;c:\program files\Freedom Scientific\JAWS\6.20\jfw.exe [2009-01-01 3280959]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -

BHO-{a062f21e-486f-442e-bf6f-c9471e9605e3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://windstream.net/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 13:58:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
d:\program files\SASWINLO.dll
.
Completion time: 2009-01-12 14:03:52 - machine was rebooted [charles johnson]
ComboFix-quarantined-files.txt 2009-01-12 19:02:43
ComboFix2.txt 2009-01-11 13:51:27

Pre-Run: 3,370,676,224 bytes free
Post-Run: 3,402,960,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=AlwaysOff

265 --- E O F --- 2008-12-07 17:03:15

noahdfear · 2009/01/13

Did you check the link I provided for turning off AVG's realtime protection? From that link;

Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
Click on Tools.
Select Advanced.
In the left hand pane, scroll down to "Resident Shield ".
In the main pane, deselect the option to "Enable Resident Shield. "
To re-enable AVG 8, please select "Enable Resident Shield" again.
Click to expand...

Lets press on. Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, it will begin scanning your computer

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

Note - it's best to disable realtime protections whilst scanning

rayfalcon · 2009/01/13

"noahdfear said: ↑

Did you check the link I provided for turning off AVG's realtime protection? From that link;

Lets press on. Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, it will begin scanning your computer

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

Note - it's best to disable realtime protections whilst scanning
Click to expand...

yep i did that but combo fix says its not even though i have checked and re-checked it per your instructions its disabled but is not registering that its disabled... on another note can avg be what has the virus or put the virus on my system??

noahdfear · 2009/01/13

AVG would not be infected unless you downloaded it via a dubious source, such as a torrent or crack site.

Provided you have disabled it as shown, proceed with the Panda scan as directed.

rayfalcon · 2009/01/14

Panda results

here are the Panda scan results .....I will make another post directly after this one that gives several suggestions and ideas as far as this site and a possable way to help your users even more and i will help with it if neccessary or needed.
on a differant note all cookies were deleted about 1 hour before the scan and to my untrained eyes it appears as no infection (virus) was found but there again could it be a constant moving virus type? if you will a stealth virus or cloaking virus?

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-14 01:45:09
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@mediaplex[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@clickbank[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@yadro[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@ad.yieldmanager[2].txt
00168059 Cookie/Mp3s Hits TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@www.mp3shits[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@atwola[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\charles johnson\Cookies\charles_johnson@enhance[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location )
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description )
;===================================================================================================================================================================================
;===================================================================================================================================================================================

noahdfear · 2009/01/14

Moving your suggestion post to the comments and suggestions forum. For the record, we will not be hosting tools here such as ComboFix, RSIT, etc.

Please forward one of those emails to me. I would also like you to create and send me a test email.

rayfalcon · 2009/01/15

ok i have done that what can i do now?

noahdfear · 2009/01/15

I recieved the emails and knew immediately upon opening the first what the problem was, then saw upon opening the second that you had figured it out already. Nothing left to do but clean up now.

Open MBAM and remove any items quarantined. Do the same with your resident antivirus.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete RSIT.exe and the C:\rsit folder.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

That should be it. Everything appear to be working normally again?

Log in or Sign up

Solved my router is going CRAZY please help

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

wildfire Getting Old

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved my router is going CRAZY please help

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

wildfire Getting Old

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

rayfalcon Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches