Jump to content

Will_A

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Great, all clean and updated, going to run through a defrag now. I can't thank you enough for your help. It's really admirable to provide such quality assistance on a volunteer basis. You've inspired me to try to better educate myself about all of this so I'm not as clueless in the future. Thanks again, Happy Halloween! -Will
  2. The VirSCAN results are pasted below. This leads me to wonder whether or not image files are a common source for malware, I tend to accumulate lots of images for reference for my art work and have never really been concerned. Should I be as suspicious of images as any other file-type? VirSCAN.org Scanned Report : Scanned time : 2010/10/30 12:43:42 (PDT) Scanner results: 53% Scanner(s) (19/36) found malware! File Name : ouroboros3.jpg File Size : 63455 byte File Type : JPEG image data, JFIF standard 1.01 MD5 : 070a463ce5c41982129d2d0864a34563 SHA1 : d38cff9e741dbd1d4cf715c26b482b7765a1daa7 Online report : http://virscan.org/report/ef1617220912c3bb...77d164fb3c.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 5.0.0.20 20101031013412 2010-10-31 5.31 Trojan-Clicker.HTML.IFrame!IK AhnLab V3 2010.10.30.00 2010.10.30 2010-10-30 1.32 - AntiVir 8.2.4.86 7.10.13.74 2010-10-29 0.31 TR/Spy.Banker.vk.1 Antiy 2.0.18 20101031.5509708 2010-10-31 0.13 - Arcavir 2010 201010310321 2010-10-31 0.04 - Authentium 5.1.1 201010301916 2010-10-30 1.40 HTML/IFrame (Exact) AVAST! 4.7.4 101030-0 2010-10-30 0.01 - AVG 8.5.850 271.1.1/3227 2010-10-30 0.26 - BitDefender 7.90123.6418700 7.34482 2010-10-31 5.54 Trojan.Clicker.IFrame.G ClamAV 0.96.3 12189 2010-10-30 0.01 HTML.Spy.IMG Comodo 4.0 6561 2010-10-30 0.87 - CP Secure 1.3.0.5 2010.10.30 2010-10-30 0.01 Troj.Spy.HTML.Bankfraud.ra Dr.Web 5.0.2.3300 2010.10.31 2010-10-31 10.04 - F-Prot 4.4.4.56 20101030 2010-10-30 1.59 HTML/IFrame (exact, not disinfectable) F-Secure 7.02.73807 2010.10.29.11 2010-10-29 0.10 Trojan-Clicker.HTML.IFrame.rp [AVP] Fortinet 4.2.249 12.509 2010-10-30 0.52 - GData 21.1032/21.439 20101030 2010-10-30 7.47 Trojan-Clicker.HTML.IFrame.rp [Engine:A] ViRobot 20101029 2010.10.29 2010-10-29 0.39 - Ikarus T3.1.32.15.0 2010.10.30.77048 2010-10-30 5.21 Trojan-Clicker.HTML.IFrame JiangMin 13.0.900 2010.10.30 2010-10-30 1.30 - Kaspersky 5.5.10 2010.10.30 2010-10-30 0.03 Trojan-Clicker.HTML.IFrame.rp KingSoft 2009.2.5.15 2010.10.30.18 2010-10-30 0.66 - McAfee 5400.1158 6152 2010-10-30 18.83 JPGiframer Microsoft 1.6301 2010.10.30 2010-10-30 3.79 Trojan:JS/Redirector.E Norman 6.06.10 6.06.00 2010-10-30 8.01 - Panda 9.05.01 2010.10.28 2010-10-28 2.11 - Trend Micro 9.120-1004 7.582.14 2010-10-30 0.02 HTML_CLICKER.BUC Quick Heal 11.00 2010.10.29 2010-10-29 2.23 - Rising 20.0 22.71.03.02 2010-10-28 0.34 Trojan.DL.PicFrame.c Sophos 3.13.1 4.59 2010-10-31 2.66 Troj/JSRedir-BM Sunbelt 3.9.2457.2 7173 2010-10-30 19.73 - Symantec 1.3.0.24 20101030.003 2010-10-30 0.07 Trojan.Maliframe!html nProtect 20101027.01 9231549 2010-10-27 12.94 Trojan.Clicker.IFrame.G The Hacker 6.7.0.1 v00074 2010-10-30 0.39 - VBA32 3.12.14.1 20101029.0829 2010-10-29 3.54 Trojan-Clicker.HTML.IFrame.rp VirusBuster 4.5.11.10 10.130.5/1999521 2010-10-30 2.38 -
  3. Ok, the ESET scan just finished, pasted the log below. C:\System Volume Information\_restore{854928B7-E060-4F9B-BD8D-D2C51B9B376D}\RP479\A0070245.bat Win32/Adware.FakeAntiSpy.G application C:\System Volume Information\_restore{854928B7-E060-4F9B-BD8D-D2C51B9B376D}\RP496\A0071630.bat Win32/Adware.FakeAntiSpy.G application G:\Art\Photoshop\OO\ouroboros3.jpg probably a variant of Win32/TrojanDownloader.Agent.KEMPYJA trojan
  4. Ok, I was able to update Java, though it was update 22 not 17, this is fine right? I ran MBAM and pasted the log below, looks like it didn't find anything and my connection is still up, definitely a good sign. I'm currently at 24% in the Kaspersky scan, it's taking a really long time (going on almost a day now), I'll post the log as soon as it completes. Thanks. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4980 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/28/2010 4:27:26 PM mbam-log-2010-10-28 (16-27-26).txt Scan type: Quick scan Objects scanned: 151952 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. Ok, it looks like it worked. I never got a "one file(s) expanded successfully" message though, it says "80063 bytes expanded to 1614848 bytes, 1916% increase." I seem to have internet connectivity back up as well, not sure at what point this came back.
  6. Took some digging around but I do have a WinXP sp3 cd.
  7. Thanks. New ComboFix log pasted below, and SystemLook log pasted below that. Let me know if you'd prefer these to be attached rather than copy/pasted. ComboFix 10-10-26.03 - Will 10/27/2010 11:55:44.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1597 [GMT -7:00] Running from: c:\documents and settings\Will\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Will\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 ))))))))))))))))))))))))))))))) . 2010-10-27 01:55 . 2010-10-27 01:55 -------- d-----w- c:\program files\Avira 2010-10-27 01:55 . 2010-10-27 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-10-27 01:55 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-27 01:55 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-27 01:55 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-27 01:55 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-26 23:47 . 2010-10-26 23:47 -------- d-----w- c:\windows\system32\wbem\Repository 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- C:\BDS 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- c:\program files\2K Games 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- c:\program files\Safer Networking 2010-10-23 21:47 . 2010-10-26 21:15 -------- d-----w- c:\program files\Hamachi 2010-10-23 21:47 . 2010-10-23 21:51 -------- d-----w- c:\program files\FileZilla Server 2010-10-11 23:19 . 2010-10-11 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-07 01:21 . 2010-10-07 01:23 -------- d-----w- c:\program files\CamStudio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 19:23 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-14 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-14 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2009-06-04 12:35 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2009-06-04 12:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2009-06-04 12:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:48 . 2009-06-04 12:33 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:38 . 2009-06-04 12:36 1861888 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 06:05 . 2008-04-14 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:37 . 2009-06-04 12:36 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-06-04 12:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2008-04-14 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:43 . 2009-06-04 12:34 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2009-11-20 04:08 . 2009-11-20 04:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll 2009-11-20 04:08 . 2009-11-20 04:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll . ------- Sigcheck ------- [-] 2009-06-04 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-06-04 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2010-10-27_09.00.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-27 18:34 . 2010-10-27 18:34 16384 c:\windows\Temp\Perflib_Perfdata_5a4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "CTHelper"="CTHELPER.EXE" [2009-03-04 19456] "shicoxp"="c:\windows\shicoxp.exe" [2003-05-15 45056] "lauchsrv"="c:\windows\lauchsrv.exe" [2003-02-25 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave1"=aarklink.dll "midi1"=aarklink.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Tunngle\\TnglCtrl.exe"= "c:\\Program Files\\Tunngle\\Tunngle.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Autodesk\\Maya2009\\bin\\maya.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Steam\\steamapps\\dilliondollars\\source sdk base 2007\\hl2.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Autodesk\\Maya2011\\bin\\maya.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [5/18/2010 7:21 PM 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [5/18/2010 7:21 PM 635017] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [5/18/2010 7:21 PM 431236] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/26/2010 6:55 PM 135336] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [6/25/2009 8:47 PM 2789672] R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [6/26/2009 2:45 PM 664824] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/2/2009 11:07 PM 24652] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/5/2010 10:48 PM 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [3/5/2010 10:48 PM 16896] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6/26/2009 2:45 PM 25600] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/25/2009 8:47 PM 15656] S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [5/18/2010 7:21 PM 64093] S2 aardvarkpm;Aardvark Professional Audio Manager;c:\program files\Aardvark\aardvark.exe [6/24/2009 5:32 PM 147456] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 3:58 PM 135664] S3 AarkPhys;Aardvark Professional Audio Service;c:\windows\system32\drivers\AarkPhys.sys [6/24/2009 5:31 PM 44911] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/24/2009 5:21 PM 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296] S3 SaiH0255;SaiH0255;c:\windows\system32\drivers\SaiH0255.sys [5/1/2007 4:11 PM 132232] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [3/13/2010 12:36 AM 93336] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/24/2009 8:44 PM 721904] . Contents of the 'Scheduled Tasks' folder 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 22:58] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 22:58] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484061587-1177238915-1004Core.job - c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 00:28] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484061587-1177238915-1004UA.job - c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 00:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {0992FC34-8125-4E26-A49F-C2F4C8D7F794} = 68.105.28.12,68.105.29.12 DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://192.168.1.30/cab/OCXChecker_8198.cab DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://192.168.1.30/cab/DownloadCenter_8200.cab FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\97ae3f0y.default\ FF - prefs.js: network.proxy.type - 1 FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3068) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-10-27 12:11:56 ComboFix-quarantined-files.txt 2010-10-27 19:11 ComboFix2.txt 2010-10-27 09:03 Pre-Run: 110,489,870,336 bytes free Post-Run: 110,476,390,400 bytes free - - End Of File - - 3061E69CA561833FC74E5C3977D462A5 SystemLook 04.09.10 by jpshortstuff Log created at 12:15 on 27/10/2010 by Will Administrator - Elevation successful ========== filefind ========== Searching for "sfcfiles.*" C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [12:55 04/06/2009] [12:55 04/06/2009] C951DB3D9B6EF3CF4B82454D30A8BF59 -= EOF =-
  8. Hi RPMcMurphy, Thanks so much for the quick response and clear instructions. I uninstalled/removed AVG successfully and ComboFix worked fine as well (it was even able to establish a connection to download the recovery console, which was interesting to me). The ComboFix log is below. Regarding p2p, do you think it would effectively mitigate the risk to restrict it to a dedicated hdd-partition/OS-install? thanks again, -Will ComboFix 10-10-26.03 - Will 10/27/2010 1:54.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1458 [GMT -7:00] Running from: c:\documents and settings\Will\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Will\Application Data\Microsoft\stor.cfg c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 ))))))))))))))))))))))))))))))) . 2010-10-27 01:55 . 2010-10-27 01:55 -------- d-----w- c:\program files\Avira 2010-10-27 01:55 . 2010-10-27 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-10-27 01:55 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-27 01:55 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-27 01:55 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-27 01:55 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-26 23:47 . 2010-10-26 23:47 -------- d-----w- c:\windows\system32\wbem\Repository 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- C:\BDS 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- c:\program files\2K Games 2010-10-23 21:47 . 2010-10-23 21:47 -------- d-----w- c:\program files\Safer Networking 2010-10-23 21:47 . 2010-10-26 21:15 -------- d-----w- c:\program files\Hamachi 2010-10-23 21:47 . 2010-10-23 21:51 -------- d-----w- c:\program files\FileZilla Server 2010-10-11 23:19 . 2010-10-11 23:19 143360 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-07 01:21 . 2010-10-07 01:23 -------- d-----w- c:\program files\CamStudio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 19:23 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-14 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-14 11:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2009-06-04 12:35 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2009-06-04 12:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2009-06-04 12:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:48 . 2009-06-04 12:33 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:38 . 2009-06-04 12:36 1861888 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 06:05 . 2008-04-14 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:37 . 2009-06-04 12:36 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-06-04 12:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2008-04-14 11:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:43 . 2009-06-04 12:34 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2009-11-20 04:08 . 2009-11-20 04:08 3749224 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll 2009-11-20 04:08 . 2009-11-20 04:08 2941288 ----a-w- c:\program files\Common Files\adlmint.dll . ------- Sigcheck ------- [-] 2009-06-04 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-06-04 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-25 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2009-06-10 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "CTHelper"="CTHELPER.EXE" [2009-03-04 19456] "shicoxp"="c:\windows\shicoxp.exe" [2003-05-15 45056] "lauchsrv"="c:\windows\lauchsrv.exe" [2003-02-25 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave1"=aarklink.dll "midi1"=aarklink.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Tunngle\\TnglCtrl.exe"= "c:\\Program Files\\Tunngle\\Tunngle.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Autodesk\\Maya2009\\bin\\maya.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"= "c:\\Program Files\\WinSCP\\WinSCP.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.mui"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Steam\\steamapps\\dilliondollars\\source sdk base 2007\\hl2.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Autodesk\\Maya2011\\bin\\maya.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [5/18/2010 7:21 PM 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [5/18/2010 7:21 PM 635017] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [5/18/2010 7:21 PM 431236] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/26/2010 6:55 PM 135336] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [6/25/2009 8:47 PM 2789672] R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [6/26/2009 2:45 PM 664824] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/2/2009 11:07 PM 24652] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/5/2010 10:48 PM 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [3/5/2010 10:48 PM 16896] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6/26/2009 2:45 PM 25600] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [6/25/2009 8:47 PM 15656] S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [5/18/2010 7:21 PM 64093] S2 aardvarkpm;Aardvark Professional Audio Manager;c:\program files\Aardvark\aardvark.exe [6/24/2009 5:32 PM 147456] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 3:58 PM 135664] S3 AarkPhys;Aardvark Professional Audio Service;c:\windows\system32\drivers\AarkPhys.sys [6/24/2009 5:31 PM 44911] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/24/2009 5:21 PM 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296] S3 SaiH0255;SaiH0255;c:\windows\system32\drivers\SaiH0255.sys [5/1/2007 4:11 PM 132232] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [3/13/2010 12:36 AM 93336] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/24/2009 8:44 PM 721904] . Contents of the 'Scheduled Tasks' folder 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 22:58] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 22:58] 2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484061587-1177238915-1004Core.job - c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 00:28] 2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-484061587-1177238915-1004UA.job - c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-25 00:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:50370 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {0992FC34-8125-4E26-A49F-C2F4C8D7F794} = 68.105.28.12,68.105.29.12 DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://192.168.1.30/cab/OCXChecker_8198.cab DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://192.168.1.30/cab/DownloadCenter_8200.cab FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\97ae3f0y.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\documents and settings\Will\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKCU-Run-AdobeBridge - (no file) Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-27 02:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-10-27 02:03:12 ComboFix-quarantined-files.txt 2010-10-27 09:03 Pre-Run: 103,836,561,408 bytes free Post-Run: 110,481,072,128 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0 [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(1)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - FCF898E09A9D6787D89A10DEE51FA7B5
  9. Blow-By-Blow: -This all started when I was getting random(?) redirects in Google Chrome from just about any link I would click on. For example clicking on a google search result link would take me to some scour.com site with lots of page content generated from my google search query. -This led me to scan using AVG which found/fixed a couple of things, then just to be thorough I scanned with Malwarebytes. This also found some infections. After rebooting, I no longer had connectivity to the internet (I confirmed that the modem/router are fine with other computers, even a separate Windows install on the same PC, all connected fine). -I was able to complete a system restore to the previous night and my connection was restored (Ideally I would have gone back further but no other restore points restored successfully, seems to me another red flag that there are issues). -I was still getting the random link redirects in Chrome, so I ran AVG and Malwarebytes again, AVG found nothing, Malwarebytes found a few things and then my connection was lost again. -Where I stand now: I haven't been able to get any restore points to work, so still no connection. I've seen some alerts about not being able to find "dwm.exe" I tried to uninstall MWB and got an error about a missing "unins000.msg" Got a similar error when I tried running MWB at this time also. Finally decided to go ahead and just follow exactly the steps lined out in the malware removal post in this forum and here I am. I've pasted the latest Malwarebytes log and DDS log below and attached a zip-file with Ark.txt (from GMER) and attach.txt (from DDS). Many thanks in advance for any help you can offer, I'm pretty exasperated. -Will Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4957 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/26/2010 6:47:01 PM mbam-log-2010-10-26 (18-47-01).txt Scan type: Quick scan Objects scanned: 153857 Time elapsed: 7 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Will\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Will\Application Data\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Application Data\444.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Will\Application Data\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully. DDS (Ver_10-10-21.02) - NTFSx86 Run by Will at 19:06:13.51 on Tue 10/26/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1394 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\shicoxp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Tunngle\TnglCtrl.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\Will\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = http=127.0.0.1:50370 BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [Google Update] "c:\documents and settings\will\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Aim6] uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [AdobeBridge] mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [shicoxp] c:\windows\shicoxp.exe mRun: [lauchsrv] c:\windows\lauchsrv.exe i mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\pdfill\DownloadPDF.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://192.168.1.30/cab/OCXChecker_8198.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://192.168.1.30/cab/DownloadCenter_8200.cab TCP: {0992FC34-8125-4E26-A49F-C2F4C8D7F794} = 68.105.28.12,68.105.29.12 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\will\applic~1\mozilla\firefox\profiles\97ae3f0y.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\documents and settings\will\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2010-5-18 19478] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-26 11608] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-24 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-24 29584] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-24 243024] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2010-5-18 635017] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2010-5-18 431236] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-26 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-26 267432] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-26 60936] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-6-25 2789672] R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2009-6-26 664824] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-2 24652] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-3-5 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296] R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2010-3-5 16896] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-6-26 25600] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-6-25 15656] S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2010-5-18 64093] S2 aardvarkpm;Aardvark Professional Audio Manager;c:\program files\aardvark\aardvark.exe [2009-6-24 147456] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664] S3 AarkPhys;Aardvark Professional Audio Service;c:\windows\system32\drivers\AarkPhys.sys [2009-6-24 44911] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-6-24 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296] S3 SaiH0255;SaiH0255;c:\windows\system32\drivers\SaiH0255.sys [2007-5-1 132232] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010\RpcAgentSrv.exe [2010-3-13 93336] =============== Created Last 30 ================ 2010-10-27 01:55:19 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-27 01:55:19 -------- d-----w- c:\program files\Avira 2010-10-27 01:55:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-10-26 23:47:31 -------- d-----w- c:\windows\system32\wbem\repository\FS 2010-10-26 23:47:31 -------- d-----w- c:\windows\system32\wbem\Repository 2010-10-23 21:47:35 -------- d-----w- C:\BDS 2010-10-23 21:47:28 -------- d-----w- c:\program files\2K Games 2010-10-23 21:47:27 -------- d-----w- c:\program files\Safer Networking 2010-10-23 21:47:26 -------- d-----w- c:\program files\Hamachi 2010-10-23 21:47:26 -------- d-----w- c:\program files\FileZilla Server 2010-10-11 23:19:52 143360 ----a-w- c:\windows\system32\nvcolor.exe 2010-10-07 01:21:13 -------- d-----w- c:\program files\CamStudio ==================== Find3M ==================== 2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:48:34 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:38:48 1861888 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 06:05:07 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:43:28 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2009-11-20 04:08:02 3749224 ----a-w- c:\program files\common files\adlmint_libFNP.dll 2009-11-20 04:08:02 2941288 ----a-w- c:\program files\common files\adlmint.dll ============= FINISH: 19:07:15.00 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.