Solved C:\WINDOWS\system32\{Fc6c8f43-d13d-b39c-500c-60edcb4f73aa}.dll

[Resolved] C:\WINDOWS\system32\{Fc6c8f43-d13d-b39c-500c-60edcb4f73aa}.dll

This shows up after start up of xp? does anyone know how to fix this issue please?

 

Welcome to WindowsBBS chiefmissile

We'll first have to see if we can determine the cause.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

 

Ok all done, lots of text.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrew Lyburn at 2008-11-08 16:11:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (22%) free of 20 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:00, on 08/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\update\update.exe
C:\Documents and Settings\Andrew Lyburn\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew Lyburn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {3e8b8831-a1ed-25c4-86b2-0d65fcda02f6} - (no file)
O2 - BHO: DeskalertsBHO - {5121B863-FAE8-4935-BA76-0ABE0239AECA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{fc6c8f43-d13d-b39c-500c-60edcb4f73aa}.dll" DllInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146076777828
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.123.238.206/activex/AxisCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pics.ebaystatic.com/aw/pics/uk/welcome_yellow.gif

--
End of file - 10035 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e8b8831-a1ed-25c4-86b2-0d65fcda02f6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5121B863-FAE8-4935-BA76-0ABE0239AECA}]
DeskalertsBHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"spa_start "=C:\WINDOWS\system32\{fc6c8f43-d13d-b39c-500c-60edcb4f73aa}.dll DllInit []
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"MBkLogOnHook "=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"LVCOMSX "=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoTray "=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"LogitechVideoRepair "=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"Logitech Utility "=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"AVG7_CC "=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-29 590848]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"a-squared Anti-Dialer "=C:\Program Files\a-squared Anti-Dialer\a2adguard.exe /d=60 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"LogitechSoftwareUpdate "=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Uniblue RegistryBooster 2 "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"SsAAD.exe "=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe []
"NBJ "=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000]
"msnmsgr "=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate "=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe [2008-03-25 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
«‘|ë‘|4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoDriveAutoRun "=4294967295

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\BitComet\BitComet.exe "= "C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe "= "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"D:\Azureus\Azureus.exe "= "D:\Azureus\Azureus.exe:*:Enabled:Azureus "
"D:\BitComet\BitComet.exe "= "D:\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"D:\BitComet\codec\BitDownload\BitDownload.exe "= "D:\BitComet\codec\BitDownload\BitDownload.exe:*:Enabled:Warez3 "
"C:\Program Files\Real\RealPlayer\realplay.exe "= "C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe "= "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "
"C:\Program Files\Grisoft\AVG7\avginet.exe "= "C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe "
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\Program Files\Grisoft\AVG7\avgcc.exe "= "C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe "
"C:\Program Files\Grisoft\AVG7\avgemc.exe "= "C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2008-10-29 17:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-29 16:18:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-18 15:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-18 15:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-18 14:33:46 ----D---- C:\Program Files\trend micro
2008-10-18 14:33:45 ----DC---- C:\rsit
2008-10-18 14:24:05 ----D---- C:\Program Files\RegCure
2008-10-18 13:58:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-18 13:58:32 ----A---- C:\WINDOWS\system32\SHDOC401.DLL
2008-10-18 13:58:32 ----A---- C:\WINDOWS\system32\ArmAccess.dll
2008-10-18 13:58:31 ----D---- C:\Program Files\1 Click PC Fix
2008-10-18 13:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 13:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 13:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 13:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 13:20:12 ----D---- C:\WINDOWS\Prefetch
2008-10-18 12:53:01 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-18 12:53:00 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-25 20:35:16 ----DC---- C:\Drivers
2008-09-25 20:35:16 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2008-09-25 20:34:13 ----DC---- C:\USB_DRV
2008-09-25 20:22:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-09-25 19:57:07 ----D---- C:\Program Files\DriverGuide DriverScan
2008-09-18 11:51:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-17 21:25:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-17 21:25:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-17 21:25:05 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-17 21:25:03 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-17 21:25:02 ----A---- C:\WINDOWS\system32\capicom.dll
2008-09-17 21:25:01 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-17 21:25:01 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-17 21:25:00 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-17 21:24:59 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-17 21:24:57 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-17 21:24:57 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-17 21:24:55 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-17 21:24:55 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-17 21:24:54 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-17 21:24:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-09-17 21:24:52 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-09-17 21:24:52 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-17 21:24:51 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-17 21:24:48 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-17 21:24:47 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-09-17 21:24:47 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-17 21:24:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-09-17 21:24:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-17 21:24:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-09-17 21:24:44 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-09-17 21:24:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-17 21:24:43 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-17 21:24:42 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-17 21:24:41 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-17 21:24:40 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-17 21:24:40 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-17 21:24:38 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-17 21:24:38 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-17 21:24:33 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-17 21:24:30 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-17 21:24:29 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-17 21:24:29 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-17 21:24:06 ----RA---- C:\WINDOWS\system32\InstMed.exe
2008-09-17 21:23:54 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2008-09-17 21:23:54 ----A---- C:\WINDOWS\system32\LVUI2.dll
2008-09-17 21:23:54 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2008-09-17 21:23:54 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2008-09-17 21:23:54 ----A---- C:\WINDOWS\system32\LVCodec2.dll
2008-09-17 21:23:47 ----D---- C:\Program Files\Common Files\Logitech
2008-09-17 21:23:42 ----A---- C:\WINDOWS\system32\Lvkrn12n.dll
2008-09-17 21:23:42 ----A---- C:\WINDOWS\system32\LCamCpl.dll
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\QCUI2.dll
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\Ltwvc12n.dll
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\ltkrn12n.dll
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\ltimg12n.dll
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\ltfil12n.DLL
2008-09-17 21:23:36 ----A---- C:\WINDOWS\system32\ltefx12n.dll
2008-09-17 21:23:35 ----A---- C:\WINDOWS\system32\LTDIS12n.dll
2008-09-17 21:23:35 ----A---- C:\WINDOWS\system32\lftif12n.dll
2008-09-17 21:23:35 ----A---- C:\WINDOWS\system32\lffax12n.dll
2008-09-17 21:23:35 ----A---- C:\WINDOWS\system32\LFCMP12n.DLL
2008-09-17 21:23:34 ----A---- C:\WINDOWS\system32\lfbmp12n.dll
2008-09-17 21:23:33 ----A---- C:\WINDOWS\system32\LQCUI2.dll
2008-09-17 21:21:27 ----D---- C:\WINDOWS\Logs
2008-09-10 15:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 15:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-07 16:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-07 16:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-07 16:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-07 16:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-07 16:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-07 16:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-07 16:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

======List of files/folders modified in the last 3 months======

2008-11-08 16:11:19 ----HD---- C:\WINDOWS\inf
2008-11-08 16:11:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-08 16:11:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-08 16:09:31 ----D---- C:\WINDOWS\Temp
2008-11-08 16:09:26 ----D---- C:\WINDOWS
2008-10-30 07:27:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-30 07:15:47 ----D---- C:\WINDOWS\system32
2008-10-29 17:01:29 ----SHD---- C:\WINDOWS\Installer
2008-10-29 17:01:27 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-29 17:01:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-29 17:00:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-29 16:17:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-18 15:11:10 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 15:11:09 ----D---- C:\WINDOWS\system32\drivers
2008-10-18 15:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-18 15:10:54 ----D---- C:\Program Files\Messenger
2008-10-18 15:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-18 15:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-18 15:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-18 15:09:41 ----D---- C:\WINDOWS\WinSxS
2008-10-18 14:54:27 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\AVG7
2008-10-18 14:33:46 ----RD---- C:\Program Files
2008-10-18 13:34:47 ----D---- C:\Program Files\internet explorer
2008-10-18 13:19:30 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 13:19:30 ----D---- C:\WINDOWS\AppPatch
2008-10-18 13:19:29 ----D---- C:\WINDOWS\system32\Setup
2008-10-18 13:19:23 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 13:18:39 ----D---- C:\WINDOWS\security
2008-10-18 13:15:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 13:11:58 ----D---- C:\WINDOWS\system32\bits
2008-10-18 13:11:32 ----D---- C:\WINDOWS\system32\usmt
2008-10-18 13:11:30 ----D---- C:\WINDOWS\system32\Restore
2008-10-18 13:11:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-18 13:11:29 ----D---- C:\WINDOWS\system32\npp
2008-10-18 13:11:10 ----D---- C:\WINDOWS\system32\Com
2008-10-18 13:09:42 ----D---- C:\WINDOWS\system
2008-10-18 13:09:42 ----D---- C:\WINDOWS\srchasst
2008-10-18 13:07:17 ----D---- C:\WINDOWS\PeerNet
2008-10-18 13:07:16 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 13:07:14 ----D---- C:\WINDOWS\msagent
2008-10-18 13:07:07 ----D---- C:\WINDOWS\ime
2008-10-18 13:07:07 ----D---- C:\WINDOWS\Help
2008-10-18 13:06:18 ----D---- C:\WINDOWS\system32\en-US
2008-10-18 13:03:56 ----SD---- C:\WINDOWS\Tasks
2008-10-18 12:53:02 ----HD---- C:\WINDOWS\ShellNew
2008-10-18 12:53:01 ----D---- C:\Program Files\Common Files
2008-10-18 12:47:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-18 12:45:59 ----D---- C:\Program Files\a-squared Free
2008-10-18 12:45:39 ----D---- C:\Program Files\a-squared Anti-Dialer
2008-10-18 12:41:16 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\Ahead
2008-10-18 12:41:05 ----A---- C:\WINDOWS\setuplog.txt
2008-10-18 12:40:55 ----AC---- C:\WINDOWS\system32\wpa.bak
2008-10-18 12:39:09 ----SHD---- C:\System Volume Information
2008-10-18 12:36:43 ----ASHC---- C:\boot.ini
2008-10-18 12:36:43 ----A---- C:\WINDOWS\WIN.INI
2008-10-18 12:36:43 ----A---- C:\WINDOWS\system.ini
2008-10-18 12:18:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-15 16:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 21:54:21 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-25 20:53:05 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-25 20:35:12 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-25 20:23:04 ----RSD---- C:\WINDOWS\assembly
2008-09-17 21:27:33 ----D---- C:\WINDOWS\twain_32
2008-09-17 21:25:09 ----D---- C:\WINDOWS\system32\DirectX
2008-09-17 21:24:05 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-17 21:23:31 ----D---- C:\Program Files\Logitech
2008-09-09 21:49:45 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-09-07 16:04:20 ----D---- C:\WINDOWS\ie7updates
2008-08-27 08:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 07:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 07:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 07:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 08:38:00 ----N---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 08:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 05:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 10:00:45 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22:13 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-04-07 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-04-07 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-04-07 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-04-07 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-05-10 140416]
R1 nnrnstdi;nnrnstdi; C:\WINDOWS\system32\drivers\nnrnstdi.sys [2006-02-15 13312]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-05-10 198528]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-07 20747]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-04-07 4960]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-04-09 305100]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 RT73;Wireless-G USB Network Adapter with RangeBooster Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
R3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 epppdt;EPSON 1394.3 Class; C:\WINDOWS\system32\DRIVERS\epppdt.sys [2004-08-31 31269]
S3 epppdtpr;EPSON 1394.3 Printer Class; C:\WINDOWS\system32\DRIVERS\epppdtpr.sys [2003-08-19 14523]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\system32\DRIVERS\LVCD.sys [2004-02-14 471712]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-04-07 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-04-07 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-04-07 406528]
S2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe []
S2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe []
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe []
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe []
S2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-07-25 378184]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-07-25 695624]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

 

I see quite a number of references to McAfee, though it doesn't appear active. Are they leftovers from uninstalling it, or is it just disabled? It is not advisable to have 2 antivirus programs installed. If you're keeping AVG, recommend you uninstall McAfee. Let me know if it has already been uninstalled so we can cleanup all those remnants.

Once McAfee has been adressed, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log here in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Thanks for your swift reply, McAfee is not operating tried to remove this sometime ago, but there seems to be McAfee files remaining, woul like as you have suggested get rid of these. Thanks for your continued support

 

OK. Go ahead and run ComboFix as described. We'll tackle McAfee afterwards.

 

Ok Here it is


ComboFix 08-11-07.01 - Andrew Lyburn 2008-11-08 20:32:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1645 [GMT 0:00]
Running from: c:\documents and settings\Andrew Lyburn\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cpmsky-uninst.exe
c:\windows\system32\ss.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-08 18:24 . 2008-11-08 18:40 <DIR> d-------- c:\documents and settings\Andrew Lyburn\Application Data\Download Manager
2008-11-08 18:07 . 2008-11-08 18:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-11-08 17:49 . 2008-11-08 17:50 <DIR> d-------- c:\program files\CCleaner
2008-11-08 17:37 . 2008-11-08 17:37 <DIR> d-------- c:\program files\Yahoo!
2008-11-08 17:37 . 2008-11-08 17:37 <DIR> d-------- c:\program files\Recuva
2008-11-08 16:42 . 2008-11-08 16:42 <DIR> d-------- c:\documents and settings\Andrew Lyburn\Application Data\ParetoLogic
2008-11-08 16:41 . 2008-11-08 16:41 <DIR> d-------- c:\program files\ParetoLogic
2008-11-08 16:41 . 2008-11-08 16:41 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2008-11-08 16:41 . 2008-11-08 16:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ParetoLogic
2008-11-08 16:21 . 2008-11-08 16:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-10-29 16:31 . 2008-04-14 00:11 136,192 --------- c:\windows\system32\aaclient.dll
2008-10-29 16:26 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d----c--- C:\rsit
2008-10-18 14:33 . 2008-11-08 16:11 <DIR> d-------- c:\program files\trend micro
2008-10-18 14:24 . 2008-11-08 19:09 <DIR> d-------- c:\program files\RegCure
2008-10-18 13:58 . 2008-10-18 14:11 <DIR> d-------- c:\program files\1 Click PC Fix
2008-10-18 13:58 . 2008-10-18 13:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-10-18 13:58 . 2001-08-16 23:00 494,352 --a------ c:\windows\system32\SHDOC401.DLL
2008-10-18 13:58 . 2000-05-22 14:58 83,144 --a------ c:\windows\system32\PICCLP32.OCX
2008-10-18 13:58 . 2007-12-19 15:12 53,248 --a------ c:\windows\system32\ArmAccess.dll
2008-10-18 13:25 . 2008-06-13 11:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-18 13:24 . 2008-04-11 19:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-18 13:24 . 2008-05-08 14:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-18 12:53 . 2008-10-18 12:53 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-10-18 11:57 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-18 11:56 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-18 11:56 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-18 11:56 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-18 11:56 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-18 11:56 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:09 --------- d-----w c:\program files\DriverGuide DriverScan
2008-11-08 18:07 --------- d--h--r c:\documents and settings\Andrew Lyburn\Application Data\yahoo!
2008-11-08 17:55 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\LimeWire
2008-10-29 17:01 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 14:54 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\AVG7
2008-10-18 12:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 12:45 --------- d-----w c:\program files\a-squared Free
2008-10-18 12:45 --------- d-----w c:\program files\a-squared Anti-Dialer
2008-10-18 12:41 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\Ahead
2008-09-25 20:35 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-25 20:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-09-18 11:51 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-17 21:23 --------- d-----w c:\program files\Logitech
2008-09-17 21:23 --------- d-----w c:\program files\Common Files\Logitech
2008-09-08 10:41 333,824 ------w c:\windows\system32\drivers\srv.sys
2008-04-07 19:57 35,960,792 ----a-w c:\program files\avg75free_519a1276.exe
2008-01-26 20:51 4,496,904 ----a-w c:\program files\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate "= "c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"MBkLogOnHook "= "c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"LVCOMSX "= "c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray "= "c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair "= "c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"AVG7_CC "= "c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-29 590848]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-07 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis "= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
«‘|ë‘|4 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11059:TCP "= 11059:TCP:BitComet 11059 TCP
"11059:UDP "= 11059:UDP:BitComet 11059 UDP
"19497:TCP "= 19497:TCP:BitComet 19497 TCP
"19497:UDP "= 19497:UDP:BitComet 19497 UDP

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2006-02-15 13312]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys [2005-06-17 19968]
S3 epppdt;EPSON 1394.3 Class;c:\windows\system32\DRIVERS\epppdt.sys [2004-08-31 31269]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\system32\DRIVERS\epppdtpr.sys [2003-08-19 14523]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-19 00:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3e8b8831-a1ed-25c4-86b2-0d65fcda02f6} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.co.uk/
O17 -: HKLM\CCS\Interface\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf
c:\windows\Downloaded Program Files\Manager.exe
c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 20:42:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2008-11-08 20:49:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 20:49:25

Pre-Run: 4,647,235,584 bytes free
Post-Run: 4,579,528,704 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect

169 --- E O F --- 2008-11-08 16:39:00

 

Looks great! Please run RSIT again and post the log it creates and opens.

 

Sorry this is late, been on holiday

Hi,

Sorry this has taken so long, i have been away on holiday. Your advice seems to have done the trick, have cut and pasted the log file. Is there anything else i need to do? what about removing the remaining McAfee? Thanks again for your great advice

Logfile of random's system information tool 1.04 (written by random/random)
Run by Andrew Lyburn at 2008-11-20 20:48:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (40%) free of 20 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:56, on 20/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Andrew Lyburn\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrew Lyburn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146076777828
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.123.238.206/activex/AxisCamControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{23FA4D4D-9326-4776-A3C8-B5616C288519}: NameServer = 192.168.0.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pics.ebaystatic.com/aw/pics/uk/welcome_yellow.gif

--
End of file - 8130 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
eBay Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"Logitech Utility "=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"AVG7_CC "=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-29 590848]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ "=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000]
"Eraser "=C:\Program Files\Eraser\Eraser.exe [2007-12-22 916240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
«‘|ë‘|4 []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe "= "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Grisoft\AVG7\avginet.exe "= "C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe "
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\Program Files\Grisoft\AVG7\avgcc.exe "= "C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe "
"C:\Program Files\Grisoft\AVG7\avgemc.exe "= "C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2008-11-20 20:40:13 ----D---- C:\WINDOWS\temp
2008-11-20 20:40:12 ----AC---- C:\ComboFix.txt
2008-11-20 20:36:52 ----DC---- C:\ComboFix
2008-11-20 18:45:07 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-20 18:45:05 ----D---- C:\Program Files\Eraser
2008-11-20 18:30:06 ----SHDC---- C:\Config.Msi
2008-11-20 17:59:40 ----A---- C:\WINDOWS\_delis32.ini
2008-11-08 20:31:45 ----AC---- C:\Boot.bak
2008-11-08 20:31:40 ----RASHDC---- C:\cmdcons
2008-11-08 20:28:44 ----A---- C:\WINDOWS\zip.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\VFIND.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\SWSC.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\SWREG.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\sed.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\grep.exe
2008-11-08 20:28:44 ----A---- C:\WINDOWS\fdsv.exe
2008-11-08 20:28:40 ----DC---- C:\Qoobox
2008-11-08 20:28:40 ----D---- C:\WINDOWS\ERDNT
2008-11-08 18:24:19 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\Download Manager
2008-11-08 18:07:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-11-08 17:37:10 ----D---- C:\Program Files\Yahoo!
2008-11-08 17:17:40 ----D---- C:\WINDOWS\Prefetch
2008-11-08 16:42:01 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\ParetoLogic
2008-11-08 16:41:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
2008-11-08 16:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-08 16:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-08 16:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-08 16:38:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-08 16:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-08 16:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-08 16:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-08 16:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-08 16:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-08 16:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-08 16:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-08 16:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-08 16:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-08 16:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-08 16:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 16:23:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-08 16:21:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-10-29 17:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-29 16:32:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-29 16:32:37 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-29 16:32:37 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-29 16:32:32 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-29 16:32:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-29 16:32:29 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-29 16:32:29 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-29 16:32:28 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-29 16:32:28 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-29 16:32:28 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-29 16:32:27 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-29 16:32:24 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-29 16:32:24 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-29 16:32:24 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-29 16:32:24 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-29 16:32:23 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-29 16:32:23 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-29 16:32:23 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-29 16:32:17 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-29 16:32:17 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-29 16:32:17 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-29 16:32:17 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-29 16:32:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-29 16:32:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-29 16:32:12 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-29 16:32:12 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-29 16:32:12 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-29 16:32:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-29 16:32:07 ----A---- C:\WINDOWS\003391_.tmp
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-29 16:32:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-29 16:32:05 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-29 16:32:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-29 16:32:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-29 16:32:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-29 16:32:03 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-29 16:32:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-29 16:32:00 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-29 16:31:56 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-18 15:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-18 15:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-18 14:33:46 ----D---- C:\Program Files\trend micro
2008-10-18 14:33:45 ----DC---- C:\rsit
2008-10-18 13:58:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-18 13:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-18 13:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-18 13:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-18 13:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-09-25 20:35:16 ----DC---- C:\Drivers
2008-09-25 20:35:16 ----A---- C:\WINDOWS\system32\SONYHCY.DLL
2008-09-25 20:34:13 ----DC---- C:\USB_DRV
2008-09-25 20:22:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-09-25 19:57:07 ----D---- C:\Program Files\DriverGuide DriverScan
2008-09-18 11:51:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-17 21:25:07 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-09-17 21:25:06 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-09-17 21:25:06 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-17 21:25:05 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-17 21:25:04 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-09-17 21:25:03 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-17 21:25:02 ----A---- C:\WINDOWS\system32\capicom.dll
2008-09-17 21:25:01 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-09-17 21:25:01 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-17 21:25:00 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-09-17 21:24:59 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-17 21:24:57 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-17 21:24:57 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-17 21:24:55 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-17 21:24:55 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-17 21:24:54 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-17 21:24:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-09-17 21:24:52 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-09-17 21:24:52 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-17 21:24:51 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-09-17 21:24:49 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-09-17 21:24:48 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-09-17 21:24:47 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-09-17 21:24:47 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-09-17 21:24:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-09-17 21:24:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-09-17 21:24:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-09-17 21:24:44 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-09-17 21:24:43 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-17 21:24:43 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-17 21:24:42 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-17 21:24:41 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-17 21:24:40 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-17 21:24:40 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-17 21:24:39 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-17 21:24:38 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-17 21:24:38 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-17 21:24:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-17 21:24:33 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-17 21:24:32 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-17 21:24:31 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-17 21:24:30 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-17 21:24:29 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-17 21:24:29 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-17 21:23:47 ----D---- C:\Program Files\Common Files\Logitech
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-09-17 21:23:39 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-09-17 21:21:27 ----D---- C:\WINDOWS\Logs
2008-09-10 15:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 15:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-07 16:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-07 16:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-07 16:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-07 16:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-07 16:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-07 16:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-07 16:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

======List of files/folders modified in the last 3 months======

2008-11-20 20:43:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 20:40:14 ----D---- C:\WINDOWS\system32
2008-11-20 20:40:13 ----D---- C:\WINDOWS
2008-11-20 20:38:12 ----AC---- C:\WINDOWS\system.ini
2008-11-20 20:37:46 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 20:37:45 ----D---- C:\WINDOWS\AppPatch
2008-11-20 20:37:45 ----D---- C:\Program Files\Common Files
2008-11-20 20:36:31 ----RHDC---- C:\$VAULT$.AVG
2008-11-20 20:24:26 ----D---- C:\WINDOWS\system32\Restore
2008-11-20 18:50:04 ----RD---- C:\Program Files
2008-11-20 18:45:07 ----SHD---- C:\WINDOWS\Installer
2008-11-20 18:32:21 ----HD---- C:\WINDOWS\inf
2008-11-20 18:31:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-20 18:31:18 ----D---- C:\Program Files\Logitech
2008-11-20 18:27:40 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-20 18:26:32 ----SD---- C:\WINDOWS\Tasks
2008-11-20 18:24:57 ----RSD---- C:\WINDOWS\Fonts
2008-11-20 18:24:53 ----HD---- C:\WINDOWS\ShellNew
2008-11-20 18:24:03 ----A---- C:\WINDOWS\ODBC.INI
2008-11-20 18:00:25 ----D---- C:\WINDOWS\twain_32
2008-11-20 18:00:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-20 17:59:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-08 21:12:10 ----D---- C:\WINDOWS\WinSxS
2008-11-08 20:33:52 ----D---- C:\WINDOWS\system32\config
2008-11-08 20:31:45 ----RASHC---- C:\boot.ini
2008-11-08 19:12:24 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-08 18:24:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 18:07:45 ----RHD---- C:\Documents and Settings\Andrew Lyburn\Application Data\yahoo!
2008-11-08 17:55:16 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\LimeWire
2008-11-08 17:52:25 ----D---- C:\WINDOWS\Debug
2008-11-08 17:19:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 17:16:52 ----D---- C:\WINDOWS\system32\Setup
2008-11-08 17:16:51 ----D---- C:\WINDOWS\system32\wbem
2008-11-08 17:15:33 ----D---- C:\WINDOWS\security
2008-11-08 16:38:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-08 16:37:27 ----D---- C:\Program Files\Messenger
2008-11-08 16:32:50 ----D---- C:\WINDOWS\network diagnostic
2008-11-08 16:32:49 ----D---- C:\WINDOWS\ime
2008-11-08 16:32:49 ----D---- C:\WINDOWS\Help
2008-11-08 16:32:36 ----D---- C:\WINDOWS\system32\usmt
2008-11-08 16:32:36 ----D---- C:\WINDOWS\system32\en-US
2008-11-08 16:32:35 ----D---- C:\WINDOWS\system32\scripting
2008-11-08 16:32:32 ----D---- C:\WINDOWS\l2schemas
2008-11-08 16:32:31 ----D---- C:\WINDOWS\system32\en
2008-11-08 16:32:31 ----D---- C:\WINDOWS\system32\bits
2008-11-08 16:32:31 ----D---- C:\WINDOWS\PeerNet
2008-11-08 16:32:30 ----D---- C:\Program Files\movie maker
2008-11-08 16:29:44 ----D---- C:\WINDOWS\system32\npp
2008-11-08 16:29:43 ----D---- C:\WINDOWS\msagent
2008-11-08 16:29:41 ----D---- C:\WINDOWS\srchasst
2008-11-08 16:29:40 ----D---- C:\WINDOWS\system32\Com
2008-11-08 16:29:19 ----D---- C:\WINDOWS\system32\oobe
2008-11-08 16:29:17 ----D---- C:\WINDOWS\system
2008-11-08 16:23:23 ----D---- C:\WINDOWS\ehome
2008-10-29 17:01:27 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-18 15:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-18 15:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-18 15:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-18 15:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-18 14:54:27 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\AVG7
2008-10-18 13:34:47 ----D---- C:\Program Files\internet explorer
2008-10-18 13:15:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 12:47:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-18 12:45:59 ----D---- C:\Program Files\a-squared Free
2008-10-18 12:45:39 ----D---- C:\Program Files\a-squared Anti-Dialer
2008-10-18 12:41:16 ----D---- C:\Documents and Settings\Andrew Lyburn\Application Data\Ahead
2008-10-18 12:40:55 ----AC---- C:\WINDOWS\system32\wpa.bak
2008-10-18 12:39:09 ----SHD---- C:\System Volume Information
2008-10-18 12:36:43 ----A---- C:\WINDOWS\WIN.INI
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 19:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-25 20:53:05 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-25 20:23:04 ----RSD---- C:\WINDOWS\assembly
2008-09-17 21:25:09 ----D---- C:\WINDOWS\system32\DirectX
2008-09-17 21:24:05 ----HD---- C:\WINDOWS\msdownld.tmp
2008-09-09 21:49:45 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-09-07 16:04:20 ----D---- C:\WINDOWS\ie7updates
2008-08-27 08:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 07:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 07:24:30 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 07:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 07:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 07:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 07:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 07:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 07:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 08:38:00 ----N---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 08:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 05:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-04-07 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-04-07 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-04-07 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-04-07 10760]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-03 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-11-03 2560]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-05-10 140416]
R1 nnrnstdi;nnrnstdi; C:\WINDOWS\system32\drivers\nnrnstdi.sys [2006-02-15 13312]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-05-10 198528]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-07 20747]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-04-07 4960]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-04-09 305100]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 RT73;Wireless-G USB Network Adapter with RangeBooster Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
R3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 epppdt;EPSON 1394.3 Class; C:\WINDOWS\system32\DRIVERS\epppdt.sys [2004-08-31 31269]
S3 epppdtpr;EPSON 1394.3 Printer Class; C:\WINDOWS\system32\DRIVERS\epppdtpr.sys [2003-08-19 14523]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\system32\DRIVERS\LVCD.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonyhcs;Sony Digital Imaging Video; C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-04-07 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-04-07 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-04-07 406528]
S2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe []
S2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe []
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe []
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe []
S2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe []
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Folder::
C:\Program Files\McAfee
c:\program files\common files\mcafee
Driver::
mcmscsvc
McNASvc
McODS
McProxy
McShield
McSysmon
MpfService
MSK80Service
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winampa]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


Are you knowingly using the Nielsen//NetRatings services?

 

Thanks, i did use the nielson/net ratings service but discontinued this some months ago? will post my results when i get home from work. Thanks for your swift reply.

 

Combofix asked to update but update failed? Did as you said, but AVG strated on the reboot initiated by combofix?

Would not let me save the note pad file as .txt only CFScript.

had to open combofix to drop the note pad file in.

Anyway this was the result hope it is what you wanted?

ComboFix 08-11-20.02 - Andrew Lyburn 2008-11-21 15:33:08.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1635 [GMT 0:00]
Running from: c:\documents and settings\Andrew Lyburn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Lyburn\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCMSCSVC
-------\Legacy_MCNASVC
-------\Legacy_MCODS
-------\Legacy_MCPROXY
-------\Legacy_MCSHIELD
-------\Legacy_MCSYSMON
-------\Legacy_MPFSERVICE
-------\Legacy_MSK80SERVICE
-------\Service_mcmscsvc
-------\Service_McNASvc
-------\Service_McODS
-------\Service_McProxy
-------\Service_McShield
-------\Service_McSysmon
-------\Service_MpfService
-------\Service_MSK80Service


((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-20 20:57 . 2008-11-20 20:57 1,393 --a------ c:\windows\imsins.BAK
2008-11-20 20:56 . 2008-11-20 20:56 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-20 18:45 . 2008-11-20 18:57 <DIR> d-------- c:\program files\Eraser
2008-11-20 18:45 . 2008-11-20 18:45 <DIR> d--h----- c:\documents and settings\All Users.WINDOWS\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-11-20 18:00 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-20 17:59 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-20 17:59 . 2008-11-20 17:59 272 --a------ c:\windows\_delis32.ini
2008-11-08 18:24 . 2008-11-08 18:40 <DIR> d-------- c:\documents and settings\Andrew Lyburn\Application Data\Download Manager
2008-11-08 18:07 . 2008-11-08 18:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-11-08 17:37 . 2008-11-08 17:37 <DIR> d-------- c:\program files\Yahoo!
2008-11-08 16:42 . 2008-11-08 16:42 <DIR> d-------- c:\documents and settings\Andrew Lyburn\Application Data\ParetoLogic
2008-11-08 16:41 . 2008-11-08 16:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ParetoLogic
2008-11-08 16:21 . 2008-11-08 16:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-10-29 16:31 . 2008-04-14 00:11 136,192 --------- c:\windows\system32\aaclient.dll
2008-10-29 16:26 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 20:48 --------- d-----w c:\program files\trend micro
2008-11-20 18:31 --------- d-----w c:\program files\Logitech
2008-11-20 18:27 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-20 18:00 --------- d-----w c:\program files\Common Files\Logitech
2008-11-08 19:09 --------- d-----w c:\program files\DriverGuide DriverScan
2008-11-08 18:07 --------- d--h--r c:\documents and settings\Andrew Lyburn\Application Data\yahoo!
2008-11-08 17:55 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\LimeWire
2008-10-29 17:01 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 14:54 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\AVG7
2008-10-18 13:58 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-10-18 12:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 12:45 --------- d-----w c:\program files\a-squared Free
2008-10-18 12:45 --------- d-----w c:\program files\a-squared Anti-Dialer
2008-10-18 12:41 --------- d-----w c:\documents and settings\Andrew Lyburn\Application Data\Ahead
2008-09-25 20:22 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-04-07 19:57 35,960,792 ----a-w c:\program files\avg75free_519a1276.exe
2008-01-26 20:51 4,496,904 ----a-w c:\program files\LimeWireWin.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_20.49.04.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 26,488 -c----w c:\windows\$NtUninstallKB951978$\spcustom.dll
+ 2007-11-30 12:39:22 17,272 -c----w c:\windows\$NtUninstallKB951978$\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951978$\spuninst.exe
+ 2007-11-30 12:39:18 755,576 -c----w c:\windows\$NtUninstallKB951978$\update.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951978$\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-20 20:56:37 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 1998-10-29 15:45:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 1998-10-29 17:45:06 306,688 ----a-w c:\windows\IsUninst.exe
- 2008-04-14 00:12:15 139,264 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-09 10:53:39 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-05-09 10:53:40 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2007-12-22 23:03:31 316,752 ----a-w c:\windows\system32\Eraser.dll
+ 2007-12-22 23:03:30 41,296 ----a-w c:\windows\system32\Eraserl.exe
+ 2007-12-22 23:03:33 91,472 ----a-w c:\windows\system32\Erasext.dll
- 2008-11-08 17:16:57 217,656 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-21 15:15:23 215,264 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-04-17 09:28:12 2,455,488 ------w c:\windows\system32\ieapfltr.dat
+ 2007-04-17 09:28:12 2,457,600 ------w c:\windows\system32\ieapfltr.dat
- 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 14:03:04 1,275,392 ------w c:\windows\system32\msxml4.dll
+ 2008-09-30 16:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-04-14 00:12:05 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 00:12:05 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:08 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2008-04-14 00:12:41 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 00:12:10 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-09-30 16:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 16:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-12-01 22:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 22:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 22:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 22:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 00:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 00:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 00:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 00:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 00:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 00:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 00:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 00:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 00:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"Eraser "= "c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"AVG7_CC "= "c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-29 590848]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-04-07 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis "= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

 

Looks like things went well. Lets get an online scan to see if we've missed anything. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

Thanks,

Have tried to download this online programme, it says i need Java 1.5 or later, have downloaded this version but it wont exract?

 

Try going here instead and do the online installation of the latest version. Once installed, try the Kaspersky scan again.

 

Hi,

Have done what you instructed and installed java, still getting the same window poping up when loading kaspersky? "You need to have java 1.5 or later "

 

First, lets clean up some temp files. Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ". I do recommend Cookies as well since the online scan I'm going to request generally picks up on a lot of them, making the log large.
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now, please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, it will begin scanning your computer
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-26 21:34:07
PROTECTIONS: 2
MALWARE: 15
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.0 No No
McAfee VirusScan Plus 12.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@advertising[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Cookies\andrew_lyburn@adrevolver[2].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{E6BCC73E-07BC-42F6-BAC1-F6E152D7C93B}\RP34\A0017805.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E6BCC73E-07BC-42F6-BAC1-F6E152D7C93B}\RP34\A0017793.sys
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Andrew Lyburn\Desktop\ComboFix.exe
03899070 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Downloaded Program Files\securelogin.ocx
04042355 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\{66268879-215C-4D5B-B197-1D9868339BAD}\Icon.exe
04042355 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\2090be3.msi[unk_0023]
;===================================================================================================================================================================================
SUSPECTS
Sent Location S
;===================================================================================================================================================================================
No C:\Documents and Settings\Andrew Lyburn\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] S
No C:\Documents and Settings\Andrew Lyburn\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] S
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description S
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Details of the selected infection are shown below. This infection can be detected and cleaned using Spyware Doctor.

Name: Adware.Advertising
Threat Level: Low

Description: Advertising companies store cookies on a user's computer to serve targeted ads based on the web surfers interests when visiting a website serving their ads.
Type: TT_Adware
Threat analysis: Search ThreatExpert to view reports
Removal: This infection can be removed using Spyware Doctor.


--------------------------------------------------------------------------------


At least one or more of the following fields may be indicated:

Name: the name of the specific infection, as presented in the database.
Also known as: other names by which this infection may be known.
Type: the category to which the infection belongs. Refer to the Glossary for further details on infection types.
Variant: the family of infections to which this infection belongs.
By: the vendor of this infection.
Threat: the threat level assigned to this infection.
Description: a more detailed description of the infection. If the information is available, technical aspects and symptoms of this infection are described here.

« Back

 

Nothing there of any consequence. Lets clean up now.
Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Run ATF Cleaner once again as previously described.

Provided there are no remaining issues, I'd say we're done.