ok, so i have window police pro and security tool on my comp, i found out haw to disable them to a degree, by seaching for and dellting to file manualy, so the pop up hell has stoped. but when itry to get in the internet the police pro eiter pops up saying the site is infected, or the exporler just closes completly.
i had malwarebytes up there but it quit on me, and when i tried to uninstall it the uninstaller told me that it couldn't remove the whole thing, when i found what it couldn't remove, i tried to delete it but got he 'access denied'. so i tried to reintall it but i refuses it will either not install, or if i'm lucky will install, but not let me run it. could the file that the uninstaller wasn't able to remove be part of what's keeping itfrom doing anything, or are the viruses still keeping the program from oppening?
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix when you've accomplished that.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post the log from ComboFix when you've accomplished that.
soz, for taking so long to reply, i've been abit busy @_@. i ran the combofix and here the log for it
ComboFix 09-10-22.01 - haldthin 10/23/2009 13:38.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.293 [GMT -4:00]
Running from: c:\documents and settings\haldthin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091021-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\04366625
c:\documents and settings\All Users.WINDOWS\Application Data\04366625\04366625.exe
c:\documents and settings\All Users.WINDOWS\Application Data\21057419
c:\documents and settings\All Users.WINDOWS\Application Data\21057419\21057419.exe
c:\documents and settings\All Users.WINDOWS\Application Data\82889742
c:\documents and settings\All Users.WINDOWS\Application Data\82889742\82889742.exe
c:\documents and settings\haldthin\My Documents\explorer.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\recycler\S-1-5-21-1935655697-688789844-839522115-1003
c:\recycler\S-1-5-21-2052111302-1606980848-854245398-500
c:\recycler\S-1-5-21-21432039-3053778661-2309289337-500
c:\recycler\S-1-5-21-2687977354-2252558561-2730237981-500
c:\recycler\S-1-5-21-3790826281-2234159470-2770162028-500
c:\recycler\S-1-5-21-4207565177-4025430598-859664102-500
c:\recycler\S-1-5-21-503084796-2794015284-1224490265-500
c:\recycler\S-1-5-21-698283945-2964530090-3242085064-500
c:\windows\system32\_005988_.tmp.dll
c:\windows\system32\_005989_.tmp.dll
c:\windows\system32\_005990_.tmp.dll
c:\windows\system32\_005991_.tmp.dll
c:\windows\system32\_005998_.tmp.dll
c:\windows\system32\_005999_.tmp.dll
c:\windows\system32\_006000_.tmp.dll
c:\windows\system32\_006001_.tmp.dll
c:\windows\system32\_006003_.tmp.dll
c:\windows\system32\_006004_.tmp.dll
c:\windows\system32\_006007_.tmp.dll
c:\windows\system32\_006008_.tmp.dll
c:\windows\system32\_006010_.tmp.dll
c:\windows\system32\_006011_.tmp.dll
c:\windows\system32\_006012_.tmp.dll
c:\windows\system32\_006014_.tmp.dll
c:\windows\system32\_006017_.tmp.dll
c:\windows\system32\_006018_.tmp.dll
c:\windows\system32\_006022_.tmp.dll
c:\windows\system32\_006023_.tmp.dll
c:\windows\system32\_006025_.tmp.dll
c:\windows\system32\_006028_.tmp.dll
c:\windows\system32\_006030_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006033_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006037_.tmp.dll
c:\windows\system32\_006038_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006040_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006048_.tmp.dll
c:\windows\system32\_006049_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\babopeni.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\biniyogi.dll
c:\windows\system32\boyepiyi.dll
c:\windows\system32\direlisa.dll
c:\windows\system32\dojanuju.exe
c:\windows\system32\dokanisu.exe
c:\windows\system32\gazepoli.exe
c:\windows\system32\geheyani.exe
c:\windows\system32\genobabe.dll
c:\windows\system32\gesewufi.exe
c:\windows\system32\hurufeho.dll
c:\windows\system32\jiwumaze.exe
c:\windows\system32\jonenuza.dll
c:\windows\system32\kedohugu.dll
c:\windows\system32\kiyerili.exe
c:\windows\system32\lesetate.exe
c:\windows\system32\levohaso.dll
c:\windows\system32\lewilipo.exe
c:\windows\system32\lodayija.exe
c:\windows\system32\lonafaze.exe
c:\windows\system32\lumoporo.exe
c:\windows\system32\lutovute.dll
c:\windows\system32\luvefeze.dll
c:\windows\system32\mijarupa.exe
c:\windows\system32\mufewulu.exe
c:\windows\system32\nabehiti.dll
c:\windows\system32\nahuvihi.dll
c:\windows\system32\nesahuku.exe
c:\windows\system32\neviwudu.exe
c:\windows\system32\nisuhaki.exe
c:\windows\system32\nuar.old
c:\windows\system32\pikumivu.dll
c:\windows\system32\raruwuze.dll
c:\windows\system32\remesije.exe
c:\windows\system32\rowisofi.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\skynet.dat
c:\windows\system32\sonidozo.exe
c:\windows\system32\tafiwizo.exe
c:\windows\system32\tatoluya.exe
c:\windows\system32\tesebuso.exe
c:\windows\system32\toborebu.exe
c:\windows\system32\tutepega.dll
c:\windows\system32\venaroyu.dll
c:\windows\system32\vudukipo.dll
c:\windows\system32\vunimana.dll
c:\windows\system32\vusegawu.dll
c:\windows\system32\wifirure.dll
c:\windows\system32\wopowupa.exe
c:\windows\system32\wuhisege.exe
c:\windows\system32\yuwelete.dll
c:\windows\system32\zafugiho.exe
c:\windows\system32\zagodowi.dll
c:\windows\system32\zayeboze.dll
c:\windows\system32\zevihami.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-21 15:50 . 2009-03-26 20:49 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 15:50 . 2009-03-26 20:49 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:00 . 2009-10-19 17:00 -------- d-----w- C:\found.000
2009-10-19 15:48 . 2009-10-23 17:45 -------- d-----w- c:\windows\system32\schtml
2009-10-19 15:44 . 2009-10-19 17:32 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:44 . 2009-10-19 17:32 2 ----a-w- c:\windows\wp3.dat
2009-10-19 15:43 . 2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
2009-10-18 18:23 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-18 18:23 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-18 18:23 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-18 18:23 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-18 18:23 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-18 18:23 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-18 18:23 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-18 18:23 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-18 18:23 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-18 18:23 . 2009-10-18 18:23 -------- d-----w- c:\program files\Alwil Software
2009-10-17 20:26 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\haldthin\Local Settings\Application Data\Threat Expert
2009-10-17 20:22 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-17 20:22 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-17 20:22 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-17 20:22 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-17 20:22 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-17 20:22 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-12 01:39 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 01:39 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 01:39 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-12 01:38 . 2009-10-12 01:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-12 01:38 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-12 01:38 . 2009-10-23 17:30 -------- d-----w- c:\program files\Spyware Doctor
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\haldthin\Application Data\PC Tools
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-10-01 04:56 . 2009-10-18 05:19 -------- d-----w- c:\program files\StepMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 17:31 . 2008-08-30 01:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-10-19 06:49 . 2007-11-16 17:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-19 06:07 . 2008-08-27 06:45 -------- d-----w- c:\documents and settings\haldthin\Application Data\LimeWire
2009-10-19 06:02 . 2009-01-24 11:32 -------- d-----w- c:\program files\Google
2009-10-19 05:34 . 2008-02-02 21:00 -------- d-----w- c:\program files\CallWave
2009-10-18 19:28 . 2009-02-03 18:18 -------- d-----w- c:\documents and settings\haldthin\Application Data\gtk-2.0
2009-10-17 23:45 . 2009-09-05 17:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-10-06 16:30 . 2009-09-18 17:16 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-09-22 20:34 . 2008-08-14 23:51 -------- d-----w- c:\program files\LimeWire
2009-09-18 19:15 . 2008-08-30 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2009-09-18 17:13 . 2008-08-30 01:31 -------- d-----w- c:\program files\bfgclient
2009-09-16 07:20 . 2009-10-17 20:16 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-17 20:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-17 20:16 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-17 20:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-12 04:08 . 2009-09-12 04:08 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 12:14 . 2009-03-20 15:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\program files\Furcadia
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Dragon's Eye Productions
2009-09-06 13:57 . 2009-09-05 17:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-06 13:57 . 2009-09-05 17:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-06 13:56 . 2009-09-05 17:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-05 17:49 . 2005-02-07 21:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 17:19 . 2009-09-05 17:19 -------- d-----w- c:\program files\AVG
2009-09-05 17:10 . 2008-02-04 08:04 68336 ----a-w- c:\documents and settings\haldthin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\MSBuild
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-09-05 04:50 . 2009-09-05 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2009-08-06 23:24 . 2007-11-16 14:16 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-07-31 00:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-11-16 14:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-11-16 14:16 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-11-15 20:29 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-11-16 14:16 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-19 15:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-19 15:50 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2007-11-15 20:29 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2007-11-16 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-08-30 01:32 . 2008-08-30 01:32 0 ----a-w- c:\program files\temp01
2009-07-18 03:41 . 2009-07-18 03:41 3 --sha-w- c:\windows\system32\jirohowu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\haldthin\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2008-2-2 1940544]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2008-8-14 217088]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/5/2009 1:21 PM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/11/2009 9:39 PM 207280]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/5/2009 1:19 PM 108552]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/11/2009 9:38 PM 358600]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/18/2009 2:23 PM 114768]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/5/2009 1:19 PM 335240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/18/2009 2:23 PM 20560]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2009 9:56 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 9:57 AM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/17/2009 4:22 PM 112592]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 11:22 AM 55152]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [4/2/2009 2:19 AM 65596]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [4/2/2009 2:20 AM 198144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-10-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{111a369a-8f64-45b9-ab95-923f2a55a236} - venaroyu.dll
Toolbar-{7B49307E-C0BC-4B91-8CB4-C0520E24A5E6} - c:\windows\system32\winqa75.dll
WebBrowser-{7B49307E-C0BC-4B91-8CB4-C0520E24A5E6} - c:\windows\system32\winqa75.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-82055727 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\82055727\82055727.exe
HKLM-Run-21057419 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\21057419\21057419.exe
HKLM-Run-04366625 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\04366625\04366625.exe
HKLM-Run-82889742 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\82889742\82889742.exe
HKLM-Run-bewedulis - c:\windows\system32\wifirure.dll
HKLM-Run-nokohalebe - babopeni.dll
HKLM-RunOnce-<NO NAME> - (no file)
SharedTaskScheduler-{abe3b2c9-ae3e-42bf-b86b-aef79d47ff4f} - c:\windows\system32\zayuposu.dll
SharedTaskScheduler-{19cc482d-18b8-446c-8a82-7de24ae811b7} - c:\windows\system32\hodejeti.dll
SharedTaskScheduler-{258339c0-9bce-4a90-85f3-a10564e3d0d3} - c:\windows\system32\hodejeti.dll
SharedTaskScheduler-{f160919b-99fa-44f5-95a6-00d335f1eb9e} - c:\windows\system32\yosohede.dll
SharedTaskScheduler-{3cd455ab-f66a-4eb5-bc32-8b90141d885d} - c:\windows\system32\demihete.dll
SharedTaskScheduler-{76877c57-2b60-4505-a74c-527a95d0b257} - c:\windows\system32\demihete.dll
SharedTaskScheduler-{15d9f7cc-925d-4510-be95-d936871c3346} - c:\windows\system32\wifirure.dll
SSODL-dukekisup-{abe3b2c9-ae3e-42bf-b86b-aef79d47ff4f} - c:\windows\system32\zayuposu.dll
SSODL-kavavumik-{19cc482d-18b8-446c-8a82-7de24ae811b7} - c:\windows\system32\hodejeti.dll
SSODL-jiniwarij-{258339c0-9bce-4a90-85f3-a10564e3d0d3} - c:\windows\system32\hodejeti.dll
SSODL-tigozawev-{f160919b-99fa-44f5-95a6-00d335f1eb9e} - c:\windows\system32\yosohede.dll
SSODL-dabigiwiz-{3cd455ab-f66a-4eb5-bc32-8b90141d885d} - c:\windows\system32\demihete.dll
SSODL-siworovef-{76877c57-2b60-4505-a74c-527a95d0b257} - c:\windows\system32\demihete.dll
SSODL-zinifiken-{15d9f7cc-925d-4510-be95-d936871c3346} - c:\windows\system32\wifirure.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-embarqtoolbar - c:\program files\embarqtoolbar\uninstall.exe
AddRemove-HijackThis - c:\documents and settings\haldthin\My Documents\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 13:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Windows Media Player\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\combofix\CF31470.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 17:53
Pre-Run: 17,549,766,656 bytes free
Post-Run: 19,946,287,104 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - D311F6F67D8587473E38991F615FE4DC
ComboFix 09-10-22.01 - haldthin 10/23/2009 13:38.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.293 [GMT -4:00]
Running from: c:\documents and settings\haldthin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091021-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\04366625
c:\documents and settings\All Users.WINDOWS\Application Data\04366625\04366625.exe
c:\documents and settings\All Users.WINDOWS\Application Data\21057419
c:\documents and settings\All Users.WINDOWS\Application Data\21057419\21057419.exe
c:\documents and settings\All Users.WINDOWS\Application Data\82889742
c:\documents and settings\All Users.WINDOWS\Application Data\82889742\82889742.exe
c:\documents and settings\haldthin\My Documents\explorer.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\recycler\S-1-5-21-1935655697-688789844-839522115-1003
c:\recycler\S-1-5-21-2052111302-1606980848-854245398-500
c:\recycler\S-1-5-21-21432039-3053778661-2309289337-500
c:\recycler\S-1-5-21-2687977354-2252558561-2730237981-500
c:\recycler\S-1-5-21-3790826281-2234159470-2770162028-500
c:\recycler\S-1-5-21-4207565177-4025430598-859664102-500
c:\recycler\S-1-5-21-503084796-2794015284-1224490265-500
c:\recycler\S-1-5-21-698283945-2964530090-3242085064-500
c:\windows\system32\_005988_.tmp.dll
c:\windows\system32\_005989_.tmp.dll
c:\windows\system32\_005990_.tmp.dll
c:\windows\system32\_005991_.tmp.dll
c:\windows\system32\_005998_.tmp.dll
c:\windows\system32\_005999_.tmp.dll
c:\windows\system32\_006000_.tmp.dll
c:\windows\system32\_006001_.tmp.dll
c:\windows\system32\_006003_.tmp.dll
c:\windows\system32\_006004_.tmp.dll
c:\windows\system32\_006007_.tmp.dll
c:\windows\system32\_006008_.tmp.dll
c:\windows\system32\_006010_.tmp.dll
c:\windows\system32\_006011_.tmp.dll
c:\windows\system32\_006012_.tmp.dll
c:\windows\system32\_006014_.tmp.dll
c:\windows\system32\_006017_.tmp.dll
c:\windows\system32\_006018_.tmp.dll
c:\windows\system32\_006022_.tmp.dll
c:\windows\system32\_006023_.tmp.dll
c:\windows\system32\_006025_.tmp.dll
c:\windows\system32\_006028_.tmp.dll
c:\windows\system32\_006030_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006033_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006037_.tmp.dll
c:\windows\system32\_006038_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006040_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006048_.tmp.dll
c:\windows\system32\_006049_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\babopeni.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\biniyogi.dll
c:\windows\system32\boyepiyi.dll
c:\windows\system32\direlisa.dll
c:\windows\system32\dojanuju.exe
c:\windows\system32\dokanisu.exe
c:\windows\system32\gazepoli.exe
c:\windows\system32\geheyani.exe
c:\windows\system32\genobabe.dll
c:\windows\system32\gesewufi.exe
c:\windows\system32\hurufeho.dll
c:\windows\system32\jiwumaze.exe
c:\windows\system32\jonenuza.dll
c:\windows\system32\kedohugu.dll
c:\windows\system32\kiyerili.exe
c:\windows\system32\lesetate.exe
c:\windows\system32\levohaso.dll
c:\windows\system32\lewilipo.exe
c:\windows\system32\lodayija.exe
c:\windows\system32\lonafaze.exe
c:\windows\system32\lumoporo.exe
c:\windows\system32\lutovute.dll
c:\windows\system32\luvefeze.dll
c:\windows\system32\mijarupa.exe
c:\windows\system32\mufewulu.exe
c:\windows\system32\nabehiti.dll
c:\windows\system32\nahuvihi.dll
c:\windows\system32\nesahuku.exe
c:\windows\system32\neviwudu.exe
c:\windows\system32\nisuhaki.exe
c:\windows\system32\nuar.old
c:\windows\system32\pikumivu.dll
c:\windows\system32\raruwuze.dll
c:\windows\system32\remesije.exe
c:\windows\system32\rowisofi.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\skynet.dat
c:\windows\system32\sonidozo.exe
c:\windows\system32\tafiwizo.exe
c:\windows\system32\tatoluya.exe
c:\windows\system32\tesebuso.exe
c:\windows\system32\toborebu.exe
c:\windows\system32\tutepega.dll
c:\windows\system32\venaroyu.dll
c:\windows\system32\vudukipo.dll
c:\windows\system32\vunimana.dll
c:\windows\system32\vusegawu.dll
c:\windows\system32\wifirure.dll
c:\windows\system32\wopowupa.exe
c:\windows\system32\wuhisege.exe
c:\windows\system32\yuwelete.dll
c:\windows\system32\zafugiho.exe
c:\windows\system32\zagodowi.dll
c:\windows\system32\zayeboze.dll
c:\windows\system32\zevihami.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-21 15:50 . 2009-03-26 20:49 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 15:50 . 2009-03-26 20:49 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:00 . 2009-10-19 17:00 -------- d-----w- C:\found.000
2009-10-19 15:48 . 2009-10-23 17:45 -------- d-----w- c:\windows\system32\schtml
2009-10-19 15:44 . 2009-10-19 17:32 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:44 . 2009-10-19 17:32 2 ----a-w- c:\windows\wp3.dat
2009-10-19 15:43 . 2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
2009-10-18 18:23 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-18 18:23 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-18 18:23 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-18 18:23 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-18 18:23 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-18 18:23 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-18 18:23 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-18 18:23 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-18 18:23 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-18 18:23 . 2009-10-18 18:23 -------- d-----w- c:\program files\Alwil Software
2009-10-17 20:26 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\haldthin\Local Settings\Application Data\Threat Expert
2009-10-17 20:22 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-17 20:22 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-17 20:22 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-17 20:22 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-17 20:22 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-17 20:22 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-12 01:39 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 01:39 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 01:39 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-12 01:38 . 2009-10-12 01:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-12 01:38 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-12 01:38 . 2009-10-23 17:30 -------- d-----w- c:\program files\Spyware Doctor
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\haldthin\Application Data\PC Tools
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-10-01 04:56 . 2009-10-18 05:19 -------- d-----w- c:\program files\StepMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 17:31 . 2008-08-30 01:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-10-19 06:49 . 2007-11-16 17:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-19 06:07 . 2008-08-27 06:45 -------- d-----w- c:\documents and settings\haldthin\Application Data\LimeWire
2009-10-19 06:02 . 2009-01-24 11:32 -------- d-----w- c:\program files\Google
2009-10-19 05:34 . 2008-02-02 21:00 -------- d-----w- c:\program files\CallWave
2009-10-18 19:28 . 2009-02-03 18:18 -------- d-----w- c:\documents and settings\haldthin\Application Data\gtk-2.0
2009-10-17 23:45 . 2009-09-05 17:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-10-06 16:30 . 2009-09-18 17:16 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-09-22 20:34 . 2008-08-14 23:51 -------- d-----w- c:\program files\LimeWire
2009-09-18 19:15 . 2008-08-30 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2009-09-18 17:13 . 2008-08-30 01:31 -------- d-----w- c:\program files\bfgclient
2009-09-16 07:20 . 2009-10-17 20:16 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-17 20:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-17 20:16 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-17 20:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-12 04:08 . 2009-09-12 04:08 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 12:14 . 2009-03-20 15:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\program files\Furcadia
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Dragon's Eye Productions
2009-09-06 13:57 . 2009-09-05 17:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-06 13:57 . 2009-09-05 17:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-06 13:56 . 2009-09-05 17:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-05 17:49 . 2005-02-07 21:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 17:19 . 2009-09-05 17:19 -------- d-----w- c:\program files\AVG
2009-09-05 17:10 . 2008-02-04 08:04 68336 ----a-w- c:\documents and settings\haldthin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\MSBuild
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-09-05 04:50 . 2009-09-05 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2009-08-06 23:24 . 2007-11-16 14:16 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-07-31 00:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-11-16 14:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-11-16 14:16 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-11-15 20:29 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-11-16 14:16 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-19 15:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-19 15:50 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2007-11-15 20:29 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2007-11-16 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-08-30 01:32 . 2008-08-30 01:32 0 ----a-w- c:\program files\temp01
2009-07-18 03:41 . 2009-07-18 03:41 3 --sha-w- c:\windows\system32\jirohowu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\haldthin\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2008-2-2 1940544]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2008-8-14 217088]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/5/2009 1:21 PM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/11/2009 9:39 PM 207280]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/5/2009 1:19 PM 108552]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/11/2009 9:38 PM 358600]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/18/2009 2:23 PM 114768]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/5/2009 1:19 PM 335240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/18/2009 2:23 PM 20560]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2009 9:56 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 9:57 AM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/17/2009 4:22 PM 112592]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 11:22 AM 55152]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [4/2/2009 2:19 AM 65596]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [4/2/2009 2:20 AM 198144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-10-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{111a369a-8f64-45b9-ab95-923f2a55a236} - venaroyu.dll
Toolbar-{7B49307E-C0BC-4B91-8CB4-C0520E24A5E6} - c:\windows\system32\winqa75.dll
WebBrowser-{7B49307E-C0BC-4B91-8CB4-C0520E24A5E6} - c:\windows\system32\winqa75.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-82055727 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\82055727\82055727.exe
HKLM-Run-21057419 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\21057419\21057419.exe
HKLM-Run-04366625 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\04366625\04366625.exe
HKLM-Run-82889742 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\82889742\82889742.exe
HKLM-Run-bewedulis - c:\windows\system32\wifirure.dll
HKLM-Run-nokohalebe - babopeni.dll
HKLM-RunOnce-<NO NAME> - (no file)
SharedTaskScheduler-{abe3b2c9-ae3e-42bf-b86b-aef79d47ff4f} - c:\windows\system32\zayuposu.dll
SharedTaskScheduler-{19cc482d-18b8-446c-8a82-7de24ae811b7} - c:\windows\system32\hodejeti.dll
SharedTaskScheduler-{258339c0-9bce-4a90-85f3-a10564e3d0d3} - c:\windows\system32\hodejeti.dll
SharedTaskScheduler-{f160919b-99fa-44f5-95a6-00d335f1eb9e} - c:\windows\system32\yosohede.dll
SharedTaskScheduler-{3cd455ab-f66a-4eb5-bc32-8b90141d885d} - c:\windows\system32\demihete.dll
SharedTaskScheduler-{76877c57-2b60-4505-a74c-527a95d0b257} - c:\windows\system32\demihete.dll
SharedTaskScheduler-{15d9f7cc-925d-4510-be95-d936871c3346} - c:\windows\system32\wifirure.dll
SSODL-dukekisup-{abe3b2c9-ae3e-42bf-b86b-aef79d47ff4f} - c:\windows\system32\zayuposu.dll
SSODL-kavavumik-{19cc482d-18b8-446c-8a82-7de24ae811b7} - c:\windows\system32\hodejeti.dll
SSODL-jiniwarij-{258339c0-9bce-4a90-85f3-a10564e3d0d3} - c:\windows\system32\hodejeti.dll
SSODL-tigozawev-{f160919b-99fa-44f5-95a6-00d335f1eb9e} - c:\windows\system32\yosohede.dll
SSODL-dabigiwiz-{3cd455ab-f66a-4eb5-bc32-8b90141d885d} - c:\windows\system32\demihete.dll
SSODL-siworovef-{76877c57-2b60-4505-a74c-527a95d0b257} - c:\windows\system32\demihete.dll
SSODL-zinifiken-{15d9f7cc-925d-4510-be95-d936871c3346} - c:\windows\system32\wifirure.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-embarqtoolbar - c:\program files\embarqtoolbar\uninstall.exe
AddRemove-HijackThis - c:\documents and settings\haldthin\My Documents\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 13:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Windows Media Player\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\combofix\CF31470.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 17:53
Pre-Run: 17,549,766,656 bytes free
Post-Run: 19,946,287,104 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - D311F6F67D8587473E38991F615FE4DC
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
QUOTE
File::
c:\windows\system32\schtml
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\plugie.dll
c:\windows\system32\jirohowu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
c:\windows\system32\schtml
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\plugie.dll
c:\windows\system32\jirohowu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
ran the combofix again and is running the hijackthis now
combofix: ComboFix 09-10-22.01 - haldthin 10/23/2009 14:45.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.336 [GMT -4:00]
Running from: c:\documents and settings\haldthin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\haldthin\Desktop\CFScript.lnk
AV: avast! antivirus 4.8.1356 [VPS 091021-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\schtml
.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-21 15:50 . 2009-03-26 20:49 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 15:50 . 2009-03-26 20:49 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:00 . 2009-10-19 17:00 -------- d-----w- C:\found.000
2009-10-19 15:44 . 2009-10-19 17:32 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:44 . 2009-10-19 17:32 2 ----a-w- c:\windows\wp3.dat
2009-10-19 15:43 . 2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
2009-10-18 18:23 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-18 18:23 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-18 18:23 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-18 18:23 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-18 18:23 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-18 18:23 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-18 18:23 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-18 18:23 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-18 18:23 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-18 18:23 . 2009-10-18 18:23 -------- d-----w- c:\program files\Alwil Software
2009-10-17 20:26 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\haldthin\Local Settings\Application Data\Threat Expert
2009-10-17 20:22 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-17 20:22 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-17 20:22 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-17 20:22 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-17 20:22 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-17 20:22 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-12 01:39 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 01:39 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 01:39 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-12 01:38 . 2009-10-12 01:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-12 01:38 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-12 01:38 . 2009-10-23 18:38 -------- d-----w- c:\program files\Spyware Doctor
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\haldthin\Application Data\PC Tools
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-10-01 04:56 . 2009-10-18 05:19 -------- d-----w- c:\program files\StepMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:39 . 2008-08-30 01:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-10-19 06:49 . 2007-11-16 17:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-19 06:07 . 2008-08-27 06:45 -------- d-----w- c:\documents and settings\haldthin\Application Data\LimeWire
2009-10-19 06:02 . 2009-01-24 11:32 -------- d-----w- c:\program files\Google
2009-10-19 05:34 . 2008-02-02 21:00 -------- d-----w- c:\program files\CallWave
2009-10-18 19:28 . 2009-02-03 18:18 -------- d-----w- c:\documents and settings\haldthin\Application Data\gtk-2.0
2009-10-17 23:45 . 2009-09-05 17:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-10-06 16:30 . 2009-09-18 17:16 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-09-22 20:34 . 2008-08-14 23:51 -------- d-----w- c:\program files\LimeWire
2009-09-18 19:15 . 2008-08-30 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2009-09-18 17:13 . 2008-08-30 01:31 -------- d-----w- c:\program files\bfgclient
2009-09-16 07:20 . 2009-10-17 20:16 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-17 20:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-17 20:16 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-17 20:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-12 04:08 . 2009-09-12 04:08 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 12:14 . 2009-03-20 15:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\program files\Furcadia
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Dragon's Eye Productions
2009-09-06 13:57 . 2009-09-05 17:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-06 13:57 . 2009-09-05 17:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-06 13:56 . 2009-09-05 17:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-05 17:49 . 2005-02-07 21:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 17:19 . 2009-09-05 17:19 -------- d-----w- c:\program files\AVG
2009-09-05 17:10 . 2008-02-04 08:04 68336 ----a-w- c:\documents and settings\haldthin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\MSBuild
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-09-05 04:50 . 2009-09-05 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2009-08-06 23:24 . 2007-11-16 14:16 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-07-31 00:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-11-16 14:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-11-16 14:16 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-11-15 20:29 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-11-16 14:16 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-19 15:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-19 15:50 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2007-11-15 20:29 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2007-11-16 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-08-30 01:32 . 2008-08-30 01:32 0 ----a-w- c:\program files\temp01
2009-07-18 03:41 . 2009-07-18 03:41 3 --sha-w- c:\windows\system32\jirohowu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\haldthin\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2008-2-2 1940544]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2008-8-14 217088]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/5/2009 1:21 PM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/11/2009 9:39 PM 207280]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/5/2009 1:19 PM 108552]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/18/2009 2:23 PM 114768]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/5/2009 1:19 PM 335240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/18/2009 2:23 PM 20560]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2009 9:56 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 9:57 AM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/17/2009 4:22 PM 112592]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 11:22 AM 55152]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [4/2/2009 2:19 AM 65596]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/11/2009 9:38 PM 358600]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [4/2/2009 2:20 AM 198144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-10-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 14:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-23 14:53
ComboFix-quarantined-files.txt 2009-10-23 18:53
ComboFix2.txt 2009-10-23 17:53
Pre-Run: 19,946,848,256 bytes free
Post-Run: 19,937,509,376 bytes free
- - End Of File - - 33C42EAFDAFFB959FDE995C25392F02E
_________________________
hijack this: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:18 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\haldthin\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ADC PlugIn - {77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - C:\WINDOWS\system32\plugie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: EMBARQ Help.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195222139310
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
--
End of file - 10167 bytes
combofix: ComboFix 09-10-22.01 - haldthin 10/23/2009 14:45.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.336 [GMT -4:00]
Running from: c:\documents and settings\haldthin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\haldthin\Desktop\CFScript.lnk
AV: avast! antivirus 4.8.1356 [VPS 091021-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\schtml
.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-21 15:50 . 2009-03-26 20:49 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 15:50 . 2009-03-26 20:49 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:00 . 2009-10-19 17:00 -------- d-----w- C:\found.000
2009-10-19 15:44 . 2009-10-19 17:32 58 ----a-w- c:\windows\wp4.dat
2009-10-19 15:44 . 2009-10-19 17:32 2 ----a-w- c:\windows\wp3.dat
2009-10-19 15:43 . 2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
2009-10-18 18:23 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-18 18:23 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-18 18:23 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-18 18:23 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-18 18:23 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-18 18:23 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-18 18:23 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-18 18:23 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-18 18:23 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-18 18:23 . 2009-10-18 18:23 -------- d-----w- c:\program files\Alwil Software
2009-10-17 20:26 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\haldthin\Local Settings\Application Data\Threat Expert
2009-10-17 20:22 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-17 20:22 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-17 20:22 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2009-10-17 20:22 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-17 20:22 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-17 20:22 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-12 01:39 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-12 01:39 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-12 01:39 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-12 01:38 . 2009-10-12 01:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-12 01:38 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-12 01:38 . 2009-10-23 18:38 -------- d-----w- c:\program files\Spyware Doctor
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\haldthin\Application Data\PC Tools
2009-10-12 01:38 . 2009-10-12 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2009-10-01 04:56 . 2009-10-18 05:19 -------- d-----w- c:\program files\StepMania
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 18:39 . 2008-08-30 01:33 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-10-19 06:49 . 2007-11-16 17:10 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-19 06:07 . 2008-08-27 06:45 -------- d-----w- c:\documents and settings\haldthin\Application Data\LimeWire
2009-10-19 06:02 . 2009-01-24 11:32 -------- d-----w- c:\program files\Google
2009-10-19 05:34 . 2008-02-02 21:00 -------- d-----w- c:\program files\CallWave
2009-10-18 19:28 . 2009-02-03 18:18 -------- d-----w- c:\documents and settings\haldthin\Application Data\gtk-2.0
2009-10-17 23:45 . 2009-09-05 17:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-10-06 16:30 . 2009-09-18 17:16 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-09-22 20:34 . 2008-08-14 23:51 -------- d-----w- c:\program files\LimeWire
2009-09-18 19:15 . 2008-08-30 01:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2009-09-18 17:13 . 2008-08-30 01:31 -------- d-----w- c:\program files\bfgclient
2009-09-16 07:20 . 2009-10-17 20:16 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-17 20:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-17 20:16 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-17 20:16 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-12 04:08 . 2009-09-12 04:08 -------- d-----w- c:\program files\GIMP-2.0
2009-09-10 12:14 . 2009-03-20 15:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\program files\Furcadia
2009-09-08 06:36 . 2009-02-05 23:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Dragon's Eye Productions
2009-09-06 13:57 . 2009-09-05 17:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-06 13:57 . 2009-09-05 17:21 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-06 13:57 . 2009-09-05 17:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-06 13:56 . 2009-09-05 17:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-05 17:49 . 2005-02-07 21:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-05 17:19 . 2009-09-05 17:19 -------- d-----w- c:\program files\AVG
2009-09-05 17:10 . 2008-02-04 08:04 68336 ----a-w- c:\documents and settings\haldthin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\MSBuild
2009-09-05 07:33 . 2009-09-05 07:33 -------- d-----w- c:\program files\Reference Assemblies
2009-09-05 04:50 . 2009-09-05 04:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F-Secure
2009-08-06 23:24 . 2007-11-16 14:16 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-07-31 00:19 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-11-16 14:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-11-16 14:16 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-11-15 20:29 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2001-08-18 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-11-16 14:16 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-04-19 15:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-19 15:50 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2007-11-15 20:29 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2007-11-16 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2008-08-30 01:32 . 2008-08-30 01:32 0 ----a-w- c:\program files\temp01
2009-07-18 03:41 . 2009-07-18 03:41 3 --sha-w- c:\windows\system32\jirohowu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
2009-10-19 17:25 559104 ----a-w- c:\windows\system32\plugie.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\haldthin\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-6-18 147456]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CallWave.lnk - c:\program files\CallWave\IAM.exe [2008-2-2 1940544]
EMBARQ Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2008-8-14 217088]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-06 13:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/5/2009 1:21 PM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/11/2009 9:39 PM 207280]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/5/2009 1:19 PM 108552]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/18/2009 2:23 PM 114768]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/5/2009 1:19 PM 335240]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/18/2009 2:23 PM 20560]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/6/2009 9:56 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 9:57 AM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/17/2009 4:22 PM 112592]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 11:22 AM 55152]
S2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [4/2/2009 2:19 AM 65596]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\haldthin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS --> c:\windows\system32\DRIVERS\MOSUMAC.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/11/2009 9:38 PM 358600]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [4/2/2009 2:20 AM 198144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2009-10-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 14:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-23 14:53
ComboFix-quarantined-files.txt 2009-10-23 18:53
ComboFix2.txt 2009-10-23 17:53
Pre-Run: 19,946,848,256 bytes free
Post-Run: 19,937,509,376 bytes free
- - End Of File - - 33C42EAFDAFFB959FDE995C25392F02E
_________________________
hijack this: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:18 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\haldthin\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ADC PlugIn - {77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02} - C:\WINDOWS\system32\plugie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~1\EMBARQ~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: EMBARQ Help.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195222139310
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
--
End of file - 10167 bytes
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
QUOTE
File::
C:\found.000
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\plugie.dll
c:\windows\system32\jirohowu.dll
Folder::
c:\program files\temp01
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
Renv::
C:\found.000
c:\windows\wp4.dat
c:\windows\wp3.dat
c:\windows\system32\plugie.dll
c:\windows\system32\jirohowu.dll
Folder::
c:\program files\temp01
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77DC0B63-ff35-4ba9-8BE8-aa9EB676FA02}]
Renv::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log that is made in normal mode.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.