XP Police Antivirus [Solved]
Started by
ihavenews0cks
, Feb 16 2009 09:03 AM
-
This topic is locked
#1
Posted 16 February 2009 - 09:03 AM
ihavenews0cks
-
- Member
-
- 61 posts
Member
#2
Posted 16 February 2009 - 06:13 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hi
My name is Extremeboy (or EB for short), and I will be helping you with your log.
Please take note of some guidelines for this fix:
We need to see some information about what is happening in your machine. Please perform the following scan:
**NOTE:-- Note: The screen instructions indicate the attach.txt must be zipped before attaching (not posted) to your forum post. Instead, we want you to include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply.
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link
In your next reply please include the following:
Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.
With Regards,
Extremeboy
My name is Extremeboy (or EB for short), and I will be helping you with your log.
Please take note of some guidelines for this fix:
- Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
- If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
- Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
- Please reply using the
button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. - Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
We need to see some information about what is happening in your machine. Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- Notepad will open with the results, click no to the Optional_Scan
- Follow the instructions that pop up for posting the results.
- Close the program window, and delete the program from your desktop.
**NOTE:-- Note: The screen instructions indicate the attach.txt must be zipped before attaching (not posted) to your forum post. Instead, we want you to include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply.
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
- Make sure you are connected to the Internet.
- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link
In your next reply please include the following:
- DSS.txt
- Attach.txt
- MBAM scan log
- What Problems do you still have?
Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.
With Regards,
Extremeboy
#3
Posted 19 February 2009 - 07:32 PM
ihavenews0cks
- Topic Starter
-
- Member
-
- 61 posts
Member
DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 11:25:17.07 on Fri 20/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.284 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: adssite: {f31b3634-12aa-41ca-b021-0685c3b3e4ca} - c:\windows\system32\nsh9.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 1
uPolicies-system: DisableRegistryTools = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-17 38496]
=============== Created Last 30 ================
2009-02-18 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-17 22:59 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-17 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 22:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 22:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:44 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:44 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:44 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:44 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:44 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:44 <DIR> --d----- c:\docume~1\user\applic~1\PC Tools
2009-02-17 01:43 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-16 23:52 <DIR> --d----- c:\program files\XPPoliceAntivirus
2009-02-14 21:07 <DIR> --d----- c:\program files\DivX
2009-02-10 18:47 <DIR> --d----- c:\documents and settings\user\temp
2009-02-10 18:34 <DIR> --d----- c:\program files\UVC Video Camera
2009-02-08 09:14 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-07 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-02-07 19:18 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-07 18:55 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-07 18:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-07 18:53 <DIR> --d----- c:\program files\AVG
2009-02-07 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-07 18:52 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-07 18:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-07 18:49 <DIR> --d--r-- c:\program files\Skype
2009-02-07 18:48 <DIR> --d----- c:\documents and settings\user\Tracing
2009-02-07 18:47 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-07 18:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-07 18:41 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-07 18:40 <DIR> --d----- c:\program files\Microsoft
2009-02-07 18:40 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-07 18:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 18:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-07 18:13 208,744 a------- c:\windows\system32\muweb.dll
2009-02-07 18:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
==================== Find3M ====================
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 11:25:53.65 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2007 2:51:14 PM
System Uptime: 20/02/2009 10:15:18 AM (1 hours ago)
Motherboard: Hewlett-Packard | | 30D5
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U10 | 1596/133mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U10 | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 10.459 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP166: 24/11/2008 8:37:49 AM - System Checkpoint
RP167: 27/11/2008 7:42:48 AM - System Checkpoint
RP168: 30/11/2008 12:21:01 PM - System Checkpoint
RP169: 2/12/2008 12:43:00 PM - System Checkpoint
RP170: 4/12/2008 8:41:50 PM - System Checkpoint
RP171: 6/12/2008 5:02:46 PM - System Checkpoint
RP172: 7/12/2008 10:10:37 PM - System Checkpoint
RP173: 12/12/2008 5:18:08 PM - System Checkpoint
RP174: 17/12/2008 2:10:39 PM - System Checkpoint
RP175: 20/12/2008 1:05:31 AM - System Checkpoint
RP176: 21/12/2008 5:03:31 AM - System Checkpoint
RP177: 22/12/2008 6:15:54 PM - System Checkpoint
RP178: 26/12/2008 2:42:56 PM - System Checkpoint
RP179: 30/12/2008 12:19:36 PM - System Checkpoint
RP180: 5/01/2009 6:33:21 PM - System Checkpoint
RP181: 6/01/2009 8:16:46 PM - System Checkpoint
RP182: 11/01/2009 11:59:28 PM - System Checkpoint
RP183: 13/01/2009 12:35:44 AM - System Checkpoint
RP184: 15/01/2009 1:52:55 PM - System Checkpoint
RP185: 16/01/2009 2:27:29 PM - System Checkpoint
RP186: 4/02/2009 4:33:12 PM - System Checkpoint
RP187: 7/02/2009 6:53:31 PM - Installed AVG Free 8.0
RP188: 7/02/2009 7:08:52 PM - Software Distribution Service 3.0
RP189: 7/02/2009 8:03:19 PM - Unsigned driver install
RP190: 7/02/2009 8:26:44 PM - Windows Defender Checkpoint
RP191: 8/02/2009 9:13:51 AM - Software Distribution Service 3.0
RP192: 9/02/2009 8:49:11 AM - Software Distribution Service 3.0
RP193: 10/02/2009 5:16:34 PM - Software Distribution Service 3.0
RP194: 10/02/2009 5:22:40 PM - Software Distribution Service 3.0
RP195: 10/02/2009 6:34:55 PM - Installed UVC Video Camera.
RP196: 11/02/2009 5:26:53 PM - Avg8 Update
RP197: 11/02/2009 5:48:43 PM - Software Distribution Service 3.0
RP198: 11/02/2009 9:09:20 PM - Removed UVC Video Camera.
RP199: 13/02/2009 2:20:38 PM - Avg8 Update
RP200: 14/02/2009 1:35:40 AM - Software Distribution Service 3.0
RP201: 15/02/2009 11:13:16 AM - System Checkpoint
RP202: 15/02/2009 7:48:44 PM - Windows Defender Checkpoint
RP203: 16/02/2009 8:28:01 PM - System Checkpoint
RP204: 16/02/2009 11:55:05 PM - Windows Defender Checkpoint
RP205: 17/02/2009 8:30:10 PM - Software Distribution Service 3.0
RP206: 18/02/2009 8:51:21 PM - System Checkpoint
RP207: 19/02/2009 9:00:11 PM - System Checkpoint
RP208: 20/02/2009 10:27:53 AM - Unsigned driver install
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adssite Browser Optimizer
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
AviSynth 2.5
BufferChm
Choice Guard
Codec Pack - All In 1 6.0.3.0
Conexant HD Audio
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivoCodec version 1.0.0.2
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Decrypter (Remove Only)
DVD Region Killer
DVD Shrink 3.2
eSupportQFolder
F2100
F2100_Help
FadeToBlack
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager Installer
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Quick Launch Buttons 6.30 A3
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
iDump (Backing up your iPod)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterActual Player
InterVideo DVD Check
InterVideo WinDVD 4
iriver plus 3 (remove only)
iTunes
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
mIWA
mLogView
mMHouse
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSCfg
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mZConfig
Nero 8
neroxml
NetWaiting
QuickTime
Real Alternative 1.8.0
Rightonadz Browser Optimizer
Scan
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
Skype™ 4.0
SolutionCenter
Status
Synaptics Pointing Device Driver
Theorica Divx ;-) Codecs (remove only)
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoLAN VLC media player 0.8.6c
WavePad Uninstall
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
==== Event Viewer Messages From Past Week ========
19/02/2009 2:40:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B3834F61F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Malwarebytes' Anti-Malware 1.34
Database version: 1768
Windows 5.1.2600 Service Pack 2
20/02/2009 12:30:43 PM
mbam-log-2009-02-20 (12-30-43).txt
Scan type: Quick Scan
Objects scanned: 71454
Time elapsed: 57 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 49
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\adssite.ad (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adssite.ad.1 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo2 (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo2.1 (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cde7971-1026-41ae-9818-31a9e5779441} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{773b1aad-a8dd-4010-a903-cdb32938f595} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8a10fc9b-8d76-4e95-a9be-acda2f665c30} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12c7290a-157b-4f43-b109-97e792c598ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\divocodec_is1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rightonadz (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\DivoCodec\WakeSplitter.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\settings.stp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\unins000.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\unins000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\WakeService.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\bdconf.cfg (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.rvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_dll.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_emu.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cookie.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cran.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cran.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\emalware.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\gvmscripts.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\hpe.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\java.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_w95.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_x95.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_xf.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mobmalware.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\na.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\nelf.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\regarch.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\regscan.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\rup.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\sdx.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\sdx.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\unpack.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\unpack.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb0.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb1.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb2.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ve.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ve.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vedata.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\alert.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\click.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\fire.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
Run by User at 11:25:17.07 on Fri 20/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.284 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: adssite: {f31b3634-12aa-41ca-b021-0685c3b3e4ca} - c:\windows\system32\nsh9.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 1
uPolicies-system: DisableRegistryTools = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-17 38496]
=============== Created Last 30 ================
2009-02-18 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-17 22:59 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-17 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 22:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 22:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:44 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:44 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:44 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:44 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:44 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:44 <DIR> --d----- c:\docume~1\user\applic~1\PC Tools
2009-02-17 01:43 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-16 23:52 <DIR> --d----- c:\program files\XPPoliceAntivirus
2009-02-14 21:07 <DIR> --d----- c:\program files\DivX
2009-02-10 18:47 <DIR> --d----- c:\documents and settings\user\temp
2009-02-10 18:34 <DIR> --d----- c:\program files\UVC Video Camera
2009-02-08 09:14 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-07 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-02-07 19:18 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-07 18:55 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-07 18:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-07 18:53 <DIR> --d----- c:\program files\AVG
2009-02-07 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-07 18:52 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-07 18:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-07 18:49 <DIR> --d--r-- c:\program files\Skype
2009-02-07 18:48 <DIR> --d----- c:\documents and settings\user\Tracing
2009-02-07 18:47 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-07 18:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-07 18:41 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-07 18:40 <DIR> --d----- c:\program files\Microsoft
2009-02-07 18:40 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-07 18:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 18:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-07 18:13 208,744 a------- c:\windows\system32\muweb.dll
2009-02-07 18:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
==================== Find3M ====================
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 11:25:53.65 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2007 2:51:14 PM
System Uptime: 20/02/2009 10:15:18 AM (1 hours ago)
Motherboard: Hewlett-Packard | | 30D5
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U10 | 1596/133mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U10 | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 10.459 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP166: 24/11/2008 8:37:49 AM - System Checkpoint
RP167: 27/11/2008 7:42:48 AM - System Checkpoint
RP168: 30/11/2008 12:21:01 PM - System Checkpoint
RP169: 2/12/2008 12:43:00 PM - System Checkpoint
RP170: 4/12/2008 8:41:50 PM - System Checkpoint
RP171: 6/12/2008 5:02:46 PM - System Checkpoint
RP172: 7/12/2008 10:10:37 PM - System Checkpoint
RP173: 12/12/2008 5:18:08 PM - System Checkpoint
RP174: 17/12/2008 2:10:39 PM - System Checkpoint
RP175: 20/12/2008 1:05:31 AM - System Checkpoint
RP176: 21/12/2008 5:03:31 AM - System Checkpoint
RP177: 22/12/2008 6:15:54 PM - System Checkpoint
RP178: 26/12/2008 2:42:56 PM - System Checkpoint
RP179: 30/12/2008 12:19:36 PM - System Checkpoint
RP180: 5/01/2009 6:33:21 PM - System Checkpoint
RP181: 6/01/2009 8:16:46 PM - System Checkpoint
RP182: 11/01/2009 11:59:28 PM - System Checkpoint
RP183: 13/01/2009 12:35:44 AM - System Checkpoint
RP184: 15/01/2009 1:52:55 PM - System Checkpoint
RP185: 16/01/2009 2:27:29 PM - System Checkpoint
RP186: 4/02/2009 4:33:12 PM - System Checkpoint
RP187: 7/02/2009 6:53:31 PM - Installed AVG Free 8.0
RP188: 7/02/2009 7:08:52 PM - Software Distribution Service 3.0
RP189: 7/02/2009 8:03:19 PM - Unsigned driver install
RP190: 7/02/2009 8:26:44 PM - Windows Defender Checkpoint
RP191: 8/02/2009 9:13:51 AM - Software Distribution Service 3.0
RP192: 9/02/2009 8:49:11 AM - Software Distribution Service 3.0
RP193: 10/02/2009 5:16:34 PM - Software Distribution Service 3.0
RP194: 10/02/2009 5:22:40 PM - Software Distribution Service 3.0
RP195: 10/02/2009 6:34:55 PM - Installed UVC Video Camera.
RP196: 11/02/2009 5:26:53 PM - Avg8 Update
RP197: 11/02/2009 5:48:43 PM - Software Distribution Service 3.0
RP198: 11/02/2009 9:09:20 PM - Removed UVC Video Camera.
RP199: 13/02/2009 2:20:38 PM - Avg8 Update
RP200: 14/02/2009 1:35:40 AM - Software Distribution Service 3.0
RP201: 15/02/2009 11:13:16 AM - System Checkpoint
RP202: 15/02/2009 7:48:44 PM - Windows Defender Checkpoint
RP203: 16/02/2009 8:28:01 PM - System Checkpoint
RP204: 16/02/2009 11:55:05 PM - Windows Defender Checkpoint
RP205: 17/02/2009 8:30:10 PM - Software Distribution Service 3.0
RP206: 18/02/2009 8:51:21 PM - System Checkpoint
RP207: 19/02/2009 9:00:11 PM - System Checkpoint
RP208: 20/02/2009 10:27:53 AM - Unsigned driver install
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adssite Browser Optimizer
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
AviSynth 2.5
BufferChm
Choice Guard
Codec Pack - All In 1 6.0.3.0
Conexant HD Audio
Copy
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivoCodec version 1.0.0.2
DivX Web Player
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD Decrypter (Remove Only)
DVD Region Killer
DVD Shrink 3.2
eSupportQFolder
F2100
F2100_Help
FadeToBlack
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915326)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager Installer
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Quick Launch Buttons 6.30 A3
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
iDump (Backing up your iPod)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterActual Player
InterVideo DVD Check
InterVideo WinDVD 4
iriver plus 3 (remove only)
iTunes
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
mIWA
mLogView
mMHouse
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSCfg
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mZConfig
Nero 8
neroxml
NetWaiting
QuickTime
Real Alternative 1.8.0
Rightonadz Browser Optimizer
Scan
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
Skype™ 4.0
SolutionCenter
Status
Synaptics Pointing Device Driver
Theorica Divx ;-) Codecs (remove only)
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoLAN VLC media player 0.8.6c
WavePad Uninstall
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
==== Event Viewer Messages From Past Week ========
19/02/2009 2:40:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B3834F61F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Malwarebytes' Anti-Malware 1.34
Database version: 1768
Windows 5.1.2600 Service Pack 2
20/02/2009 12:30:43 PM
mbam-log-2009-02-20 (12-30-43).txt
Scan type: Quick Scan
Objects scanned: 71454
Time elapsed: 57 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 49
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\adssite.ad (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adssite.ad.1 (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo2 (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo2.1 (Adware.Rightonadz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wingdiapp.wingdi.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cde7971-1026-41ae-9818-31a9e5779441} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{773b1aad-a8dd-4010-a903-cdb32938f595} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5dbd13bc-c3f8-4846-ad3e-ba3479a5d3f1} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8a10fc9b-8d76-4e95-a9be-acda2f665c30} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12c7290a-157b-4f43-b109-97e792c598ed} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31b3634-12aa-41ca-b021-0685c3b3e4ca} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\divocodec_is1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rightonadz (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\DivoCodec\WakeSplitter.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\settings.stp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\unins000.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\unins000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\DivoCodec\WakeService.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\bdconf.cfg (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cevakrnl.rvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_dll.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_emu.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ceva_vfs.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cookie.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cran.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\cran.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\emalware.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\e_spyw.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\gvmscripts.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\hpe.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\java.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_97.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_w95.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_x95.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mdx_xf.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\mobmalware.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\na.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\nelf.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\regarch.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\regscan.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\rup.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\sdx.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\sdx.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\unpack.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\unpack.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb0.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb1.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vb2.dat (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ve.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\ve.ivd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\Plugins\vedata.cvd (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\alert.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\click.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\XPPoliceAntivirus\sounds\fire.wav (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
#4
Posted 19 February 2009 - 08:14 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
As you can see MBAM remove XP Police Antivirus from your computer
Please post a new DDS log as that was ran before MBAM and the log will differ now.
Post back with:
-New DDS log
-Problems you may still have
With Regards,
Extremeboy
As you can see MBAM remove XP Police Antivirus from your computer
Please post a new DDS log as that was ran before MBAM and the log will differ now.
Post back with:
-New DDS log
-Problems you may still have
With Regards,
Extremeboy
#5
Posted 19 February 2009 - 08:29 PM
ihavenews0cks
- Topic Starter
-
- Member
-
- 61 posts
Member
DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 13:27:26.29 on Fri 20/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.277 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
=============== Created Last 30 ================
2009-02-20 12:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-18 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-17 22:59 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-17 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 22:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 22:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:44 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:44 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:44 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:44 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:44 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:44 <DIR> --d----- c:\docume~1\user\applic~1\PC Tools
2009-02-17 01:43 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-14 21:07 <DIR> --d----- c:\program files\DivX
2009-02-10 18:47 <DIR> --d----- c:\documents and settings\user\temp
2009-02-10 18:34 <DIR> --d----- c:\program files\UVC Video Camera
2009-02-08 09:14 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-07 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-02-07 19:18 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-07 18:55 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-07 18:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-07 18:53 <DIR> --d----- c:\program files\AVG
2009-02-07 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-07 18:52 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-07 18:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-07 18:49 <DIR> --d--r-- c:\program files\Skype
2009-02-07 18:48 <DIR> --d----- c:\documents and settings\user\Tracing
2009-02-07 18:47 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-07 18:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-07 18:41 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-07 18:40 <DIR> --d----- c:\program files\Microsoft
2009-02-07 18:40 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-07 18:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 18:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-07 18:13 208,744 a------- c:\windows\system32\muweb.dll
2009-02-07 18:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 13:28:01.37 ===============
Are there any free antivirus protectors that you can recommend to stop this problem occuring again, or something worse?
Run by User at 13:27:26.29 on Fri 20/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.277 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
=============== Created Last 30 ================
2009-02-20 12:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-18 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-18 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-17 22:59 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-02-17 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 22:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 22:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 01:44 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 01:44 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 01:44 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 01:44 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 01:44 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 01:44 <DIR> --d----- c:\docume~1\user\applic~1\PC Tools
2009-02-17 01:43 <DIR> --d----- c:\program files\common files\Download Manager
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-14 21:07 <DIR> --d----- c:\program files\DivX
2009-02-10 18:47 <DIR> --d----- c:\documents and settings\user\temp
2009-02-10 18:34 <DIR> --d----- c:\program files\UVC Video Camera
2009-02-08 09:14 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-07 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-02-07 19:18 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-07 18:55 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-07 18:53 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-07 18:53 <DIR> --d----- c:\program files\AVG
2009-02-07 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-07 18:52 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-02-07 18:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-02-07 18:49 <DIR> --d--r-- c:\program files\Skype
2009-02-07 18:48 <DIR> --d----- c:\documents and settings\user\Tracing
2009-02-07 18:47 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-07 18:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-07 18:41 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-07 18:40 <DIR> --d----- c:\program files\Microsoft
2009-02-07 18:40 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-07 18:22 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 18:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-07 18:13 208,744 a------- c:\windows\system32\muweb.dll
2009-02-07 18:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
==================== Find3M ====================
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 13:28:01.37 ===============
Are there any free antivirus protectors that you can recommend to stop this problem occuring again, or something worse?
#6
Posted 19 February 2009 - 08:39 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
I have not analyzed your log yet but I will answer your question first.
This infection usually does not get installed "automatically" this is either you installed it yourself by downloading it or being tricked into downloading it. It is a rogue program and gives many false positives.
Below are some free anti-virus programs I like to recommend to others.
Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:
Update It after the installation is complete please.
In the meantime I will analyze your log. Also what problems do you have? You did not answer this question.
With Regards,
Extremeboy
I have not analyzed your log yet but I will answer your question first.
This infection usually does not get installed "automatically" this is either you installed it yourself by downloading it or being tricked into downloading it. It is a rogue program and gives many false positives.
Below are some free anti-virus programs I like to recommend to others.
Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:
Update It after the installation is complete please.
In the meantime I will analyze your log. Also what problems do you have? You did not answer this question.
With Regards,
Extremeboy
#7
Posted 19 February 2009 - 08:46 PM
ihavenews0cks
- Topic Starter
-
- Member
-
- 61 posts
Member
This is unrelated I think, but when my computer starts up it says 'boot.ini' cannot be found. Would you know what to do about that?
#8
Posted 19 February 2009 - 08:48 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
Just finished analyzing your log. I see several different pieces of malware on your computer right now.
One of the infection does the following:
Runs new software from a remote server via HTTP. <- This is very dangerous and is considered a backdoor infection.
There are some other infections as well including some worms that probably infected some of your flash-drives and maybe even other computers.
Backdoor Threat
IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
With Regards,
Extremeboy
Just finished analyzing your log. I see several different pieces of malware on your computer right now.
One of the infection does the following:
Runs new software from a remote server via HTTP. <- This is very dangerous and is considered a backdoor infection.
There are some other infections as well including some worms that probably infected some of your flash-drives and maybe even other computers.
Backdoor ThreatIMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
With Regards,
Extremeboy
#9
Posted 19 February 2009 - 08:50 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
Just saw your reply
I need to go to bed now. It's fairly late for me now.
With Regards,
Extremeboy
Just saw your reply
That is related and it's related to on of the infections you currently have on your system in addition to the other pieces of malware you have including the backdoor I described above. Let me know what you decide to do.This is unrelated I think, but when my computer starts up it says 'boot.ini' cannot be found. Would you know what to do about that?
I need to go to bed now. It's fairly late for me now.
With Regards,
Extremeboy
#10
Posted 22 February 2009 - 03:14 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
Are you still there?
If you are please follow the instructions in my previous post.
If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.
Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.
Thanks for understanding.
With Regards,
Extremeboy
#11
Posted 24 February 2009 - 04:33 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
#12
Posted 16 March 2009 - 02:30 PM
ihavenews0cks
- Topic Starter
-
- Member
-
- 61 posts
Member
Sorry.
I wasn't notified of your response.
Is there a way I can further fix my computer?
I wasn't notified of your response.
Is there a way I can further fix my computer?
#13
Posted 19 March 2009 - 07:47 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello again.
Sorry for the delay.
Yes, we can fix it however I cannot guaranty it can be trusted as stated in my earlier posts.
If you wish to continue post a New DDS log for me.
With Regards,
Extremeboy
Sorry for the delay.
Yes, we can fix it however I cannot guaranty it can be trusted as stated in my earlier posts.
If you wish to continue post a New DDS log for me.
With Regards,
Extremeboy
#14
Posted 19 March 2009 - 11:11 PM
ihavenews0cks
- Topic Starter
-
- Member
-
- 61 posts
Member
DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 16:07:43.56 on Fri 20/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.317 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Sunbelt Personal Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-2-20 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-2-20 65576]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
=============== Created Last 30 ================
2009-02-21 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-21 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-20 16:44 <DIR> --d----- c:\docume~1\user\applic~1\FrostWire
2009-02-20 16:44 <DIR> --d----- c:\program files\FrostWire
2009-02-20 13:51 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-02-20 13:51 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-02-20 13:50 <DIR> --d----- c:\program files\Sunbelt Software
2009-02-20 12:46 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 16:08:59.51 ===============
Run by User at 16:07:43.56 on Fri 20/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.317 [GMT 11:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
FW: Sunbelt Personal Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ODBCJET] c:\windows\system32\ODBCJET.exe
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MS32DLL] c:\windows\.MS32DLL.dll.vbs
mRun: [winboot] wscript.exe /E:vbs c:\windows\boot.ini
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
uPolicies-system: DisableTaskMgr = 0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-7 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-7 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-7 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-2-20 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-7 298264]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1073544]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-2-20 65576]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-9-15 20160]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
=============== Created Last 30 ================
2009-02-21 16:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-21 16:41 1,409 a------- c:\windows\QTFont.for
2009-02-20 16:44 <DIR> --d----- c:\docume~1\user\applic~1\FrostWire
2009-02-20 16:44 <DIR> --d----- c:\program files\FrostWire
2009-02-20 13:51 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-02-20 13:51 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-02-20 13:50 <DIR> --d----- c:\program files\Sunbelt Software
2009-02-20 12:46 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-02-17 01:30 52,347 a------- c:\windows\Sysvxd.exe
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 18:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-07 18:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-07 18:53 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-12-21 10:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-22 01:31 87,608 a------- c:\docume~1\user\applic~1\inst.exe
2008-08-22 01:31 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
============= FINISH: 16:08:59.51 ===============
#15
Posted 20 March 2009 - 12:39 PM
Extremeboy
-
- Retired Staff
-
- 824 posts
Malware Removal Staff
Hello.
Could you post the attach text document as well in your next reply.
A note for you. AVG recently upgraded to AVG 8.5. If the current version you are using is AVG 8.0, I suggest you re-download the latest version, uninstall AVG 8.0 and install the latest version. Remember to update it afterwards.
Run an online scan for me and let me know what problems you have as well.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
With Regards,
Extremeboy
Could you post the attach text document as well in your next reply.
A note for you. AVG recently upgraded to AVG 8.5. If the current version you are using is AVG 8.0, I suggest you re-download the latest version, uninstall AVG 8.0 and install the latest version. Remember to update it afterwards.
Run an online scan for me and let me know what problems you have as well.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
- Open the Kaspersky Scanner page.
- Click on Accept and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
With Regards,
Extremeboy
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
