Jump to content

dirkvictor

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. During the scans I turned off avast as I was not sure if it would interfere with the scans I turned it back on.
  2. Thanks, Here are the reports Mbam log Malwarebytes' Anti-Malware 1.41 Database version: 2954 Windows 5.1.2600 Service Pack 3 10/13/2009 11:25:51 AM mbam-log-2009-10-13 (11-25-51).txt Scan type: Quick Scan Objects scanned: 110767 Time elapsed: 3 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------ DDS.txt DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 11:26:25.98 on Tue 10/13/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.117 [GMT -5:00] AV: avast! antivirus 4.8.1356 [VPS 091012-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\windows\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\windows\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\windows\System32\svchost.exe -k HTTPFilter C:\windows\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\AGRSMMSG.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\ALCXMNTR.EXE C:\Program Files\CyberLink\PowerVCRII\Agent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\windows\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\windows\system32\ctfmon.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe C:\windows\system32\Macromed\Flash\GetFlash.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\wscntfy.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [VTTimer] VTTimer.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Agent] c:\program files\cyberlink\powervcrii\Agent.exe mRun: [Remote_Agent] c:\program files\cyberlink\powervcrii\RemoteAgent.exe mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033 mRun: [GhostStartTrayApp] c:\program files\symantec\norton ghost 2003\GhostStartTrayApp.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvremo~1.lnk - c:\program files\msi\tv@anywhere utilities\P3XRCtl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.21 v1.30\WlanCU.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158074556546 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxsrvc.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\f1hgwmat.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-11 114768] R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-11 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-11 138680] R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-9-15 686080] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-11 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-11 352920] S3 CX88XBAR;ASUS TV880 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2006-9-12 9846] =============== Created Last 30 ================ 2009-10-11 15:36 <DIR> --d----- c:\windows\system32\Adobe 2009-10-11 15:34 <DIR> --dsh--- c:\documents and settings\compaq_owner\PrivacIE 2009-10-11 13:25 66 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat 2009-10-11 13:22 <DIR> --dsh--- c:\documents and settings\compaq_owner\IETldCache 2009-10-11 05:06 100,352 -------- c:\windows\system32\dllcache\iecompat.dll 2009-10-11 05:06 <DIR> --d----- c:\windows\ie8updates 2009-10-11 05:06 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-10-11 05:06 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll 2009-10-11 05:06 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll 2009-10-11 05:06 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-10-11 05:06 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-11 05:06 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll 2009-10-11 05:05 <DIR> -cd-h--- c:\windows\ie8 2009-10-11 04:57 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-10-11 04:37 <DIR> --d----- c:\windows\system32\scripting 2009-10-11 04:37 <DIR> --d----- c:\windows\system32\en 2009-10-11 04:37 <DIR> --d----- c:\windows\l2schemas 2009-10-11 04:37 <DIR> --d----- c:\windows\system32\bits 2009-10-11 04:29 <DIR> --d----- c:\docume~1\compaq~1\applic~1\JAM Software 2009-10-11 04:29 <DIR> --d----- c:\program files\JAM Software 2009-10-11 04:28 <DIR> --d----- c:\windows\network diagnostic 2009-10-11 04:14 <DIR> --d----- c:\windows\EHome 2009-10-11 03:47 <DIR> --d----- c:\windows\system32\XPSViewer 2009-10-11 03:47 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-10-11 03:47 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-11 03:47 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-11 03:47 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-10-11 03:47 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-11 03:47 117,760 -------- c:\windows\system32\prntvpt.dll 2009-10-11 03:47 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-11 03:47 <DIR> --d----- C:\5deb9c864e3d64f3a7da8c343a0f 2009-10-11 03:44 <DIR> --d----- c:\program files\MSXML 6.0 2009-10-11 03:43 <DIR> --d----- c:\program files\MSXML 4.0 2009-10-11 03:39 <DIR> --d----- c:\program files\KingsIsle Entertainment 2009-10-11 03:37 69,120 -------- c:\windows\system32\wlanapi.dll 2009-10-11 03:37 25,471 -------- c:\windows\system32\drivers\watv10nt.sys 2009-10-11 03:37 22,271 -------- c:\windows\system32\drivers\watv06nt.sys 2009-10-11 03:37 11,935 -------- c:\windows\system32\drivers\wadv11nt.sys 2009-10-11 03:37 11,871 -------- c:\windows\system32\drivers\wadv09nt.sys 2009-10-11 03:37 11,807 -------- c:\windows\system32\drivers\wadv07nt.sys 2009-10-11 03:37 11,295 -------- c:\windows\system32\drivers\wadv08nt.sys 2009-10-11 03:35 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-11 03:34 37,376 -------- c:\windows\system32\l2gpstore.dll 2009-10-11 03:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-11 03:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-11 03:19 186,592 a------- c:\windows\system32\drivers\windrvr6.sys 2009-10-11 03:19 <DIR> --d----- c:\program files\U.B. Funkeys 2009-10-11 03:02 <DIR> --d----- c:\windows\ServicePackFiles 2009-10-11 02:53 <DIR> --d----- c:\program files\Steam 2009-10-11 02:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys 2009-10-11 02:52 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-11 02:43 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes 2009-10-11 02:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-11 02:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-11 02:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-11 02:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-11 02:40 203,136 -------- c:\windows\system32\dllcache\rmcast.sys 2009-10-11 02:40 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-11 02:40 333,952 -------- c:\windows\system32\dllcache\srv.sys 2009-10-11 02:40 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-10-11 02:39 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll 2009-10-11 02:38 337,408 -------- c:\windows\system32\dllcache\netapi32.dll 2009-10-11 02:37 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-11 02:37 215,552 -------- c:\windows\system32\dllcache\wordpad.exe 2009-10-11 02:34 31,768 a------- c:\windows\system32\wucltui.dll.mui 2009-10-11 02:34 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-11 02:34 23,576 a------- c:\windows\system32\wuapi.dll.mui 2009-10-11 02:34 18,456 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-11 02:31 282,624 a----r-- c:\windows\system32\drivers\Mrvw125.sys 2009-10-11 02:25 73,728 a------- c:\windows\system32\ISUSPM.cpl 2009-10-11 02:25 <DIR> --d----- c:\program files\Customer 2009-10-11 02:25 <DIR> --d----- c:\temp\pci ==================== Find3M ==================== 2009-10-11 13:56 27,262,976 a------- C:\VIRTPART.DAT 2009-10-11 04:40 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-11 04:40 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\localcontent\attachments\devcon.exe 2009-10-11 04:40 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchnotify.exe 2009-10-11 04:40 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\pchealthde.exe 2009-10-11 04:40 159,744 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\PCHButton.exe 2009-10-11 04:40 77,824 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\FDIWrapper.dll 2009-10-11 04:40 26,572 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\INV16.dll 2009-10-11 04:40 69,632 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\msxmlwrapper.dll 2009-10-11 04:40 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\ScDmi.dll 2009-10-11 04:40 49,152 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\PCHI18N.dll 2009-10-11 04:40 139,264 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\ContentUpdater.exe 2009-10-11 04:40 213,089 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\jsharpde\motive.zip 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-28 23:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-07-28 23:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll 2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll 2009-07-18 11:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\dllcache\atl.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll ============= FINISH: 11:26:51.20 =============== Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 9/12/2006 2:01:57 AM System Uptime: 10/12/2009 3:06:56 AM (32 hours ago) Motherboard: ASUSTek Computer INC. | | Kelut Processor: AMD Sempron 3000+ | Socket A | 1999/166mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 94 GiB total, 72.931 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 43 GiB total, 13.13 GiB free. F: is CDROM (CDFS) I: is Removable J: is Removable K: is Removable L: is Removable M: is CDROM (CDFS) N: is CDROM () O: is FIXED (FAT32) - 12 GiB total, 10.769 GiB free. P: is FIXED (NTFS) - 68 GiB total, 22.275 GiB free. Q: is FIXED (NTFS) - 59 GiB total, 28.136 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Adobe Reader 9.1 Adobe Shockwave Player 11.5 Agere Systems PCI Soft Modem ASUS TV880 Tuner Drivers ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver avast! Antivirus Compaq Connections DAEMON Tools DiscWizard for Windows GSAK 6.6.3 Build 30 (Final) Harry Potter Harry Potter and the Goblet of Fire
  3. Hi and thanks for the reply. Sometimes I think I am an idiot. I had a ghost image of this computer that was a year old. It is mostly used for games and internet browsing so there was not a lot of things that needed to be backed up. I restored to the old image, updated windows, firefox, IE and adobe reader. I also uninstalled McAfee and loaded Avast (Windows security center has always said virus protection is out of date). You mentioned something about removing all traces of McAfee what are these? I have run new scans with Mbam, HiJack this, Avast and Spybot S&D (all updated). No signs of infections or problems. I don't know if any of these virus can withstand a Norton Ghost restore. Do you need to see any logs to determine if this is the case and the computer is now clean? If so I will generate them and post them. Thanks for the help
  4. My sons computer got infected with this "Total Security" Virus. I was able to wrestle enough control of the compute to run Mbam (The mbam.exe file kept getting deleted from the program directory), Hijack this and Combofix. The logs are attached below. I don't have a good feeling that I have gotten rid of this thing. A couple of things I have noticed. Each time I open firefox it says it is not my default browser. I have not opened another browser. If I right click on My computer and try to go to system restore it locks up. I had McAfee enterprise virus protection. I uninstalled it to do the scans. When I reinstalled it it would not let me update it (might be an issue with McAffee website). I uninstalled it again and installed Avast. Updated it and did a scan with nothing being reported. If some one could take a look at these logs and let me know what else I need to do I would appreciate it. The logs were generated in the order (with Avast turned off) Mbam HiJack this Combofix (I renamed it k-combofix.exe) Thanks Malwarebytes' Anti-Malware 1.41 Database version: 2934 Windows 5.1.2600 Service Pack 2 10/10/2009 3:28:28 AM mbam-log-2009-10-10 (03-28-28).txt Scan type: Quick Scan Objects scanned: 109164 Time elapsed: 4 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:33:00 AM, on 10/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\windows\AGRSMMSG.exe C:\windows\ALCXMNTR.EXE C:\Program Files\CyberLink\PowerVCRII\Agent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\Returnil\Returnil.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\program files\steam\steam.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe C:\windows\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vhvkkgjjkk;j.m,m.nnnxxhj,j7jlo8l/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {a2f0f138-79f2-4d30-91ce-47b51a71e165} - merumebe.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Rvsystem] C:\PROGRA~1\Returnil\Returnil.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab O20 - AppInit_DLLs: fisalunu.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- End of file - 6321 bytes -------------------------- ComboFix 09-10-08.04 - Compaq_Owner 10/10/2009 3:35.6.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.125 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\k-ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091009-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\COMPAQ~1\LOCALS~1\Temp\catchme.dll c:\documents and settings\Compaq_Owner\Local Settings\Temp\catchme.dll . ((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 ))))))))))))))))))))))))))))))) . 2009-10-10 07:33 . 2009-10-10 07:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-10 06:07 . 2009-10-10 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-10 06:07 . 2009-10-10 06:42 -------- d-----w- c:\program files\McAfee 2009-10-10 05:11 . 2009-10-10 05:11 -------- d-----w- c:\program files\Trend Micro 2009-10-09 23:41 . 2009-10-10 02:52 -------- d-----w- C:\quarantine 2009-10-09 23:33 . 2009-10-09 23:35 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-09 13:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 13:35 . 2009-10-10 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-09 13:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-09 07:01 . 2009-10-09 07:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-10-09 06:57 . 2009-10-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-09 06:25 . 2009-10-09 13:34 -------- dc----w- c:\windows\system32\DRVSTORE 2009-10-09 06:24 . 2009-10-09 13:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-10-09 06:23 . 2009-10-09 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-09 06:07 . 2009-10-09 06:22 -------- d-----w- c:\program files\Common Files\PC Tools 2009-09-19 05:53 . 2009-09-19 05:53 -------- d-s---w- c:\documents and settings\Dirk Kaufman\UserData 2009-09-11 22:35 . 2009-09-13 02:25 -------- d-----w- c:\program files\Mahjong Towers Eternity 2009-09-11 22:33 . 2009-09-11 22:33 -------- d-----w- c:\program files\Mystic Inn 2009-09-11 22:18 . 2009-09-11 22:18 -------- d-----w- c:\program files\bfgclient 2009-09-11 22:18 . 2009-09-13 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-10 08:31 . 2007-09-15 22:21 -------- d-----w- c:\program files\Steam 2009-10-10 07:33 . 2006-09-19 01:42 -------- d-----w- c:\program files\Java 2009-08-31 23:52 . 2008-06-24 16:40 -------- d-----w- c:\program files\Shockwave.com 2009-08-29 18:05 . 2007-10-03 21:17 -------- d-----w- c:\program files\Alawar 2009-07-09 00:30 . 2009-07-09 00:30 83968 --sha-w- c:\windows\system32\jurebuvu.dll 2009-07-09 12:30 . 2009-07-09 12:30 82944 --sha-w- c:\windows\system32\legidonu.dll 2009-07-10 02:04 . 2009-07-10 02:04 51712 --sha-w- c:\windows\system32\merumebe.dll 2009-07-09 00:30 . 2009-07-09 00:30 61440 --sha-w- c:\windows\system32\wejehalo.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-10_01.19.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-10 08:42 . 2009-10-10 08:42 16384 c:\windows\temp\Perflib_Perfdata_698.dat + 2009-10-10 08:42 . 2009-10-10 08:42 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat + 2009-04-30 01:07 . 2009-04-30 01:07 20768 c:\windows\system32\MFEOtlk.dll + 2009-10-10 06:44 . 2009-09-15 10:54 52368 c:\windows\system32\drivers\aswTdi.sys + 2009-10-10 06:44 . 2009-09-15 10:54 23152 c:\windows\system32\drivers\aswRdr.sys + 2009-10-10 06:44 . 2009-09-15 10:56 94160 c:\windows\system32\drivers\aswmon2.sys + 2009-10-10 06:44 . 2009-09-15 10:56 93424 c:\windows\system32\drivers\aswmon.sys + 2009-10-10 06:44 . 2009-09-15 10:55 20560 c:\windows\system32\drivers\aswFsBlk.sys + 2009-10-10 06:44 . 2009-09-15 10:53 27408 c:\windows\system32\drivers\aavmker4.sys + 2009-10-10 06:44 . 2009-09-15 10:53 97480 c:\windows\system32\AvastSS.scr + 2009-10-10 06:07 . 2009-10-10 06:07 10134 c:\windows\Installer\{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}\ARPPRODUCTICON.exe + 2009-10-10 07:33 . 2009-10-10 07:33 149280 c:\windows\system32\javaws.exe + 2009-10-10 07:33 . 2009-10-10 07:33 145184 c:\windows\system32\javaw.exe + 2009-10-10 07:33 . 2009-10-10 07:33 145184 c:\windows\system32\java.exe + 2009-10-10 06:44 . 2009-09-15 10:55 114768 c:\windows\system32\drivers\aswSP.sys + 2009-10-10 07:33 . 2009-10-10 07:33 537600 c:\windows\Installer\2b9bb8.msi + 2009-10-10 06:44 . 2009-09-15 10:59 1279968 c:\windows\system32\aswBoot.exe + 2009-10-10 06:07 . 2009-10-10 06:07 1418752 c:\windows\Installer\1ba8f7.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f0f138-79f2-4d30-91ce-47b51a71e165}] 2009-07-10 02:04 51712 --sha-w- c:\windows\system32\merumebe.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064] "Agent"="c:\program files\CyberLink\PowerVCRII\Agent.exe" [2002-10-01 94208] "Remote_Agent"="c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe" [2002-10-07 32768] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Rvsystem"="c:\progra~1\Returnil\Returnil.exe" [2008-04-26 2049536] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344] "zajosolafa"="bewihafe.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Wireless Configuration Utility.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe [2004-10-6 442368] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TV Remote Control.lnk backup=c:\windows\pss\TV Remote Control.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Atari\\Nerf\\System\\Nerf.exe"= "c:\\Program Files\\Steam\\steamapps\\dirkvictor\\half-life blue shift\\hl.exe"= "c:\\Program Files\\EleFun Games\\Twinxoid\\Twinxoid.exe"= "c:\\Program Files\\Freaky Freezeday\\Freezeday.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Steam\\steamapps\\dirkvictor\\opposing force\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\dirkvictor\\half-life\\hl.exe"= "c:\\program files\\steam\\steam.exe"= "c:\\WINDOWS\\AGRSMMSG.exe"= "c:\\Program Files\\802.11 Wireless LAN\\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\\WlanCU.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Returnil\\Returnil.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8080:TCP"= 8080:TCP:Windows Media Format SDK (wmenc.exe) R0 RVSDISK;RVSDISK;c:\windows\system32\drivers\RVSDISK.sys [4/26/2008 12:10 AM 11904] R0 RVSYSTEM;RVSYSTEM;c:\windows\system32\drivers\RVSYSTEM.sys [4/26/2008 12:10 AM 38272] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2009 1:44 AM 114768] R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2009 1:44 AM 20560] R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [9/15/2007 1:36 PM 686080] S3 CX88XBAR;ASUS TV880 Crossbar;c:\windows\system32\drivers\cx88xbar.sys [9/12/2006 2:11 AM 9846] . . ------- Supplementary Scan ------- . uStart Page = hxxp://vhvkkgjjkk;j.m,m.nnnxxhj,j7jlo8l/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\f1hgwmat.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-10 03:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1212) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2156) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe c:\program files\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Completion time: 2009-10-10 3:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-10 08:46 ComboFix2.txt 2009-10-10 05:29 ComboFix3.txt 2009-10-10 04:35 ComboFix4.txt 2009-10-10 03:54 ComboFix5.txt 2009-10-10 08:34 Pre-Run: 65,105,498,112 bytes free Post-Run: 65,226,911,744 bytes free 186
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.