Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]áSuspected continuing infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 20 September 2009 - 06:17 PM

Hello all,
Looking for some help in cleanliness of laptop. Have ran online f-protect, norton anti virus, AVG, Malware bytes, and spybot. Problems continue to exist with every reboot. Can you take a look at this and see what I still need to do?
Thank You very much


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:56 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.micros...b?1253336509843
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel« Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8194 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 20 September 2009 - 06:24 PM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 20 September 2009 - 06:55 PM

Thanks for getting back so quickly...Here are the items as you requested.



DDS (Ver_09-07-30.01) - NTFSx86
Run by kathyt at 19:43:51.60 on Sun 09/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.72 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kathyt\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253336509843
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {cafeefac-0015-0000-0010-abcdeffedcba} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {cafeefac-0016-0000-0015-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kathyt\applic~1\mozilla\firefox\profiles\2t2f6ylj.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://gmail.martin-eng.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-19 335240]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-19 27784]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-19 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-19 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-10-25 3712]
S1 1ce962e3;1ce962e3;c:\windows\system32\drivers\1ce962e3.sys --> c:\windows\system32\drivers\1ce962e3.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-22 66056]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744]

=============== Created Last 30 ================

2009-09-20 19:07 <DIR> --d----- c:\program files\Trend Micro
2009-09-20 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-09-20 12:19 <DIR> --d----- c:\docume~1\kathyt\applic~1\IObit
2009-09-20 12:19 <DIR> --d----- c:\program files\IObit
2009-09-19 16:17 <DIR> --d----- c:\windows\pss
2009-09-19 13:28 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-19 13:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 13:10 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-19 13:10 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 13:10 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-19 13:09 <DIR> --d----- c:\program files\AVG
2009-09-19 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-19 13:09 <DIR> --d----- c:\windows\SxsCaPendDel
2009-09-19 12:59 <DIR> --d----- c:\docume~1\kathyt\applic~1\AVG8
2009-09-19 00:21 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-19 00:21 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-18 21:34 <DIR> --d----- c:\docume~1\kathyt\applic~1\Malwarebytes
2009-09-18 21:33 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 21:33 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-18 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-18 21:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 14:27 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-18 14:27 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-18 14:27 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-18 14:27 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-18 10:57 <DIR> --dsh--- c:\documents and settings\kathyt\PrivacIE
2009-09-18 10:47 <DIR> --dsh--- c:\documents and settings\kathyt\IETldCache
2009-09-18 10:37 100,352 -------- c:\windows\system32\dllcache\iecompat.dll
2009-09-18 10:36 <DIR> --d----- c:\windows\ie8updates
2009-09-18 10:35 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-09-18 10:34 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-09-18 10:30 <DIR> -cd-h--- c:\windows\ie8
2009-09-09 08:14 153,088 -------- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-18 10:48 42,368 a------- c:\windows\system32\drivers\agp440.sys
2009-09-18 10:48 42,368 a------- c:\windows\system32\dllcache\agp440.sys
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 11:12 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-02-20 10:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022020090221\index.dat

============= FINISH: 19:45:07.95 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2006 9:20:49 AM
System Uptime: 9/20/2009 12:58:04 PM (7 hours ago)

Motherboard: Dell Inc. | | 0N8719
Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 25.316 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP916: 6/23/2009 10:13:58 AM - System Checkpoint
RP917: 6/24/2009 10:25:14 AM - System Checkpoint
RP918: 6/25/2009 11:11:21 AM - System Checkpoint
RP919: 6/26/2009 1:02:10 PM - System Checkpoint
RP920: 6/29/2009 9:07:36 AM - System Checkpoint
RP921: 6/30/2009 10:20:40 AM - System Checkpoint
RP922: 7/1/2009 12:50:32 PM - System Checkpoint
RP923: 7/2/2009 2:04:30 PM - System Checkpoint
RP924: 7/6/2009 9:08:59 AM - System Checkpoint
RP925: 7/7/2009 10:46:52 AM - System Checkpoint
RP926: 7/8/2009 11:03:11 AM - System Checkpoint
RP927: 7/9/2009 12:39:56 PM - System Checkpoint
RP928: 7/10/2009 2:39:27 PM - System Checkpoint
RP929: 7/13/2009 9:00:15 AM - System Checkpoint
RP930: 7/14/2009 10:18:48 AM - System Checkpoint
RP931: 7/15/2009 8:24:51 AM - Software Distribution Service 3.0
RP932: 7/15/2009 4:02:26 PM - Software Distribution Service 3.0
RP933: 7/16/2009 4:10:45 PM - System Checkpoint
RP934: 7/20/2009 9:43:48 AM - System Checkpoint
RP935: 7/21/2009 10:18:38 AM - System Checkpoint
RP936: 7/22/2009 1:07:45 PM - System Checkpoint
RP937: 7/23/2009 1:08:09 PM - System Checkpoint
RP938: 7/24/2009 2:40:35 PM - System Checkpoint
RP939: 7/27/2009 9:10:50 AM - System Checkpoint
RP940: 7/28/2009 10:14:07 AM - System Checkpoint
RP941: 7/29/2009 1:27:13 PM - System Checkpoint
RP942: 7/29/2009 4:39:30 PM - Software Distribution Service 3.0
RP943: 7/30/2009 4:40:01 PM - System Checkpoint
RP944: 8/3/2009 9:06:46 AM - System Checkpoint
RP945: 8/4/2009 11:43:05 AM - System Checkpoint
RP946: 8/5/2009 1:03:02 PM - System Checkpoint
RP947: 8/6/2009 2:39:54 PM - System Checkpoint
RP948: 8/10/2009 9:20:21 AM - System Checkpoint
RP949: 8/11/2009 10:13:34 AM - System Checkpoint
RP950: 8/12/2009 10:51:35 AM - System Checkpoint
RP951: 8/12/2009 4:51:29 PM - Software Distribution Service 3.0
RP952: 8/14/2009 9:19:56 AM - System Checkpoint
RP953: 8/17/2009 8:46:53 AM - System Checkpoint
RP954: 8/18/2009 10:17:32 AM - System Checkpoint
RP955: 8/18/2009 4:03:11 PM - Software Distribution Service 3.0
RP956: 8/20/2009 8:37:24 AM - System Checkpoint
RP957: 8/21/2009 9:55:58 AM - System Checkpoint
RP958: 8/24/2009 9:03:12 AM - System Checkpoint
RP959: 8/25/2009 10:43:22 AM - System Checkpoint
RP960: 8/26/2009 10:47:17 AM - System Checkpoint
RP961: 8/26/2009 4:40:57 PM - Software Distribution Service 3.0
RP962: 8/28/2009 9:08:17 AM - System Checkpoint
RP963: 8/31/2009 9:29:18 AM - System Checkpoint
RP964: 9/1/2009 10:19:42 AM - System Checkpoint
RP965: 9/2/2009 11:21:33 AM - System Checkpoint
RP966: 9/3/2009 12:24:04 PM - System Checkpoint
RP967: 9/4/2009 2:13:42 PM - System Checkpoint
RP968: 9/8/2009 8:52:06 AM - System Checkpoint
RP969: 9/9/2009 9:01:15 AM - System Checkpoint
RP970: 9/9/2009 4:54:05 PM - Software Distribution Service 3.0
RP971: 9/11/2009 9:29:30 AM - System Checkpoint
RP972: 9/14/2009 8:56:27 AM - System Checkpoint
RP973: 9/15/2009 10:37:14 AM - System Checkpoint
RP974: 9/16/2009 12:25:31 PM - System Checkpoint
RP975: 9/17/2009 12:41:26 PM - System Checkpoint
RP976: 9/18/2009 10:23:20 AM - Software Distribution Service 3.0
RP977: 9/19/2009 12:16:42 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP978: 9/19/2009 12:21:03 AM - Installed Java™ 6 Update 15
RP979: 9/19/2009 1:09:38 PM - Installed AVG Free 8.5
RP980: 9/20/2009 12:15:38 PM - Removed Symantec AntiVirus
RP981: 9/20/2009 12:21:21 PM - Advanced SystemCare RestorePoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Reader 7.0.8
Adobe Reader 8.1.1
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe« Photoshop« Album Starter Edition 3.2
Advanced SystemCare 3
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 8.5
Broadcom Management Programs 2
Business Contact Manager for Outlook 2003
CDDRV_Installer
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Digital Line Detect
EZ Tools 3.1.3
getPlus®_ocx
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
GroupWise
GroupWise Internet Browser Mail Integration
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 15
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.14)
mPfMgr
mPfWiz
mProSafe
MSN Messenger 7.5
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
PowerDVD 5.1
QuickSet
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Smart Defrag 1.20
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows NT Messaging
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/20/2009 6:41:41 PM, error: PSched [14103] - QoS [Adapter {0F3AD8B9-BFFB-4017-916E-DD619CB6CCEC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
9/19/2009 9:30:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/19/2009 3:39:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/19/2009 3:37:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/19/2009 3:30:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgldx86 avgmfx86 avgtdix eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip
9/19/2009 3:30:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 3:30:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 3:30:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 3:30:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 3:30:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2009 3:15:20 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\agp440.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
9/19/2009 12:19:52 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
9/19/2009 12:00:35 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/19/2009 1:08:18 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MIKE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D1BEED5-D34E-4349-A. The master browser is stopping or an election is being forced.
9/18/2009 2:37:46 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/18/2009 2:37:46 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/16/2009 12:02:18 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEF5A7CE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/16/2009 12:01:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0013CEF5A7CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-20 19:52:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\kathyt\LOCALS~1\Temp\kwrcaaog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A8B78D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 20 September 2009 - 07:11 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 20 September 2009 - 08:17 PM

So far so good... here is the file you requested....


ComboFix 09-09-18.02 - kathyt 09/20/2009 21:02.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.233 [GMT -5:00]
Running from: c:\documents and settings\kathyt\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\b63488.msp

.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-21 00:41 . 2009-09-21 00:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-21 00:07 . 2009-09-21 00:07 -------- d-----w- c:\program files\Trend Micro
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-20 17:19 . 2009-09-20 17:20 -------- d-----w- c:\documents and settings\kathyt\Application Data\IObit
2009-09-20 17:19 . 2009-09-20 17:20 -------- d-----w- c:\program files\IObit
2009-09-20 02:29 . 2009-09-20 02:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-20 00:11 . 2009-09-20 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-19 22:52 . 2009-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-19 21:09 . 2009-09-19 21:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-19 18:28 . 2009-09-20 17:58 -------- d-----w- C:\$AVG8.VAULT$
2009-09-19 18:10 . 2009-09-19 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-19 18:10 . 2009-09-19 18:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 18:10 . 2009-09-19 18:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 18:10 . 2009-09-19 18:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-19 18:10 . 2009-09-20 17:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\program files\AVG
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-19 17:59 . 2009-09-19 17:59 -------- d-----w- c:\documents and settings\kathyt\Application Data\AVG8
2009-09-19 05:21 . 2009-09-19 05:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 02:34 . 2009-09-19 02:34 -------- d-----w- c:\documents and settings\kathyt\Application Data\Malwarebytes
2009-09-19 02:33 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 02:33 . 2009-09-19 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 02:33 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 02:33 . 2009-09-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 15:57 . 2009-09-18 15:57 -------- d-sh--w- c:\documents and settings\kathyt\PrivacIE
2009-09-18 15:48 . 2009-09-18 15:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-18 15:47 . 2009-09-18 15:47 -------- d-sh--w- c:\documents and settings\kathyt\IETldCache
2009-09-18 15:37 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-18 15:36 . 2009-09-18 15:37 -------- d-----w- c:\windows\ie8updates
2009-09-18 15:35 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-18 15:34 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-18 15:30 . 2009-09-18 15:34 -------- dc-h--w- c:\windows\ie8
2009-09-09 13:14 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 17:26 . 2006-01-09 17:13 -------- d-----w- c:\documents and settings\kathyt\Application Data\Lavasoft
2009-09-20 17:18 . 2006-01-09 15:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-20 17:17 . 2006-01-09 15:52 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-20 17:17 . 2006-01-09 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-20 02:35 . 2005-12-22 22:40 -------- d-----w- c:\program files\Java
2009-09-20 02:33 . 2009-05-08 17:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-20 02:31 . 2007-03-26 00:52 -------- d-----w- c:\program files\BFG
2009-09-19 17:39 . 2006-01-09 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 05:18 . 2006-01-09 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 15:48 . 2004-08-11 23:08 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-11 23:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-11 23:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-11 23:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-11 23:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-11 23:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-19 2007832]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-19 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Novell\\GroupWise\\GrpWise.exe"=
"c:\\Novell\\GroupWise\\Notify.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/19/2009 1:10 PM 335240]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/19/2009 1:10 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/19/2009 1:09 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/25/2007 9:07 AM 3712]
S1 1ce962e3;1ce962e3;c:\windows\system32\drivers\1ce962e3.sys --> c:\windows\system32\drivers\1ce962e3.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/22/2009 12:04 PM 66056]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/22/2005 5:55 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-20 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-20 14:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kathyt\Application Data\Mozilla\Firefox\Profiles\2t2f6ylj.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://gmail.martin-eng.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 21:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-09-21 21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-21 02:12

Pre-Run: 27,125,870,592 bytes free
Post-Run: 27,572,764,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

208

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 02:31 AM

Hi,

Can you advise the status of your security programs.

You are showing several AV's on your system
AVG8
Iobit
Symantec
F-Secure
TrendMicro


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Suspected_continuing_infection_t107101.html&view=findpost&p=597743#entry597743

Collect::
c:\windows\system32\drivers\1ce962e3.sys

Driver::
1ce962e3

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT::


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • ComboFix Log
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 24 September 2009 - 03:41 PM

Thanks for your attentive help.
Here are the last scans you had requested. The only thing was Kaspersky did not find anything and did not give me a report.
Also there was multiple antivirus on this machine the only ones that are installed anymore are the AVG and the IOBIT.
I uninstalled the others and it left the registries in the system. I am apprehensive to edit out the entries from the registry.

Thanks again

ComboFix 09-09-18.02 - kathyt 09/24/2009 9:43.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.162 [GMT -5:00]
Running from: c:\documents and settings\kathyt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kathyt\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_1ce962e3


((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-21 20:54 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-21 04:22 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-21 03:57 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 03:56 . 2009-09-21 03:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 03:55 . 2009-09-21 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-21 03:55 . 2009-09-21 03:55 -------- d-----w- c:\program files\Lavasoft
2009-09-21 03:20 . 2009-09-21 03:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-21 00:41 . 2009-09-21 00:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-21 00:07 . 2009-09-21 00:07 -------- d-----w- c:\program files\Trend Micro
2009-09-20 21:44 . 2009-09-20 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-20 17:19 . 2009-09-20 17:20 -------- d-----w- c:\documents and settings\kathyt\Application Data\IObit
2009-09-20 17:19 . 2009-09-20 17:20 -------- d-----w- c:\program files\IObit
2009-09-20 02:29 . 2009-09-20 02:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-20 00:11 . 2009-09-20 00:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-09-19 22:52 . 2009-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-19 21:09 . 2009-09-19 21:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-19 18:28 . 2009-09-22 17:06 -------- d-----w- C:\$AVG8.VAULT$
2009-09-19 18:10 . 2009-09-19 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-19 18:10 . 2009-09-19 18:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-19 18:10 . 2009-09-19 18:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-19 18:10 . 2009-09-19 18:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-19 18:10 . 2009-09-24 13:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\program files\AVG
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-19 18:09 . 2009-09-19 18:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-19 17:59 . 2009-09-19 17:59 -------- d-----w- c:\documents and settings\kathyt\Application Data\AVG8
2009-09-19 05:21 . 2009-09-19 05:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-19 02:34 . 2009-09-19 02:34 -------- d-----w- c:\documents and settings\kathyt\Application Data\Malwarebytes
2009-09-19 02:33 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 02:33 . 2009-09-19 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 02:33 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 02:33 . 2009-09-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-09-18 19:27 . 2009-09-18 19:27 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-09-18 19:16 . 2009-09-18 19:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-18 15:57 . 2009-09-18 15:57 -------- d-sh--w- c:\documents and settings\kathyt\PrivacIE
2009-09-18 15:48 . 2009-09-18 15:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-18 15:47 . 2009-09-18 15:47 -------- d-sh--w- c:\documents and settings\kathyt\IETldCache
2009-09-18 15:37 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-18 15:36 . 2009-09-18 15:37 -------- d-----w- c:\windows\ie8updates
2009-09-18 15:35 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-18 15:34 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-18 15:30 . 2009-09-18 15:34 -------- dc-h--w- c:\windows\ie8
2009-09-09 13:14 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 21:53 . 2006-01-09 16:25 73080 ----a-w- c:\documents and settings\kathyt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 17:26 . 2006-01-09 17:13 -------- d-----w- c:\documents and settings\kathyt\Application Data\Lavasoft
2009-09-20 17:18 . 2006-01-09 15:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-20 17:17 . 2006-01-09 15:52 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-20 17:17 . 2006-01-09 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-20 02:35 . 2005-12-22 22:40 -------- d-----w- c:\program files\Java
2009-09-20 02:33 . 2009-05-08 17:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-20 02:31 . 2007-03-26 00:52 -------- d-----w- c:\program files\BFG
2009-09-19 17:39 . 2006-01-09 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 05:18 . 2006-01-09 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-18 15:48 . 2004-08-11 23:08 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-11 23:00 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-21_02.09.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-09-24 13:39 . 2009-09-24 13:39 16384 c:\windows\Temp\Perflib_Perfdata_388.dat
- 2009-09-20 17:28 . 2009-09-20 17:28 16384 c:\windows\Temp\Perflib_Perfdata_284.dat
+ 2009-09-24 14:50 . 2009-09-24 14:50 16384 c:\windows\Temp\Perflib_Perfdata_284.dat
+ 2009-09-24 14:50 . 2009-09-24 14:50 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
+ 2005-12-22 22:48 . 2007-04-09 18:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2005-12-22 22:48 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2005-12-22 22:48 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2005-12-22 22:48 . 2007-04-09 18:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-23 00:17 . 2007-03-23 00:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2009-09-21 03:57 . 2009-07-03 14:49 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2005-12-22 22:48 . 2009-09-21 03:39 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 23040 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 61440 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 27136 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 11264 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 12288 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 23:07 . 2007-03-22 23:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 23:07 . 2007-03-22 23:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 40972 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2001-10-23 06:13 . 2001-10-23 06:13 53260 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 65536 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 18844 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 34168 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-03-22 23:07 . 2007-03-22 23:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2003-01-17 20:03 . 2003-01-17 20:03 59466 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2005-12-22 22:47 . 2005-12-22 22:47 64088 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2002-10-07 15:49 . 2002-10-07 15:49 81983 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 04:57 . 2003-07-15 04:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 04:44 . 2003-07-15 04:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2002-10-07 15:49 . 2002-10-07 15:49 81984 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 03:54 . 2003-05-09 03:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 04:42 . 2003-07-15 04:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 04:40 . 2003-07-15 04:40 51256 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-15 09:18 . 2003-07-15 09:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 04:43 . 2003-07-15 04:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 35448 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 20080 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 23:31 . 2003-06-18 23:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 04:45 . 2003-07-15 04:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 04:45 . 2003-07-15 04:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 04:46 . 2003-07-15 04:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 55872 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 04:44 . 2003-07-15 04:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 04:51 . 2003-07-15 04:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 05:12 . 2003-07-15 05:12 47872 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 04:41 . 2003-07-15 04:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 04:57 . 2003-07-15 04:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 04:56 . 2003-07-15 04:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2009-09-21 03:23 . 2009-09-21 03:23 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2005-12-22 22:48 . 2006-01-10 13:58 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 4096 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-06-18 23:31 . 2003-06-18 23:31 6144 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-12-22 22:48 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2005-12-22 22:48 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-08-11 23:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 23:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 23:06 . 2009-09-21 04:00 758536 c:\windows\system32\FNTCACHE.DAT
- 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-21 03:55 . 2009-09-21 03:55 236032 c:\windows\Installer\309238.msi
+ 2009-09-21 03:28 . 2009-09-21 03:28 119296 c:\windows\Installer\1062c9.msi
+ 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\1062af.msp
+ 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\10629b.msp
+ 2009-09-21 03:26 . 2009-09-21 03:27 248832 c:\windows\Installer\106288.msi
+ 2009-09-21 03:20 . 2009-09-21 03:20 470528 c:\windows\Installer\1060a4.msi
+ 2005-12-22 22:48 . 2009-09-21 03:39 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 409600 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 286720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 249856 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 794624 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 135168 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-12-22 22:48 . 2006-01-10 13:58 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-12-22 22:48 . 2009-09-21 03:39 593920 c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-03-22 23:22 . 2007-03-22 23:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2009-09-21 03:23 . 2009-09-21 03:23 464272 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2005-05-04 07:06 . 2005-05-04 07:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-04 07:06 . 2005-05-04 07:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 19:09 . 2007-04-19 19:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 289926 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2005-12-22 22:47 . 2005-12-22 22:47 662120 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 221252 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2002-10-07 15:50 . 2002-10-07 15:50 118847 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 102467 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 147520 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 180289 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 15:50 . 2002-10-07 15:50 241729 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 15:53 . 2002-10-07 15:53 106561 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 17:46 . 2003-07-21 17:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 211568 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
+ 2002-10-07 16:11 . 2002-10-07 16:11 167997 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 223856 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 461416 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 408176 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-15 04:44 . 2003-07-15 04:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 09:14 . 2003-07-15 09:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 223800 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 05:00 . 2003-07-15 05:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:02 . 2003-07-15 05:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 22:05 . 2003-06-19 22:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-06-19 22:05 . 2003-06-19 22:05 128104 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-18 23:31 . 2003-06-18 23:31 788480 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-07-15 09:18 . 2003-07-15 09:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 124480 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 04:46 . 2003-07-15 04:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 23:31 . 2003-06-18 23:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 141928 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-15 04:40 . 2003-07-15 04:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 04:40 . 2003-07-15 04:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 371296 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2002-10-07 15:49 . 2002-10-07 15:49 192573 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 997992 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
+ 2009-09-21 02:59 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-21 02:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-21 02:59 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-09-21 03:22 . 2009-09-21 03:22 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-09-21 03:23 . 2009-09-21 03:23 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-09-21 03:39 . 2009-09-21 03:39 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2009-09-21 03:23 . 2009-09-21 03:23 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\system32\FM20.DLL
+ 2009-09-21 03:56 . 2009-09-21 03:56 1859072 c:\windows\Installer\30923f.msi
+ 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\1063ad.msp
+ 2009-04-23 22:57 . 2009-04-23 22:57 7672832 c:\windows\Installer\106396.msp
+ 2009-05-12 18:01 . 2009-05-12 18:01 6818816 c:\windows\Installer\106382.msp
+ 2009-05-01 20:49 . 2009-05-01 20:49 4328960 c:\windows\Installer\10636e.msp
+ 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\106359.msp
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\106345.msp
+ 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\106305.msp
+ 2008-07-08 16:27 . 2008-07-08 16:27 8436736 c:\windows\Installer\1062c3.msp
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\106132.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\10611b.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\1060f1.msp
+ 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\1060c9.msp
+ 2007-05-31 18:35 . 2007-05-31 18:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 18:45 . 2007-05-10 18:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 18:10 . 2007-03-14 18:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2005-05-04 07:06 . 2005-05-04 07:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2003-04-30 17:52 . 2003-04-30 17:52 1581120 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2002-10-07 16:03 . 2002-10-07 16:03 1794113 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-07-15 05:05 . 2003-07-15 05:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-11 08:15 . 2003-07-11 08:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2005-12-22 22:47 . 2005-12-22 22:47 1100392 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2009-09-21 03:23 . 2009-09-21 03:23 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-09-21 03:22 . 2009-09-21 03:22 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\1063ae.msp
+ 2008-08-13 19:49 . 2008-08-13 19:49 11816960 c:\windows\Installer\10632d.msp
+ 2008-07-30 13:50 . 2008-07-30 13:50 12506112 c:\windows\Installer\106319.msp
+ 2008-07-08 15:09 . 2008-07-08 15:09 11887616 c:\windows\Installer\1062f0.msp
+ 2008-06-04 18:29 . 2008-06-04 18:29 16905728 c:\windows\Installer\1062dc.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\1060dd.msp
+ 2007-05-31 18:37 . 2007-05-31 18:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 22:16 . 2007-06-18 22:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 18:41 . 2007-05-31 18:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\106282.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-19 2007832]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-19 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Novell\\GroupWise\\GrpWise.exe"=
"c:\\Novell\\GroupWise\\Notify.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/20/2009 10:57 PM 64160]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/19/2009 1:10 PM 335240]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/19/2009 1:10 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/19/2009 1:09 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/25/2007 9:07 AM 3712]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/22/2009 12:04 PM 66056]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/22/2005 5:55 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kathyt\Application Data\Mozilla\Firefox\Profiles\2t2f6ylj.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://gmail.martin-eng.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 09:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3048)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-09-24 9:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 14:55




ComboFix2.txt 2009-09-21 02:12

Pre-Run: 26,206,707,712 bytes free
Post-Run: 26,212,663,296 bytes free

436 --- E O F --- 2009-09-21 03:30











Malwarebytes' Anti-Malware 1.41
Database version: 2854
Windows 5.1.2600 Service Pack 3

9/24/2009 11:02:15 AM
mbam-log-2009-09-24 (11-02-15).txt

Scan type: Quick Scan
Objects scanned: 101213
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 24 September 2009 - 04:37 PM

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 28 September 2009 - 09:30 AM

Thanks again for all of your h elp Things appear to be running ok. Here are the txt files you requested. DDS (Ver_09-09-24.01) - NTFSx86 Run by kathyt at 10:27:43.98 on Mon 09/28/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.134 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\kathyt\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.dell.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253336509843 DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {cafeefac-0015-0000-0010-abcdeffedcba} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {cafeefac-0016-0000-0015-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kathyt\applic~1\mozilla\firefox\profiles\2t2f6ylj.default\ FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://gmail.martin-eng.com/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-20 64160] R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-19 335240] R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-19 27784] R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-19 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-19 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-10-25 3712] S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-7-22 66056] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-22 29744] =============== Created Last 30 ================ 2009-09-21 15:54 268,648 a------- c:\windows\system32\mucltui.dll 2009-09-21 15:54 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-09-20 23:22 15,688 a------- c:\windows\system32\lsdelete.exe 2009-09-20 22:57 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-09-20 22:56 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-20 22:55 <DIR> --d----- c:\program files\Lavasoft 2009-09-20 22:20 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-09-20 21:01 <DIR> a-dshr-- C:\cmdcons 2009-09-20 20:59 229,888 a------- c:\windows\PEV.exe 2009-09-20 20:59 161,792 a------- c:\windows\SWREG.exe 2009-09-20 20:59 98,816 a------- c:\windows\sed.exe 2009-09-20 19:07 <DIR> --d----- c:\program files\Trend Micro 2009-09-20 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-09-20 12:19 <DIR> --d----- c:\docume~1\kathyt\applic~1\IObit 2009-09-20 12:19 <DIR> --d----- c:\program files\IObit 2009-09-19 16:17 <DIR> --d----- c:\windows\pss 2009-09-19 13:28 <DIR> --d----- C:\$AVG8.VAULT$ 2009-09-19 13:10 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-09-19 13:10 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-09-19 13:10 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-09-19 13:10 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-19 13:09 <DIR> --d----- c:\program files\AVG 2009-09-19 13:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-09-19 13:09 <DIR> --d----- c:\windows\SxsCaPendDel 2009-09-19 12:59 <DIR> --d----- c:\docume~1\kathyt\applic~1\AVG8 2009-09-19 00:21 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-19 00:21 73,728 a------- c:\windows\system32\javacpl.cpl 2009-09-18 21:34 <DIR> --d----- c:\docume~1\kathyt\applic~1\Malwarebytes 2009-09-18 21:33 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-18 21:33 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-18 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-18 21:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-18 14:27 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-09-18 14:27 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-09-18 14:27 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-09-18 14:27 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-09-18 10:57 <DIR> --dsh--- c:\documents and settings\kathyt\PrivacIE 2009-09-18 10:47 <DIR> --dsh--- c:\documents and settings\kathyt\IETldCache 2009-09-18 10:37 100,352 -------- c:\windows\system32\dllcache\iecompat.dll 2009-09-18 10:36 <DIR> --d----- c:\windows\ie8updates 2009-09-18 10:35 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-09-18 10:34 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-09-18 10:30 <DIR> -cd-h--- c:\windows\ie8 2009-09-09 08:14 153,088 -------- c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-09-18 10:48 42,368 a------- c:\windows\system32\dllcache\agp440.sys 2009-09-18 10:48 42,368 -------- c:\windows\system32\drivers\agp440.sys 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll 2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll 2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll 2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll 2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll 2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll 2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll 2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll 2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll 2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 10:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022020090221\index.dat ============= FINISH: 10:28:33.59 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-24.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/9/2006 9:20:49 AM System Uptime: 9/28/2009 8:06:39 AM (2 hours ago) Motherboard: Dell Inc. | | 0N8719 Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1054/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 24.311 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP921: 6/30/2009 10:20:40 AM - System Checkpoint RP922: 7/1/2009 12:50:32 PM - System Checkpoint RP923: 7/2/2009 2:04:30 PM - System Checkpoint RP924: 7/6/2009 9:08:59 AM - System Checkpoint RP925: 7/7/2009 10:46:52 AM - System Checkpoint RP926: 7/8/2009 11:03:11 AM - System Checkpoint RP927: 7/9/2009 12:39:56 PM - System Checkpoint RP928: 7/10/2009 2:39:27 PM - System Checkpoint RP929: 7/13/2009 9:00:15 AM - System Checkpoint RP930: 7/14/2009 10:18:48 AM - System Checkpoint RP931: 7/15/2009 8:24:51 AM - Software Distribution Service 3.0 RP932: 7/15/2009 4:02:26 PM - Software Distribution Service 3.0 RP933: 7/16/2009 4:10:45 PM - System Checkpoint RP934: 7/20/2009 9:43:48 AM - System Checkpoint RP935: 7/21/2009 10:18:38 AM - System Checkpoint RP936: 7/22/2009 1:07:45 PM - System Checkpoint RP937: 7/23/2009 1:08:09 PM - System Checkpoint RP938: 7/24/2009 2:40:35 PM - System Checkpoint RP939: 7/27/2009 9:10:50 AM - System Checkpoint RP940: 7/28/2009 10:14:07 AM - System Checkpoint RP941: 7/29/2009 1:27:13 PM - System Checkpoint RP942: 7/29/2009 4:39:30 PM - Software Distribution Service 3.0 RP943: 7/30/2009 4:40:01 PM - System Checkpoint RP944: 8/3/2009 9:06:46 AM - System Checkpoint RP945: 8/4/2009 11:43:05 AM - System Checkpoint RP946: 8/5/2009 1:03:02 PM - System Checkpoint RP947: 8/6/2009 2:39:54 PM - System Checkpoint RP948: 8/10/2009 9:20:21 AM - System Checkpoint RP949: 8/11/2009 10:13:34 AM - System Checkpoint RP950: 8/12/2009 10:51:35 AM - System Checkpoint RP951: 8/12/2009 4:51:29 PM - Software Distribution Service 3.0 RP952: 8/14/2009 9:19:56 AM - System Checkpoint RP953: 8/17/2009 8:46:53 AM - System Checkpoint RP954: 8/18/2009 10:17:32 AM - System Checkpoint RP955: 8/18/2009 4:03:11 PM - Software Distribution Service 3.0 RP956: 8/20/2009 8:37:24 AM - System Checkpoint RP957: 8/21/2009 9:55:58 AM - System Checkpoint RP958: 8/24/2009 9:03:12 AM - System Checkpoint RP959: 8/25/2009 10:43:22 AM - System Checkpoint RP960: 8/26/2009 10:47:17 AM - System Checkpoint RP961: 8/26/2009 4:40:57 PM - Software Distribution Service 3.0 RP962: 8/28/2009 9:08:17 AM - System Checkpoint RP963: 8/31/2009 9:29:18 AM - System Checkpoint RP964: 9/1/2009 10:19:42 AM - System Checkpoint RP965: 9/2/2009 11:21:33 AM - System Checkpoint RP966: 9/3/2009 12:24:04 PM - System Checkpoint RP967: 9/4/2009 2:13:42 PM - System Checkpoint RP968: 9/8/2009 8:52:06 AM - System Checkpoint RP969: 9/9/2009 9:01:15 AM - System Checkpoint RP970: 9/9/2009 4:54:05 PM - Software Distribution Service 3.0 RP971: 9/11/2009 9:29:30 AM - System Checkpoint RP972: 9/14/2009 8:56:27 AM - System Checkpoint RP973: 9/15/2009 10:37:14 AM - System Checkpoint RP974: 9/16/2009 12:25:31 PM - System Checkpoint RP975: 9/17/2009 12:41:26 PM - System Checkpoint RP976: 9/18/2009 10:23:20 AM - Software Distribution Service 3.0 RP977: 9/19/2009 12:16:42 AM - Removed J2SE Runtime Environment 5.0 Update 6 RP978: 9/19/2009 12:21:03 AM - Installed Java™ 6 Update 15 RP979: 9/19/2009 1:09:38 PM - Installed AVG Free 8.5 RP980: 9/20/2009 12:15:38 PM - Removed Symantec AntiVirus RP981: 9/20/2009 12:21:21 PM - Advanced SystemCare RestorePoint RP982: 9/20/2009 9:57:33 PM - Software Distribution Service 3.0 RP983: 9/20/2009 10:19:59 PM - Software Distribution Service 3.0 RP984: 9/20/2009 10:26:49 PM - Software Distribution Service 3.0 RP985: 9/20/2009 10:36:30 PM - Software Distribution Service 3.0 RP986: 9/21/2009 9:49:00 AM - Avg8 Update RP987: 9/22/2009 10:50:21 AM - System Checkpoint RP988: 9/23/2009 2:42:30 PM - System Checkpoint RP989: 9/24/2009 3:55:21 PM - System Checkpoint RP990: 9/25/2009 4:43:40 PM - System Checkpoint RP991: 9/28/2009 8:52:23 AM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0 Standard Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 6.0.1 Adobe Reader 7.0.8 Adobe Reader 8.1.1 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe« Photoshop« Album Starter Edition 3.2 Advanced SystemCare 3 ALPS Touch Pad Driver Apple Mobile Device Support Apple Software Update Ask Toolbar AVG Free 8.5 Broadcom Management Programs 2 Business Contact Manager for Outlook 2003 CDDRV_Installer Conexant D110 MDC V.9x Modem Critical Update for Windows Media Player 11 (KB959772) Digital Line Detect EZ Tools 3.1.3 getPlus®_ocx Google AFE Google Desktop Google Toolbar for Internet Explorer GroupWise GroupWise Internet Browser Mail Integration HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Intel® Graphics Media Accelerator Driver for Mobile Intel® PROSet/Wireless Software Internal Network Card Power Management J2SE Runtime Environment 5.0 Update 10 Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 15 KhalInstallWrapper Logitech SetPoint Malwarebytes' Anti-Malware mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable mIWA mIWCA mLogView mMHouse Modem Helper Mozilla Firefox (3.0.14) mPfMgr mPfWiz mProSafe MSN Messenger 7.5 mSSO MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) mToolkit mWlsSafe mXML mZConfig NetWaiting OGA Notifier 2.0.0048.0 PowerDVD 5.1 QuickSet QuickTime Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Smart Defrag 1.20 Sonic DLA Sonic RecordNow! Plus Sonic Update Manager Update for Windows Internet Explorer 8 (KB973874) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows NT Messaging Windows XP Service Pack 3 Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 9/24/2009 9:42:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 9/24/2009 9:42:20 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 9/24/2009 9:42:20 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 9/21/2009 11:52:17 AM, error: PSched [14103] - QoS [Adapter {0F3AD8B9-BFFB-4017-916E-DD619CB6CCEC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED. 9/21/2009 1:52:07 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEF5A7CE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 9/21/2009 1:50:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0013CEF5A7CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). ==== End Of File ===========================

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 28 September 2009 - 09:47 AM

Hi,

You are clean, just some housekeeping to do now.

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)

NEXT

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If any logs remain after using this tool > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#11 Lifesvr525

Lifesvr525

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 30 September 2009 - 09:22 AM

Once more thank you for all of your help. I truly appreciate your detailed assistance. Excellent job.... Thanks'

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 30 September 2009 - 10:39 AM

You are more than welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 30 September 2009 - 10:39 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users