Jump to content

ra12r

Honorary Members
  • Posts

    60
  • Joined

  • Last visited

Everything posted by ra12r

  1. LDTate, OK I believe my computer is okay now. I had a few struggles but have (with your help) gotten the "monkey out of the tree"!!! Here is a few things that I have learned which I hope helps you also.... Symptom: 1) Root Kit Virus....... It was removed by the processes you directed. 2) Multiple Malware....... Removed by the processes you directed. 3) Location of a problem........ Discovered that my "cache" of my firefox profile contained something that was recreating issues when I restored a deleted profile to get back some manually deleted bookmarks. So a complete reinstall was required. OTL plus your suggested additions immediately stopped it again. 4) Slow screen redraw.......... Removed IE8 and it 'IMMEDIATELY FIXED" my screen issues. I found that by googling. There is a script required for XP that will remove it on the MS website. Currently I have not reinstalled any IE but I will try to go back to IE6. 5) Lost CD storage device....... I had to get in regedit and remove a "Lower filter" which fixed my issue immediately and now burning is EXTREMELY FAST. ie google 6) IP Router virus...... turning on and off the ip stuff fixed that blockage of internet access to certain websites. 7) USB lockout after time idle.......... turning off power management control has stopped that... I cant think of anything else right now, but I believe all my problems are solved!!! Thank you very much and I will probably be purchasing a full version of MBAM just for appreciation. Once again thank you for you diligence helping me get all these things back out of my system as I have learned a BUNCH of additional things working this process with you. Mucho Gracias!!!!
  2. LDTate, I am sooo sorry that my computer has been such a challenge. But, it is doing much better and I that you for your help. The screen refresh has stopped. It boots much faster. The newly installed firefox 3.6 verson is not hanging while going to webpages. I am still having some intermittant USB issues. I have not reinstalled a cdrom driver yet. Do you currently see anything else of concern? However, prior to installing the cdrom driver,I have been trying to work the past couple of days when i get home from work to get things all back balanced. But I still have some issues that I need your help with... On one of our cleaning scans prior to christmas break, I lost all my bookmarks in firefox and firefox kept saying it was already open when I would try to start the program. I tried to find them by doing a system restore, but the system restore points no longer work. I figured the bookmarks json or html files were deleted from the profile and could be found on the harddrive with a program. So I have found some files but the bookmark files that will restore, no luck yet. The one i found that is the prior, firefox says it can not process it. I am wondering what I need to do to get them restored. I don't think any of my virus's was located in the mozilla folder, but I am not sure about that??? I have been using a program that finds and undeletes stuff that has been deleted and is still on the hardddrive. But, the info I have found so far to know what all needs to be present without undeleting all the Mozilla files has not addressed my issue of restoring deleted mozilla bookmarks files. Thanks again for your time and efforts to help me.
  3. LDTate, ok I will have to get a driver from driversguide, no problem. However, i did notice that my usb mouse and keyboard locked up again. When I unplug and replug it found it straightway though, but something is still grabbing that usb bus or something.....
  4. LDTate, I still don't have a cdrom drive after bootup. I have it when I go to the bios before bootup but loose it after bootup? Haven't noticed anything else yet.
  5. LDTate, Happy new Year!!! I ran the OTL and here is the log. All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 348 bytes User: All Users User: Default User User: LocalService ->Flash cache emptied: 13287 bytes User: NetworkService ->Flash cache emptied: 13542 bytes User: Sonia Evans ->Flash cache emptied: 3805511 bytes Total Flash Files Cleaned = 4.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 129429 bytes ->FireFox cache emptied: 14506790 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Sonia Evans ->Temp folder emptied: 3856359 bytes ->Temporary Internet Files folder emptied: 51931318 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 135707675 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138887 bytes %systemroot%\System32 .tmp files removed: 1132049 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 124 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 47366 bytes RecycleBin emptied: 421387617 bytes Total Files Cleaned = 601.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 01022012_140045 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  6. Sorry I haven't made it back to the "sick" computer yet. Holidays almost over.
  7. will be off this computer for a few days....
  8. LDTate, UPDATE, my USB is being hijacked real bad this morning. I am keep having to plug and unplug the mouse keyboard to reactive....... sigh
  9. LDTate, Well this morning the desktop screen is still running correctly with the screen slow scroll not happening. I am still not sure about what script I turned off by stopping "script running after user logon"?! My key board is still doing something weird as I am typing this it has got stuck typing one letter a couple of times that looking like the following single letter jjjjjjjjjjjjjjjjjjjjj It is not happening on any particular letter though but there seems to still be something still affecting the USB bus?! On startup, I am still loosing my USB bus and cannot get into F8 commands for safemode as I still cannot use arrow up or down except on ps2 keyboard. I also still do not have a cdrom. My cdrom is less than 6 months old so if it died during this then the timing is crazy. I have deleted the cddriver to let it just reinstal, but it always says the driver is installed but cannot find the hardware. The bios can see it as I checked just to make sure it was being recognized. I have been watching my services for extreme memory or cpu usage and that seems normal even when my USB is acting crazy. That used to time with the svchost.exe going crazy. I did have to reinstall Firefox, but I believe the problem was caused by deleting something in the mozilla profile that kept showing up on some of these scans.
  10. LDTate, I also noticed in my registry that I have a bunch of repeated entries of the same exact file. Some are exactly the same in content and other are a varient but with the same content in the subfolders that they have in common. These files are located at HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} wow, my system just lost usb and so I have to finish this with the ps2 keyboard...... How many entries of that file should there be?
  11. Here is the EXTRAS.txt OTL Extras logfile created on: 12/18/2011 9:39:46 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Internet Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 703.48 Mb Total Physical Memory | 461.37 Mb Available Physical Memory | 65.58% Memory free 2.71 Gb Paging File | 2.45 Gb Available in Paging File | 90.42% Paging File free Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 95.43 Gb Free Space | 64.02% Space Free | Partition Type: NTFS Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.39% Space Free | Partition Type: NTFS Computer Name: HIGHLANDER | User Name: Wyatt Evans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0D00BDA8-A387-4239-8C33-04FA7F37D655}" = Nitrous Log "{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2567B22D-4CAC-44ED-8B31-FB92636E2E0F}" = WebCam "{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom "{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012 "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{61262D82-A4B7-4B9E-B697-E220D632CCD2}_is1" = Power Commander 5 Software V1.0.1 "{64A50049-407F-4361-9823-CE0C5630504F}" = Ultimate Racer 3.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837006C4-83B7-4BF9-ABC7-AD262FBBFCDF}" = YOSHIMURA Engine Management Professional "{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena "{898E3215-89AB-485C-B020-AC59229D2C25}" = PC Link Nitrous "{8E75E6F4-35DF-43E6-8A11-C73437FA3C5B}" = Xtranormal State "{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha "{929A7FF6-5C3B-45AC-A4C9-30A3AE16CF4B}" = Xtranormal State - Showpak-Playgoz-Preview "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup "{A0BA5AAC-CA61-4C71-9A29-FDF521296225}" = Xtranormal State - SoundPack-Starter Kit "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A436B59A-756E-426F-A348-2BE1BE99B86F}" = AVG 2012 "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B2586CA8-0F12-11D3-8258-00C04F6843FE}" = Microsoft Office 2000 Web Archive Add-On "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C72C8671-4FE0-44D9-8A7B-D07F411D2565}" = WEGO Log "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite "{E59219D4-23B8-11D3-A179-00C04F6C9FA4}" = Microsoft Word Supplemental Templates and Wizards "{E8DF0C63-3669-4A71-9000-03775FF51D2C}" = RemotePlayback "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter "{FE9C7463-77A6-4B64-8891-550B7E3505F2}" = Engine Analyzer Pro v3.3 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AnyDVD" = AnyDVD "AVG" = AVG 2012 "C-Media Audio Driver" = C-Media WDM Audio Driver "Collectorz.com Movie Collector" = Collectorz.com Movie Collector "DriverGuide DriverScan" = DriverGuide DriverScan "DVD Shrink_is1" = DVD Shrink 3.2 "ESET Online Scanner" = ESET Online Scanner v3 "ImgBurn" = ImgBurn "InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "MediaMonkey_is1" = MediaMonkey 2.5 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US) "Nero - Burning Rom!UninstallKey" = Nero OEM "PC Camera Capture" = PC Camera Capture "Power Commander 3" = Power Commander 3 "Punch! 5 in 1 Home Design" = Punch! 5 in 1 Home Design "QuickTime" = QuickTime "S3" = KM400/KN400 Display Driver and Utilities "Slotman_is1" = Slotman "UltraDefrag" = Ultra Defragmenter "VTDisplay" = S3 S3Display "VTGamma2" = S3 S3Gamma2 "VTInfo2" = S3 S3Info2 "VTOverlay" = S3 S3Overlay "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Script" = Microsoft Windows Script 5.7 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "Xfire" = Xfire (remove only) "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "0683c2c1208fabf1" = Hayabusa ECUeditor for K2-K7, K8- models ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/18/2011 12:10:59 PM | Computer Name = HIGHLANDER | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 12/18/2011 12:11:00 PM | Computer Name = HIGHLANDER | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090 Description = Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy. Error - 12/18/2011 12:11:06 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090 Description = Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy. Error - 12/18/2011 12:17:45 PM | Computer Name = HIGHLANDER | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 12/18/2011 12:17:46 PM | Computer Name = HIGHLANDER | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090 Description = Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy. Error - 12/18/2011 12:17:54 PM | Computer Name = HIGHLANDER | Source = Userenv | ID = 1090 Description = Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy. [ System Events ] Error - 12/18/2011 11:15:08 AM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001 Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1058 Error - 12/18/2011 11:48:58 AM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/18/2011 11:49:08 AM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/18/2011 11:50:19 AM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001 Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1058 Error - 12/18/2011 12:10:47 PM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/18/2011 12:10:59 PM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/18/2011 12:12:11 PM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001 Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1058 Error - 12/18/2011 12:17:35 PM | Computer Name = HIGHLANDER | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/18/2011 12:17:45 PM | Computer Name = HIGHLANDER | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/18/2011 12:18:56 PM | Computer Name = HIGHLANDER | Source = Service Control Manager | ID = 7001 Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1058 < End of report >
  12. LDTate, before I ran this latest scan I went into gpedit.msc and turned off "run scripts after logon" or something like that and it stop the desktop pic slow scroll and it stop the slow scroll on application shut downs.... so to me that means there is some script associated with my profile that is trying to run with everystartup and then periodically until it crashes a svcprocess. Here is the scan results of OLT OTL logfile created on: 12/18/2011 9:39:46 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Internet Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 703.48 Mb Total Physical Memory | 461.37 Mb Available Physical Memory | 65.58% Memory free 2.71 Gb Paging File | 2.45 Gb Available in Paging File | 90.42% Paging File free Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 95.43 Gb Free Space | 64.02% Space Free | Partition Type: NTFS Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.39% Space Free | Partition Type: NTFS Computer Name: HIGHLANDER | User Name: Wyatt Evans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Internet Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (MaxSch2Svc) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/14 03:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/18 11:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 10:41:26 | 000,000,000 | ---D | M] [2010/04/19 18:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Extensions [2011/12/18 21:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions [2011/12/18 21:15:21 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011/12/18 11:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/04/20 08:40:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/08/17 15:39:27 | 000,693,048 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll [2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/12 07:12:37 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562 (MUWebControl Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: VIDC.JPGL - C:\WINDOWS\jpgl.dll () Drivers32: VIDC.TMPX - C:\WINDOWS\System32\TMPXVFW.DLL () Drivers32: VIDC.TVTA - C:\WINDOWS\System32\TVTACODEC.DLL (tvt) Drivers32: VIDC.TVTX - C:\WINDOWS\System32\TVTXTDEC.DLL (tvt) Drivers32: VIDC.XVID - C:\WINDOWS\System32\XVIDVFW.DLL () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011/12/13 21:37:10 | 000,000,000 | -HSD | C] -- C:\found.000 [2011/12/11 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\DoctorWeb [2011/12/10 23:31:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/09 07:21:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2011/12/07 22:38:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/12/03 08:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/03 08:13:29 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2011/12/03 07:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item_files [2011/12/02 07:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG [2011/12/02 07:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011 [2011/12/02 06:52:49 | 000,000,000 | ---D | C] -- C:\$AVG [2011/12/02 06:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/12/02 06:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG2012 [2011/12/02 06:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012 [2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/12/02 06:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/12/02 06:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/12/02 06:23:20 | 003,903,528 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/01 22:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller [2011/12/01 21:39:19 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe [2011/11/30 00:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011/11/29 23:25:00 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2011/11/27 23:07:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011/11/22 03:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/11/22 02:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Malware Fix Folder [2011/11/20 23:12:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sonia Evans\IECompatCache [2011/11/19 10:52:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2011/11/19 01:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Start Menu\Programs\DriverGuide DriverScan [2011/11/19 01:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Apple [2011/11/19 01:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2011/11/19 01:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011/11/19 01:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2011/11/19 01:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/11/19 01:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\PackageAware [2011/11/19 01:04:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2011/11/19 01:04:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2011/11/19 00:52:53 | 000,000,000 | ---D | C] -- C:\Config.Msi [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/18 11:17:27 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/18 11:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/18 11:16:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/12/18 09:18:13 | 000,002,732 | RHS- | M] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol [2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/12/18 03:58:31 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar [2011/12/14 03:38:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2011/12/12 07:12:37 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/12/08 21:52:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/12/05 20:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111208-214322.backup [2011/12/04 08:39:19 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk [2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini [2011/12/03 17:20:56 | 000,025,532 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg [2011/12/03 07:59:26 | 000,002,877 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm [2011/12/02 07:29:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk [2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/01 22:15:08 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip [2011/12/01 21:23:13 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe [2011/11/28 23:42:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/22 08:39:35 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/11/20 23:25:45 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/19 12:04:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011/11/19 10:08:20 | 000,226,596 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg [2011/11/19 10:06:14 | 009,751,798 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/18 11:16:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/12/18 03:58:31 | 084,460,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/12/18 00:55:45 | 000,107,134 | ---- | C] () -- C:\fraglist.luar [2011/12/18 00:01:18 | 000,002,732 | RHS- | C] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol [2011/12/17 23:22:24 | 000,003,906 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/12/03 17:20:56 | 000,025,532 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/12/03 08:03:27 | 000,266,123 | ---- | C] () -- C:\Boot Item.jpg [2011/12/03 07:59:26 | 000,002,877 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm [2011/12/02 07:29:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk [2011/12/02 06:29:40 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2011/12/01 22:14:49 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip [2011/11/19 10:44:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2011/11/19 10:08:20 | 000,226,596 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg [2011/11/19 10:06:13 | 009,751,798 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf [2011/11/13 23:00:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/13 22:57:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/10/11 20:22:23 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2011/10/11 20:22:23 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2011/10/11 20:22:22 | 001,900,544 | R--- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2009/08/29 00:22:30 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\dm.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2009/04/24 08:36:35 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe [2009/03/02 22:20:48 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGat.gif [2009/03/02 22:20:48 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGcn.gif [2009/03/02 22:20:48 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGby.gif [2008/12/19 21:31:59 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\RmDigSSD Prefs [2008/12/05 20:08:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL [2008/12/05 20:08:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL [2008/12/05 19:53:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL [2008/12/05 19:53:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL [2008/12/05 19:53:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL [2008/11/23 19:21:26 | 000,005,383 | ---- | C] () -- C:\WINDOWS\Racer30.INI [2008/06/04 20:48:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2008/06/04 20:48:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2007/11/28 23:08:17 | 000,000,303 | ---- | C] () -- C:\WINDOWS\EMPro3D.INI [2007/08/25 15:47:17 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll [2007/08/25 15:47:17 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini [2007/03/19 19:54:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2007/03/18 08:18:27 | 000,001,299 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/03/16 00:57:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Sonia Evans.ini [2007/03/06 20:15:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/02/12 17:27:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007/02/12 17:27:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/12/31 19:31:26 | 000,009,475 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/09/24 12:29:56 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/09/21 21:13:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006/08/12 21:14:08 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\FixVTS.ini [2006/06/20 21:20:02 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/06/20 21:20:01 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006/06/20 21:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2006/06/19 21:21:22 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Biblerp.ini [2006/06/17 07:27:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006/06/10 07:02:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/06/09 20:32:01 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\.zreglib [2006/06/09 19:50:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2006/06/09 19:23:47 | 000,001,015 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/06/09 19:23:47 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/06/09 19:23:47 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/06/09 19:23:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2006/06/09 19:23:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/06/09 19:23:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2006/06/09 19:23:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2006/06/09 19:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2006/06/09 19:21:59 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/06/09 19:07:49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006/06/09 19:07:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006/06/09 19:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2006/06/09 19:07:43 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2006/06/09 19:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006/06/09 19:04:06 | 000,002,893 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006/06/09 19:04:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006/06/09 18:44:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/06/09 18:39:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/06/09 14:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/06/09 14:30:00 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe [2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/08/29 07:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/08/29 07:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001/08/13 13:33:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\div_iyuv.dll [2001/08/13 13:33:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jpgl.dll [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/09 21:24:30 | 000,104,448 | ---- | C] () -- C:\WINDOWS\System32\Winhrt32.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg [2011/12/03 08:05:32 | 000,162,304 | ---- | M] () -- C:\Boot Item2.doc [2010/06/14 21:34:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini [2011/11/29 00:02:37 | 000,000,929 | ---- | M] () -- C:\CFScript.txt [2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2011/12/07 22:38:09 | 000,013,553 | ---- | M] () -- C:\ComboFix.txt [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/12/10 08:18:35 | 000,000,426 | ---- | M] () -- C:\DiskReport.txt [2011/06/11 06:01:36 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt [2009/10/24 13:44:19 | 000,754,668 | ---- | M] () -- C:\EasyShare.dmp [2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar [2011/12/18 00:55:45 | 000,067,528 | ---- | M] () -- C:\fraglist.txt [2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/07/10 15:38:18 | 000,000,285 | ---- | M] () -- C:\Key for AnyDVD.AnyDVD [2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/09/22 18:58:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/10/16 11:24:01 | 000,250,048 | RHS- | M] () -- C:\ntldr [2009/06/21 17:01:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat [2009/06/21 17:01:18 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG [2011/12/18 11:17:11 | 1106,485,248 | -HS- | M] () -- C:\pagefile.sys [2006/09/17 09:35:40 | 000,075,925 | ---- | M] () -- C:\SpeedQueen 2006.jpg [2011/11/19 09:53:13 | 000,001,967 | ---- | M] () -- C:\svchost.exe.txt [2011/11/19 08:55:19 | 000,048,988 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_19.11.2011_08.53.07_log.txt [2011/11/27 23:03:04 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_27.11.2011_23.02.59_log.txt [2011/11/29 00:09:29 | 000,048,450 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.08.18_log.txt [2011/11/29 00:18:23 | 000,053,232 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.13.31_log.txt [2011/12/01 21:44:24 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.43.10_log.txt [2011/12/01 21:48:31 | 000,045,138 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.46.49_log.txt [2011/12/01 22:00:54 | 000,045,216 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.57.32_log.txt [2011/12/01 22:17:20 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_22.15.29_log.txt [2011/12/06 07:26:36 | 000,046,356 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_06.12.2011_07.25.55_log.txt [2011/12/07 19:48:52 | 000,135,694 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_07.12.2011_19.43.54_log.txt [2011/12/16 20:58:41 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_16.12.2011_20.58.38_log.txt [2011/11/27 23:08:20 | 000,103,908 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_27.11.2011_23.05.17_log.txt [2011/11/29 07:14:20 | 000,054,298 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_07.11.22_log.txt [2011/11/29 23:27:39 | 000,046,752 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_23.26.50_log.txt [2011/12/16 21:00:35 | 000,046,376 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_20.59.40_log.txt [2011/12/16 22:53:46 | 000,046,372 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_22.52.02_log.txt [2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif [2007/03/14 08:34:32 | 000,502,170 | ---- | M] () -- C:\wedding.jpg [2008/04/28 15:36:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt < %systemroot%\Fonts\*.com > [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006/06/09 18:41:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2006/06/09 14:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/06/09 14:29:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/06/09 14:29:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > [2011/10/16 11:30:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2007/03/11 10:05:15 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini [2008/12/06 10:42:15 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Go to Next page.URL [2006/06/09 18:48:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf < %USERPROFILE%\Desktop\*.exe > [2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2009/05/27 17:41:21 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sonia Evans\Desktop\setup-spybotsd162.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > [2006/06/18 20:36:43 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\370_gotomypc.exe [2008/11/21 08:33:55 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\gotomypc_370.exe [2007/10/18 14:58:09 | 000,724,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\Java\gotomypc_437.exe [2009/02/05 12:02:03 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Java\javalog.txt < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > [2009/05/26 15:58:31 | 000,563,712 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Sonia Evans\gotomypc_370.exe [2010/01/16 13:55:07 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sonia Evans\gotomypc_533.exe < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2006/09/22 21:04:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Favorites\Desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > [2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > [2011/12/18 21:15:32 | 000,376,832 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Cookies\index.dat < %SystemRoot%\system32\fonts\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "AutoInstallMinorUpdates" = 0 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
  13. LDTate, Ok i have run and rerun the apps in most of the above post. Here is that latest mbam that was run in safemode. It did not find anything. BUT, I am still unable to get into safemode using a usb keyboard or mouse. It will let me F8 to get to the screeen, but then the use stops for the keyboard. I have to use a ps2 keyboard (luckily it is a older motherboard). So it loads and cruises along fairly rapidly until after I log on windows and the desktop pic comes immediately on....it now slows down and then rewrites the screen OR loads an application and closes the application fast and slow enough to see that choppy window closing that occurs on everything else when you close it. I go to my computer and I don't have a CDrom player. But in hardware properties it says it loaded the driver and cant find the drive??? I would really like to know how to see a list of all the stuff that is getting started. I choose enable boot logging at the initial, but I don't know how to find that log. Here is latest mbam. Thanks for your help, we have to be getting really close to finding this thing..... Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8379 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 12/16/2011 9:10:04 PM mbam-log-2011-12-16 (21-10-04).txt Scan type: Quick scan Objects scanned: 171526 Time elapsed: 6 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  14. trouble showing drwebit log it says the log is 95mb in size?!
  15. LDTate, Dr.Webit ran for approximatly 40hrs to finish. It did find several things. I have ran the program twice thus far, but it does take a complete scan several days to complete. As it did run more than 40hrs twice. Each time I got svchost.exe errors?!?! Also this morning with a new bootup, I still do not have a CD drive, something is still loading after the taskbar and before the LANicon. The desktop pic goes blue for about 10-20sec and then it rewrites slowly. My keyboard is mildly delayed as I write this.... here is the drwebit log.
  16. It has been running almost two days.... I saw that it found some stuff (whew) but on each on the two days when i would get home there were svchost.exe errors on the screen. Last night in attempting to clear the errors i clicked the wrong window and it closed drweb, so I had to start over again last night. Will post after the complete is finished hopefully by this evening.
  17. LDTate, recieved another email from AT&T saying that I downloaded "Conflicker" on 12-6-11......?!?!?! Can you tell me what was downloaded based on any of these reports? I need to know where this is coming from because the only thing that I have been doing on this computer is trying to get it clean!!! Thanks
  18. LDTate, I still need to remove this "downadup" or "conflicker" or "DEMON FROM HELL"...... What is the next action to get rid of this thing?
  19. Microsoft DiskPart version 5.1.3565 Copyright © 1999-2003 Microsoft Corporation. On computer: HIGHLANDER Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 C NTFS Partition 149 GB Healthy System Volume 1 E NTFS Partition 75 GB Healthy Pagefile
  20. LDTate, Here is latest ESET. However, by this morning, AVG had several hits for Downadup or chmrnuyv[1].jpg or .gif or .png or .bmp This has been seen several times. I have tried to manually delete these programs in safe mode, I have tried fileassassin, plus all your suggested auto runs. Only AVG finds them, and search finds them sometimes also. How can I get rid or this monster? It also appears to be getting more aggressive at stopping me, like it is able to react to which files I delete?! ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3aea3fcff2e40c4883357ca36cc71eca # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-03 03:52:09 # local_time=2011-12-03 10:52:09 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=crash # scanned=134266 # found=13 # cleaned=13 # scan_time=9179 C:\Internet Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C C:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000033.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000034.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E9D7D8E3-0FDA-43D6-93AE-270353452AE6}\RP1\A0000035.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\27.11.2011_23.05.18\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Internet Downloads\Slot Car software\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C E:\Internet Downloads\Toshiba Vista drivers\testmh.exe a variant of Win32/Adware.ErrorRepairPro.A application (deleted - quarantined) 00000000000000000000000000000000 C E:\Lovell Goens\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3aea3fcff2e40c4883357ca36cc71eca # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-04 04:42:21 # local_time=2011-12-03 11:42:21 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=crash # scanned=134266 # found=0 # cleaned=0 # scan_time=7653 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3aea3fcff2e40c4883357ca36cc71eca # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-09 04:17:20 # local_time=2011-12-08 11:17:20 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=crash # scanned=71339 # found=0 # cleaned=0 # scan_time=4337
  21. LDTate, here is latest CFlog. Unable to start firefox now as it says it is already running... Cant go to safe mode becuase keyboard gets locked out on selection screen, but is working on regular boot. something is in my motherboard memory. ComboFix 11-12-06.01 - Sonia Evans 12/07/2011 7:54.16.1 - x86 Running from: c:\internet downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 ))))))))))))))))))))))))))))))) . . 2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET 2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG 2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG 2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-12-02 11:29 . 2011-12-06 08:14 -------- d-----w- c:\windows\system32\drivers\AVG 2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG 2011-12-02 11:23 . 2011-12-06 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs 2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware 2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys + 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys + 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll + 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi + 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= . R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] . . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-07 08:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3812) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Completion time: 2011-12-07 08:04:16 ComboFix-quarantined-files.txt 2011-12-07 13:04 ComboFix2.txt 2011-12-06 01:21 ComboFix3.txt 2011-12-05 03:20 ComboFix4.txt 2011-12-01 03:04 ComboFix5.txt 2011-12-07 12:53 . Pre-Run: 103,019,134,976 bytes free Post-Run: 103,002,116,096 bytes free . - - End Of File - - 9676E12F0296DEB02DECBAFA0A35CB72
  22. I currently have lost my cd/dvd drive and a usb camera... The drivers in hardware are loading but malfunctioning.
  23. It looks to me like the driver services at the beginning of the log is ALL my bad stuff..... yuck! Some of those names have been deleted several times during this process since the beginning... What am I really dealing with?!
  24. LDTate, okay here is my latest combofix log. ComboFix 11-12-05.01 - Sonia Evans 12/05/2011 7:47.15.1 - x86 Running from: c:\internet downloads\ComboFix.exe Command switches used :: c:\internet downloads\CFScript.txt * Created a new restore point . FILE :: "c:\windows\system32\vrcrs.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SRSBIBR -------\Legacy_XDHVIM -------\Legacy_ZFYBFWIE -------\Service_cfimslpn -------\Service_srsbibr -------\Service_xdhvim -------\Service_zfybfwie . . ((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 ))))))))))))))))))))))))))))))) . . 2011-12-03 13:14 . 2011-12-03 13:14 -------- d-----w- c:\program files\ESET 2011-12-02 12:30 . 2011-12-02 12:39 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\AVG 2011-12-02 11:52 . 2011-12-02 11:52 -------- d-----w- C:\$AVG 2011-12-02 11:34 . 2011-12-02 11:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-12-02 11:29 . 2011-12-05 08:04 -------- d-----w- c:\windows\system32\drivers\AVG 2011-12-02 11:29 . 2011-12-02 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-12-02 11:28 . 2011-12-02 12:29 -------- d-----w- c:\program files\AVG 2011-12-02 11:23 . 2011-12-05 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-11-30 05:30 . 2011-11-30 05:30 -------- d-----w- c:\windows\Internet Logs 2011-11-30 04:25 . 2008-04-14 05:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-11-30 04:25 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-11-28 04:07 . 2011-11-28 04:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-11-22 08:49 . 2011-11-29 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-11-21 04:12 . 2011-11-21 04:12 -------- d-sh--w- c:\documents and settings\Sonia Evans\IECompatCache 2011-11-19 15:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\windows\system32\DRVSTORE 2011-11-19 06:05 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\PackageAware 2011-11-19 06:04 . 2011-11-19 06:04 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-11-19 06:04 . 2011-11-19 06:04 -------- d-----w- c:\windows\system32\en 2011-11-14 03:50 . 2011-11-19 05:53 -------- d-----w- c:\program files\DriverGuide DriverScan 2011-11-13 18:42 . 2011-11-13 18:43 -------- d-----w- c:\documents and settings\Sonia Evans\Application Data\Apple Computer 2011-11-13 18:42 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\Sonia Evans\Local Settings\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-19 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2011-11-13 18:41 . 2011-11-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 11:55 . 2011-08-16 10:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-20 11:59 . 2011-10-20 03:28 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot_2011-11-21_05.06.57 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\system32\drivers\avgmfx86.sys + 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-09 23:44 . 2011-11-19 09:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-06-09 23:44 . 2011-11-28 04:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\system32\drivers\avgtdix.sys + 2002-08-29 12:00 . 2008-04-14 09:41 640000 c:\windows\system32\dllcache\dbghelp.dll + 2011-11-22 08:49 . 2011-11-22 08:49 219648 c:\windows\Installer\ef8305.msi + 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2011-12-02 11:29 . 2011-12-02 11:29 4671488 c:\windows\Installer\1a48895.msi + 2011-12-02 11:28 . 2011-12-02 11:28 2186240 c:\windows\Installer\1a48891.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 15:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-02-10 01:56 98304 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 20:32 36864 -c--a-r- c:\windows\system32\VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) "McciCMService"=2 (0x2) "gusvc"=3 (0x3) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "idsvc"=3 (0x3) "AMDFusionSVC"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "VTTimer"=VTTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= . R4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] . . Contents of the 'Scheduled Tasks' folder . 2011-10-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-15 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: rexplorer.net TCP: DhcpNameServer = 192.168.1.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\axuvh315.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4 FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-05 20:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1792) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\System32\locator.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG2012\avgnsx.exe . ************************************************************************** . Completion time: 2011-12-05 20:21:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-06 01:21 ComboFix2.txt 2011-12-05 03:20 ComboFix3.txt 2011-12-01 03:04 ComboFix4.txt 2011-11-30 04:38 ComboFix5.txt 2011-12-05 12:46 . Pre-Run: 103,056,859,136 bytes free Post-Run: 103,000,420,352 bytes free . - - End Of File - - 04154E38C0F1BF5579B57C2875DE0BBA
  25. Also, I could not find a folder named networkservice. Here is where I am trying to find, but it is not there when I look but it shows up as the location of the above virus. documents and settings\networkservice\localsetting\Temporary Internet Files\Content.IE5\3tkun09l or xbqeopjb\chmrnuyv[1].jpg or .gif or .png or .bmp AVG find this as a virus but it not able to delete because they are always "open" and so is that tracking cookie "open"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.