WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Infection Removal - USB drivers - XP SP updates

Started by cklenertz , Oct 31 2009 04:16 PM

This topic is locked

45 replies to this topic

#1 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 31 October 2009 - 04:16 PM

Good afternoon, I am using AVG antivirus free version. I believe I picked up a virus. Initially, I was unable to do an antivirus or malware scan or run any kind of Windows Updates. I used the XP repair tool from my XP disk, since the only other time I got infected a couple years ago, that worked well. After running the repair tool, I went to MS website to download the appropriate updates. When I ran SP 1a it took out my USB ports and I was unable to download SP2, so I rebooted. During the POST the mouse was alive but when the XP login screen appeared the mouse was dead. I put up a post and it was suggested that I rerun the repair tool. Did that and have had the same results. I am unable to update via the MS website (when I try to initiate the search for appropriate updates it tells me I don't have permission to view the directory or page using the credentials I supplied) and I have my USB ports are dead. I have gone to my mobo site and used the install disk to attempt to download the drivers to no avail. I have included a HiJack This logfile from 10/19/09 done after the first repair as well as all other documentation requested in the New Members page. Obviously any assistance would be greatly appreciated. Thank you. Kevin

Attached Files

Hijack_Analysis_Report_10_19_09__4_.txt 11.72KB 269 downloads
10_31_09_startuplist.txt 11.35KB 1343 downloads
10_31_09_Root_Repeal.txt 37.52KB 414 downloads
Attach_10_31_09.txt 15.39KB 1134 downloads
DDS_10_31_09.txt 28.83KB 460 downloads
10_31_09_hijackthis.txt 12.87KB 400 downloads

Edited by cklenertz, 31 October 2009 - 06:13 PM.

Advertisements

Register to Remove

#2 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 05 November 2009 - 12:20 PM

Hi cklenertz,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please don't attach files unless I specifically ask you to. Copy and paste the information please.

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English or the appropriate language...and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Copy and paste the contents of the JavaRa log, in your next reply.

Your Java is out of date.

Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#3 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 11 November 2009 - 12:47 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#4 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 11 November 2009 - 01:54 PM

re-opened at OP's request.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#5 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 11 November 2009 - 02:24 PM

Hey Tomk,
Thanks for reopening the post and taking the time to try to solve my problem.
The logfiles you requested follow.

Here is the JavaRa logfile (I had to run it a couple of times because I kept having stability issues with firefox):

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 10 21:20:07 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_10

Found and removed: C:\Program Files\Java\jre-1_5_0_09-windows-i586-p-iftw.exe

Found and removed: C:\Program Files\Java\jre1.5.0_02

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

There was an error removing C:\Program Files\Java\jre1.6.0_07. The error returned was 32.

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_10

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Kevin Lenertz\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142100}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142100}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D411200

Found and removed: SOFTWARE\Classes\JavaPlugin.142_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_10

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D411200

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D411200

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 10 21:21:38 2009

There was an error removing C:\Program Files\Java\jre1.6.0_07. The error returned was 32.

------------------------------------

Finished reporting.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Nov 10 21:55:23 2009

There was an error removing C:\Program Files\Java\jre1.6.0_07. The error returned was 32.

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Nov 11 08:51:15 2009

Found and removed: C:\Program Files\Java\jre1.6.0_07

------------------------------------

Finished reporting.

Here is the MBAM logfile:

Malwarebytes' Anti-Malware 1.41
Database version: 3145
Windows 5.1.2600 Service Pack 2

11/11/2009 8:25:48 AM
mbam-log-2009-11-11 (08-25-48).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 315171
Time elapsed: 1 hour(s), 56 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\enB (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Xtmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\addins\addins (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin Lenertz\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kevin Lenertz\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

End of logfile.

Currently, I am running XP SP2 because when I try to download SP3 it fails to install because it can’t install the catalog files. When I try to update via the MS updates website it tells me “Forbidden: Access is denied. You don’t have permission to view…” The USB port issue finally got resolved. I was unable to install the drivers but just prior to posting this message I tried again and they installed. Perhaps running MBAM cleared that hurdle.

Kevin

#6 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 11 November 2009 - 02:33 PM

cklenertz,

Mbam found more than I expected. Let's use a bigger gun.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#7 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 11 November 2009 - 08:45 PM

Tomk, Disregard this post. (couldn't figure out how to delete it.)

Edited by cklenertz, 11 November 2009 - 08:53 PM.

#8 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 11 November 2009 - 10:27 PM

cklenertz, OK. I'll disregard. Are you having trouble running Combofix?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#9 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 12 November 2009 - 12:32 AM

Tomk, I have included the ComboFix log file as an attachment. I had a little trouble figuring out how to disable AVG. I think I'm going to go with another AV product. Kevin

Attached Files

ComboFix_log_11_11_09.txt 33.92KB 592 downloads

#10 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 12 November 2009 - 01:14 AM

cklenertz,

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
c:\windows\system32\drivers\alim15411.sys

Folder::
c:\program files\IObit

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-


FCopy::
c:\windows\ServicePackFiles\i386\wscntfy.exe | c:\windows\system32\wscntfy.exe
c:\windows\ServicePackFiles\i386\xmlprov.dll | c:\windows\system32\xmlprov.dll
c:\windows\ServicePackFiles\i386\ip6fw.sys | c:\windows\system32\drivers\ip6fw.sys

Driver::
alim15411
iatmunin
hpdjaio

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#11 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 12 November 2009 - 08:50 PM

Tomk,
As always, thanks for your time.

Kevin
Here's the new ComboFix log file:

ComboFix 09-11-13.04 - Kevin Lenertz 11/12/2009 18:07.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1100 [GMT -8:00]
Running from: c:\documents and settings\Kevin Lenertz\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin Lenertz\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\drivers\alim15411.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe
c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\Advanced SystemCare 3\AWCInit.exe
c:\program files\IObit\Advanced SystemCare 3\AwcSchedule.dll
c:\program files\IObit\Advanced SystemCare 3\ContextMenu.exe
c:\program files\IObit\Advanced SystemCare 3\CookiesBK.pln
c:\program files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
c:\program files\IObit\Advanced SystemCare 3\Def.dbd
c:\program files\IObit\Advanced SystemCare 3\ESR.exe
c:\program files\IObit\Advanced SystemCare 3\EULA.rtf
c:\program files\IObit\Advanced SystemCare 3\FFSweep.dll
c:\program files\IObit\Advanced SystemCare 3\FileSweep.dll
c:\program files\IObit\Advanced SystemCare 3\Help.html
c:\program files\IObit\Advanced SystemCare 3\IEFavBK.pln
c:\program files\IObit\Advanced SystemCare 3\Images\care.png
c:\program files\IObit\Advanced SystemCare 3\Images\ds.png
c:\program files\IObit\Advanced SystemCare 3\Images\home.png
c:\program files\IObit\Advanced SystemCare 3\Images\mw.png
c:\program files\IObit\Advanced SystemCare 3\Images\tips.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\tips2.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\ut.png
c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Language\Albanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Brasil.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseSimp.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseTrad.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Czech.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dansk.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dutch.lng
c:\program files\IObit\Advanced SystemCare 3\Language\English.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Finnish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\French.lng
c:\program files\IObit\Advanced SystemCare 3\Language\German.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hebrew.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hungarian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Italiano.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Japanese.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Korean.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Persian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Polish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Romanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Russian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Spanish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Srpski.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Svenska.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Swedish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Turkish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Ukrainian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Valencian.lng
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\News\bnews.html
c:\program files\IObit\Advanced SystemCare 3\News\Css\bstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\Css\wstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\wnews.html
c:\program files\IObit\Advanced SystemCare 3\NtfsData.dll
c:\program files\IObit\Advanced SystemCare 3\RegeditBK.pln
c:\program files\IObit\Advanced SystemCare 3\Registration.exe
c:\program files\IObit\Advanced SystemCare 3\Routine.dll
c:\program files\IObit\Advanced SystemCare 3\rtl70.bpl
c:\program files\IObit\Advanced SystemCare 3\servicelist_vista.ini
c:\program files\IObit\Advanced SystemCare 3\servicelist_xp.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_BottomLine.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\sqlite3.dll
c:\program files\IObit\Advanced SystemCare 3\STFix.dll
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskChk.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_GameBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ISD.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ShortcutsFixer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_DriverBackUp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_PIeHelp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemBackup.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemFileScan.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_AutoShutDown.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ClonedFilesFinder.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ContextManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_RestoreCenter.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstaller.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_StartUpManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SysInfo.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_WinManager.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.dat
c:\program files\IObit\Advanced SystemCare 3\unins000.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.msg
c:\program files\IObit\Advanced SystemCare 3\Update History.txt
c:\program files\IObit\Advanced SystemCare 3\Update\awc3check.upt
c:\program files\IObit\Advanced SystemCare 3\UpdateLog.txt
c:\program files\IObit\Advanced SystemCare 3\vcl70.bpl
c:\program files\IObit\Advanced SystemCare 3\vclx70.bpl
c:\program files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
c:\program files\IObit\Advanced SystemCare 3\Wizard.exe
c:\program files\IObit\Advanced WindowsCare V2\Backup\IgnoreList.ini
c:\program files\IObit\Advanced WindowsCare V2\Fav.ico
c:\program files\IObit\Advanced WindowsCare V2\Main.ini
c:\program files\IObit\IObit SmartDefrag\EULA.rtf
c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
c:\program files\IObit\IObit SmartDefrag\language\???.lng
c:\program files\IObit\IObit SmartDefrag\language\????.lng
c:\program files\IObit\IObit SmartDefrag\language\?????.lng
c:\program files\IObit\IObit SmartDefrag\language\??????.lng
c:\program files\IObit\IObit SmartDefrag\language\???????.lng
c:\program files\IObit\IObit SmartDefrag\language\?????????.lng
c:\program files\IObit\IObit SmartDefrag\language\Arabic.lng
c:\program files\IObit\IObit SmartDefrag\language\Bahasa Indonesia.lng
c:\program files\IObit\IObit SmartDefrag\language\Czech.lng
c:\program files\IObit\IObit SmartDefrag\language\Danish.lng
c:\program files\IObit\IObit SmartDefrag\language\Deutsch.lng
c:\program files\IObit\IObit SmartDefrag\language\Eesti.lng
c:\program files\IObit\IObit SmartDefrag\language\English.lng
c:\program files\IObit\IObit SmartDefrag\language\Español.lng
c:\program files\IObit\IObit SmartDefrag\language\Finnish.lng
c:\program files\IObit\IObit SmartDefrag\language\Français.lng
c:\program files\IObit\IObit SmartDefrag\language\Hrvatski.lng
c:\program files\IObit\IObit SmartDefrag\language\Italiano.lng
c:\program files\IObit\IObit SmartDefrag\language\Korean.lng
c:\program files\IObit\IObit SmartDefrag\language\Lietuvi?.lng
c:\program files\IObit\IObit SmartDefrag\language\Magyar.lng
c:\program files\IObit\IObit SmartDefrag\language\Nederlands.lng
c:\program files\IObit\IObit SmartDefrag\language\Norwegian.lng
c:\program files\IObit\IObit SmartDefrag\language\Polish.lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese(PT-BR).lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese(PT-PT).lng
c:\program files\IObit\IObit SmartDefrag\language\Portuguese.lng
c:\program files\IObit\IObit SmartDefrag\language\Român.lng
c:\program files\IObit\IObit SmartDefrag\language\Slovenski.lng
c:\program files\IObit\IObit SmartDefrag\language\Svenska.lng
c:\program files\IObit\IObit SmartDefrag\language\Turkish.lng
c:\program files\IObit\IObit SmartDefrag\language\Ukrainian.lng
c:\program files\IObit\IObit SmartDefrag\language\Valencian.lng
c:\program files\IObit\IObit SmartDefrag\language\Vietnamese.lng
c:\program files\IObit\IObit SmartDefrag\NtfsData.dll
c:\program files\IObit\IObit SmartDefrag\SDInit.exe
c:\program files\IObit\IObit SmartDefrag\taskdll.dll
c:\program files\IObit\IObit SmartDefrag\unins000.dat
c:\program files\IObit\IObit SmartDefrag\unins000.exe
c:\program files\IObit\IObit SmartDefrag\unins000.msg
c:\program files\IObit\IObit SmartDefrag\What's new.txt

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\wscntfy.exe --> c:\windows\system32\wscntfy.exe
c:\windows\ServicePackFiles\i386\xmlprov.dll --> c:\windows\system32\xmlprov.dll
c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HPDJAIO
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_alim15411
-------\Service_hpdjaio
-------\Service_iatmunin

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 17:21 . 2009-11-10 20:44 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-12 17:21 . 2009-11-10 20:43 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-12 17:21 . 2009-11-10 20:43 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-12 17:21 . 2009-11-01 01:05 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-12 17:21 . 2009-11-10 20:34 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-12 17:21 . 2009-11-01 01:05 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-12 08:11 . 2009-11-12 08:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-12 06:37 . 2003-08-11 08:07 77824 ----a-r- c:\windows\system32\hpovst08.dll
2009-11-12 06:37 . 2003-08-11 08:07 565248 ----a-r- c:\windows\system32\hpotscl.dll
2009-11-12 06:22 . 2009-11-12 07:13 29261 ----a-w- c:\windows\hpoins03.dat
2009-11-12 00:40 . 2009-11-12 00:40 102007 ----a-w- c:\windows\hpoins04.dat
2009-11-11 23:37 . 2009-11-11 23:37 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\AVG8
2009-11-11 21:06 . 2009-11-11 21:06 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\AVG9
2009-11-11 18:57 . 2009-11-11 18:59 -------- dc-h--w- c:\windows\ie8
2009-11-10 20:45 . 2009-11-01 01:05 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-11-10 20:30 . 2009-11-01 01:05 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-10 20:30 . 2009-11-01 01:05 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-10 20:29 . 2009-11-05 00:49 635664 ----a-w- c:\documents and settings\Kevin Lenertz\Application Data\IObit\Common\TB_Helper.exe
2009-11-10 20:29 . 2009-10-22 03:01 114688 ----a-w- c:\documents and settings\Kevin Lenertz\Application Data\Mozilla\Firefox\Profiles\0zynv3mo.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\npmozax.dll
2009-11-10 20:29 . 2009-10-22 03:01 52224 ----a-w- c:\documents and settings\Kevin Lenertz\Application Data\Mozilla\Firefox\Profiles\0zynv3mo.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-11-01 09:50 . 2009-11-01 01:16 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-01 01:14 . 2009-11-01 01:15 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-01 01:14 . 2009-11-01 01:14 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-01 01:14 . 2009-11-01 01:14 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-01 01:14 . 2009-11-01 01:14 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-01 01:14 . 2009-11-01 01:14 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-01 01:13 . 2009-11-01 01:13 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-01 01:13 . 2009-11-01 01:13 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-01 01:13 . 2009-11-01 01:13 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-01 01:13 . 2009-11-01 01:13 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-01 01:13 . 2009-11-01 01:13 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-01 01:08 . 2009-11-01 01:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-01 01:08 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-01 01:06 . 2009-11-01 01:22 -------- d-----w- C:\$AVG
2009-11-01 01:05 . 2009-11-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-31 21:52 . 2009-10-31 21:59 -------- d-----w- c:\program files\ERUNT
2009-10-28 13:53 . 2009-11-11 19:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-28 06:24 . 2004-08-04 07:56 96768 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-10-27 07:04 . 2009-10-27 07:04 -------- d-----w- c:\windows\ServicePackFiles
2009-10-27 07:00 . 2004-08-04 07:56 54784 ----a-w- c:\windows\system32\npptools.dll
2009-10-27 06:59 . 2004-08-04 07:56 294400 ----a-w- c:\windows\system32\kerberos.dll
2009-10-27 06:58 . 2004-08-04 07:56 20992 ----a-w- c:\windows\system32\fontview.exe
2009-10-27 06:10 . 2001-08-23 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2009-10-27 06:09 . 2001-08-23 12:00 31232 -c--a-w- c:\windows\system32\dllcache\tools.dll
2009-10-27 06:08 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdsyr2.dll
2009-10-27 06:07 . 2001-08-23 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-10-27 05:40 . 2004-08-04 07:56 45568 ----a-w- c:\windows\system32\safrslv.dll
2009-10-27 05:38 . 2004-08-03 21:07 1081112 -c--a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-10-27 05:36 . 2004-08-04 06:07 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-10-27 05:36 . 2004-08-04 06:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-27 05:35 . 2004-08-04 05:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-10-27 05:35 . 2004-08-04 07:56 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-10-27 05:35 . 2004-08-04 05:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-10-27 02:01 . 2004-08-04 06:01 196864 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-10-27 02:01 . 2004-08-04 08:01 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-10-27 02:00 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-27 02:00 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-27 02:00 . 2004-08-04 07:56 146432 ----a-w- c:\windows\system\winspool.drv
2009-10-27 02:00 . 2004-08-04 06:00 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-10-27 02:00 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-27 02:00 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-25 19:20 . 2004-08-04 07:56 9728 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll
2009-10-25 19:20 . 2004-08-04 07:56 9728 ------w- c:\windows\system32\rwnh.dll
2009-10-25 19:20 . 2004-08-04 07:56 221696 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll
2009-10-25 18:21 . 2007-05-24 13:20 408064 -c--a-w- c:\windows\system32\dllcache\qmgr.dll
2009-10-25 18:21 . 2007-05-24 13:20 408064 ------w- c:\windows\system32\qmgr.dll
2009-10-25 18:21 . 2007-05-24 13:20 18944 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2009-10-25 18:21 . 2007-05-24 13:20 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-10-22 07:55 . 2001-08-23 12:00 28160 -c--a-w- c:\windows\system32\dllcache\msoobe.exe
2009-10-22 07:54 . 2001-08-23 12:00 64512 -c--a-w- c:\windows\system32\dllcache\acctres.dll
2009-10-22 07:54 . 2001-08-23 12:00 64512 ----a-w- c:\windows\system32\acctres.dll
2009-10-22 06:29 . 2002-08-02 02:30 35427 ----a-w- c:\windows\system32\drivers\sisnic.sys
2009-10-22 02:35 . 2001-08-23 12:00 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2009-10-22 02:35 . 2001-08-23 12:00 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2009-10-22 02:35 . 2001-08-23 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2009-10-22 02:35 . 2001-08-23 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2009-10-22 02:35 . 2001-08-23 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2009-10-22 02:35 . 2001-08-23 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2009-10-20 06:48 . 2004-08-04 07:56 189440 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll
2009-10-20 06:48 . 2004-08-04 07:56 10752 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpapi.dll
2009-10-20 06:48 . 2004-08-04 07:56 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-10-20 04:19 . 2009-10-20 04:19 -------- d-----w- c:\program files\Alwil Software
2009-10-20 03:09 . 2009-10-20 03:18 -------- d-----w- c:\program files\Uniblue
2009-10-20 02:45 . 2009-10-20 02:45 -------- d-----w- c:\windows\IE Uninstall
2009-10-20 02:44 . 2009-10-20 02:44 -------- d-----w- c:\windows\COOKIES
2009-10-19 21:54 . 2009-10-19 21:54 -------- d-----w- c:\windows\Application Data
2009-10-18 21:42 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-18 21:22 . 1996-08-24 18:11 36864 ----a-w- c:\windows\system\Shlwapi.dll
2009-10-18 20:07 . 2009-10-18 20:07 -------- d-----w- c:\program files\Support Tools
2009-10-18 19:43 . 2004-09-07 06:23 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll
2009-10-18 19:43 . 2004-12-22 09:13 9524224 ----a-r- c:\windows\system32\RTLCPL.EXE
2009-10-18 19:43 . 2004-12-22 09:09 77824 ----a-r- c:\windows\SOUNDMAN.EXE
2009-10-18 19:43 . 2004-12-22 09:07 2304320 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-18 19:34 . 2003-03-25 09:50 4096 ----a-r- c:\windows\system32\drivers\siside.sys
2009-10-18 17:56 . 2009-10-18 17:56 -------- d-----w- c:\documents and settings\Default User\Application Data\DivX
2009-10-18 17:26 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-18 17:25 . 2004-08-04 06:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 17:25 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-17 23:29 . 2009-10-17 23:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-10-17 21:17 . 2009-10-17 21:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-17 20:08 . 2009-10-17 20:08 -------- d-----w- c:\program files\BroadJump

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 00:39 . 2009-09-26 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-11 16:51 . 2006-01-09 06:20 -------- d-----w- c:\program files\Java
2009-11-11 07:02 . 2008-08-28 05:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 05:29 . 2008-12-08 00:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 20:43 . 2009-09-26 07:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-10 20:29 . 2009-03-03 03:54 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\IObit
2009-11-10 20:26 . 2005-01-31 21:55 79664 -c--a-w- c:\documents and settings\Kevin Lenertz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 05:04 . 2005-01-05 03:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 17:53 . 2009-03-12 05:34 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\Intuit
2009-11-01 17:53 . 2005-02-02 04:35 -------- d-----w- c:\program files\AMDAGP
2009-11-01 17:21 . 2009-08-28 06:48 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\HpUpdate
2009-11-01 17:21 . 2005-01-31 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2009-11-01 17:20 . 2007-05-05 19:25 -------- d-----w- c:\program files\SBC Self Support Tool
2009-11-01 02:41 . 2005-01-05 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 01:14 . 2004-03-24 06:45 -------- d-----w- c:\program files\Google
2009-11-01 01:07 . 2008-04-21 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-01 01:07 . 2005-07-01 02:11 -------- d-----w- c:\program files\Lavasoft
2009-11-01 01:06 . 2009-09-26 07:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-01 01:06 . 2009-09-26 07:46 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-01 01:05 . 2009-09-26 07:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-01 01:05 . 2009-08-26 13:38 -------- d-----w- c:\program files\AVG
2009-10-27 05:43 . 2009-10-27 05:41 86665 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-27 05:39 . 2005-01-30 23:28 23432 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-22 06:29 . 2008-01-21 08:54 -------- d-----w- c:\program files\SiSLan
2009-10-20 05:26 . 2007-10-21 10:14 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\Move Networks
2009-10-20 03:18 . 2007-11-09 08:09 -------- d-----w- c:\documents and settings\Kevin Lenertz\Application Data\Uniblue
2009-10-17 23:35 . 2009-05-07 06:58 -------- d-----w- c:\program files\MultiStage Recovery
2009-10-17 20:08 . 2005-01-31 19:05 -------- d-----w- c:\program files\SBC Yahoo!
2009-10-14 01:41 . 2009-10-14 01:41 -------- d-----w- c:\program files\Zards software
2009-10-12 08:32 . 2009-10-12 08:32 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-02 15:18 . 2009-09-18 06:07 176800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-01 17:29 . 2009-10-05 19:21 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 06:29 . 2005-08-10 13:38 5968 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-27 09:24 . 2009-09-27 09:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-09-27 09:20 . 2009-09-18 05:03 -------- d-----w- c:\program files\Linksys
2009-09-27 09:19 . 2009-09-27 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-27 09:19 . 2009-09-27 09:19 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-27 09:14 . 2005-01-31 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 07:33 . 2009-09-22 07:33 -------- d-----w- c:\program files\Unity
2009-09-18 06:08 . 2005-02-02 04:54 -------- d-----w- c:\program files\Trend Micro
2009-09-18 06:06 . 2007-06-06 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-09-18 05:07 . 2009-09-18 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-09-18 05:07 . 2009-09-18 05:07 -------- d-----w- c:\program files\WebEx
2009-09-16 00:52 . 2008-02-06 02:30 -------- d-----w- c:\program files\Common Files\Apple
2009-09-15 07:17 . 2005-01-31 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-15 06:06 . 2009-09-15 06:06 -------- d-----w- c:\program files\EASEUS
2009-09-15 02:36 . 2008-01-27 18:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 22:54 . 2008-08-28 05:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2008-08-28 05:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 01:08 . 2008-05-03 17:54 79664 ----a-w- c:\documents and settings\Sophea\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 22:09 . 2009-08-20 22:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-06-10 20:39 . 2009-06-11 09:24 5465088 ----a-w- c:\program files\Fresh RAM.msi
2007-03-30 21:48 . 2007-03-30 21:51 6527190 ----a-w- c:\program files\IP5_0Eng.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-12_05.49.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 02:23 . 2009-11-13 02:23 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
- 2009-11-12 03:11 . 2009-11-12 03:11 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2003-08-11 08:07 . 2003-08-11 08:07 73728 c:\windows\system32\spool\drivers\w32x86\3\hpztbi09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 49152 c:\windows\system32\spool\drivers\w32x86\3\hpzrer09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 81920 c:\windows\system32\spool\drivers\w32x86\3\hpzflt09.dll
+ 2007-04-01 16:29 . 2003-08-11 08:07 36864 c:\windows\system32\spool\drivers\w32x86\3\hpofax08.dll
+ 2003-07-22 17:12 . 2003-07-22 17:12 94208 c:\windows\system32\hpzjsn01.dll
+ 2003-07-22 17:12 . 2003-07-22 17:12 49152 c:\windows\system32\hpzjrd01.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 13824 c:\windows\system32\dllcache\wscntfy.exe
+ 2004-08-04 06:00 . 2004-08-04 06:00 29056 c:\windows\system32\dllcache\ip6fw.sys
+ 2005-01-30 23:32 . 2009-11-13 02:31 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-30 23:32 . 2009-11-11 23:28 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-30 23:32 . 2009-11-11 23:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-30 23:32 . 2009-11-13 02:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-12 08:11 . 2009-11-12 08:11 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-12 08:11 . 2009-11-13 02:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-30 23:32 . 2009-11-11 23:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-01-31 18:42 . 2009-11-12 06:46 40960 c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2005-01-31 18:42 . 2008-08-30 23:01 40960 c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2005-01-31 18:42 . 2009-11-12 06:46 40960 c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
- 2005-01-31 18:42 . 2008-08-30 23:01 40960 c:\windows\Installer\{CFD1B282-555D-494d-8231-4175C2AF08C2}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 163891 c:\windows\system32\spool\drivers\w32x86\3\hpzvip09.dll
+ 2009-11-12 06:22 . 2003-08-11 08:07 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 442368 c:\windows\system32\spool\drivers\w32x86\3\hpztbx09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztbu09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 172032 c:\windows\system32\spool\drivers\w32x86\3\hpzstw09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 376832 c:\windows\system32\spool\drivers\w32x86\3\hpzstc09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 204866 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 692224 c:\windows\system32\spool\drivers\w32x86\3\hpzslk09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 319488 c:\windows\system32\spool\drivers\w32x86\3\hpzrm309.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 380928 c:\windows\system32\spool\drivers\w32x86\3\hpzres09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 335872 c:\windows\system32\spool\drivers\w32x86\3\hpzpre09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 147512 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 200704 c:\windows\system32\spool\drivers\w32x86\3\hpzjui09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 221184 c:\windows\system32\spool\drivers\w32x86\3\hpzime09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 643072 c:\windows\system32\spool\drivers\w32x86\3\hpzeng09.exe
+ 2003-08-11 08:07 . 2003-08-11 08:07 270336 c:\windows\system32\spool\drivers\w32x86\3\hpzcon09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 208896 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi09.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 245760 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg09.exe
+ 2007-04-01 16:29 . 2003-08-11 08:07 140982 c:\windows\system32\spool\drivers\w32x86\3\hpof5509.dat
+ 2003-08-11 08:07 . 2003-08-11 08:07 204866 c:\windows\system32\hpzsnt09.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 129536 c:\windows\system32\dllcache\xmlprov.dll
+ 2009-11-12 06:48 . 2009-11-12 06:48 209920 c:\windows\Installer\c533ba.msi
+ 2009-11-12 06:48 . 2009-11-12 06:48 131072 c:\windows\Installer\c533b2.msi
+ 2009-11-12 06:48 . 2009-11-12 06:48 130048 c:\windows\Installer\c533aa.msi
+ 2009-11-12 06:47 . 2009-11-12 06:47 319488 c:\windows\Installer\c533a2.msi
+ 2009-11-12 06:47 . 2009-11-12 06:47 208384 c:\windows\Installer\c5339a.msi
+ 2009-11-12 06:46 . 2009-11-12 06:46 504832 c:\windows\Installer\c53376.msi
+ 2009-11-12 06:46 . 2009-11-12 06:46 500224 c:\windows\Installer\c5336e.msi
+ 2009-11-12 06:46 . 2009-11-12 06:46 130048 c:\windows\Installer\c53365.msi
+ 2009-11-12 06:46 . 2009-11-12 06:46 510464 c:\windows\Installer\c5335d.msi
+ 2009-11-12 06:45 . 2009-11-12 06:45 337920 c:\windows\Installer\c53355.msi
+ 2009-11-12 06:45 . 2009-11-12 06:45 207360 c:\windows\Installer\c5334d.msi
+ 2009-11-13 02:28 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\11-12-2009\ERDNT.EXE
+ 2003-08-11 08:07 . 2003-08-11 08:07 9707520 c:\windows\system32\spool\drivers\w32x86\3\hpzr3209.dll
+ 2003-08-11 08:07 . 2003-08-11 08:07 1585152 c:\windows\system32\spool\drivers\w32x86\3\hpzimc09.dll
+ 2009-11-12 06:46 . 2009-11-12 06:46 1172480 c:\windows\Installer\c5337e.msi
+ 2009-11-13 02:28 . 2009-11-13 02:28 1495040 c:\windows\ERDNT\AutoBackup\11-12-2009\Users\00000002\UsrClass.dat
+ 2009-11-13 02:28 . 2009-11-13 02:28 10715136 c:\windows\ERDNT\AutoBackup\11-12-2009\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2002-05-02 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"IPInSightLAN 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QAGENT"="f:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"InCD"="c:\program files\ahead\InCD\InCD.exe" [2005-04-12 1383936]
"FaxMonitor"="f:\quixtar\IPFax\FaxMonitor.exe" [2002-01-21 61440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-08-11 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Kevin Lenertz\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-01 01:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"MSSQL$MSSMLBIZ"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"g:\\Program Files\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Program Files\\bearflix.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [8/27/2004 4:18 PM 102528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/25/2009 11:47 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/25/2009 11:47 PM 360584]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 5:06 PM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 11:43 AM 204800]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [1/20/2007 10:34 PM 34712]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [5/13/2009 11:38 PM 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 gupdate1c9ecbd4ae4c310;Google Update Service (gupdate1c9ecbd4ae4c310);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 10:54 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 5:05 PM 285392]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/14/2009 10:06 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/14/2009 10:06 PM 3072]
S3 ir100;ir100;c:\windows\system32\drivers\ir100.sys [7/31/2002 12:52 PM 16896]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [10/3/2007 8:41 PM 36224]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [5/15/2009 4:20 PM 35840]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [1/21/2008 1:24 AM 820133]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 01:13]

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 06:53]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 06:53]

2009-04-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2009-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{5163EA63-99B5-4BFC-A794-9858730E7E11}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{9BF836F3-575A-474D-9EC1-B1B79C716B20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
IE: &Yahoo! Search
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
IE: Yahoo! Dictionary
IE: Yahoo! Search
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {515DA9EC-7B03-3F80-D87E-3DB976424323}
DPF: {7440672B-1B25-7D3F-E4E5-495D702279D7}
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
FF - ProfilePath - c:\documents and settings\Kevin Lenertz\Application Data\Mozilla\Firefox\Profiles\0zynv3mo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wwdb.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Kevin Lenertz\Application Data\Mozilla\Firefox\Profiles\0zynv3mo.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - plugin: g:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: g:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: g:\program files\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: g:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKLM-Run-DXDllRegExe - dxdllreg.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe
AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-2139871995-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ed,d5,2a,ba,ee,16,e3,83,27,08,57,77,71,49,0c,d3,65,b5,cd,27,52,
dd,58,71,9a,f4,a7,5e,b0,1f,7a,d5,c0,f1,d9,b6,2f,9f,6a,e0,f2,96,3b,d0,1d,0b,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\windows\system32\java.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\mrtMngr.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-12 18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 02:38
ComboFix2.txt 2009-11-12 05:56

Pre-Run: 4,197,883,904 bytes free
Post-Run: 4,099,174,400 bytes free

- - End Of File - - B4C1A6EBE397056123454680B5FA8FEB

#12 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 12 November 2009 - 09:42 PM

cklenertz,

Looking good.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Also please let me know how things are running.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#13 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 13 November 2009 - 07:50 PM

Here you go Tomk. Looking better. Have not attempted to download SP3 since the last time. Everything else is working okay though. Kevin

Attached Files

Kaspersky_scan_11_12_2009.txt 971bytes 338 downloads

#14 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 15 November 2009 - 10:15 PM

cklenertz, Give updates a try and let me know how it goes. :popcorn:

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#15 cklenertz

Authentic Member

Authentic Member
81 posts

Posted 16 November 2009 - 10:31 AM

Tried it. Access was denied.

Body Background

skin color theme