Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pesky system crashes [RESOLVED]

Started by sydt , May 03 2008 02:59 PM

  • This topic is locked This topic is locked

#1
sydt
Posted 03 May 2008 - 02:59 PM

sydt

    Member

  • Member
  • PipPip
  • 17 posts
Hello;

I have recently been plagued by random system crashes and inability to open programs consistently.
I have followed your instructions and run ATF cleaner.

Also Malwarebytes' Anti-Malware log below

Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Quick Scan
Objects scanned: 37832
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{313300da-0267-4825-b7f5-841e3503fe31} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0afea888-b97b-4ede-ac47-1fee31d5cee5} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> No action taken.

Also ran SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2008 at 01:44 PM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Quick Scan
Total Scan Time : 00:01:18

Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 429
Registry threats detected : 0
File items scanned : 650
File threats detected : 0

Ran AVG

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Saturday, May 03, 2008, 12:04:43 AM"
Total object scanned:;"775890"
Time needed:;"1 hour(s) 14 minute(s) 46 second(s) "
Errors encountered:;"0"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt;"Found Tracking cookie.Webtrends";"Healed"

Finally Hijack this log
Hello;

I have recently been plagued by random system crashes and inability to open programs consistently.
I have followed your instructions and run ATF cleaner.

Also Malwarebytes' Anti-Malware log below

Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Quick Scan
Objects scanned: 37832
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{313300da-0267-4825-b7f5-841e3503fe31} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0afea888-b97b-4ede-ac47-1fee31d5cee5} (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> No action taken.

Also ran SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2008 at 01:44 PM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Quick Scan
Total Scan Time : 00:01:18

Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 429
Registry threats detected : 0
File items scanned : 650
File threats detected : 0

Ran AVG

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Saturday, May 03, 2008, 12:04:43 AM"
Total object scanned:;"775890"
Time needed:;"1 hour(s) 14 minute(s) 46 second(s) "
Errors encountered:;"0"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt;"Found Tracking cookie.Webtrends";"Healed"

Finally Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:35 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Garmin\gStart.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')
O4 - Startup: MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfr...ll/iftwclix.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132521938937
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 9848 bytes


Any help would be appreciated. Thank you.

Any help would be appreciated. Thank you.
  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 06:45 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you tell Malwarebytes Malware program to remove those infected files?

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
sydt
Posted 03 May 2008 - 08:34 PM

sydt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for your quick response.
I did tell the malwarebytes program to remove infected files, ran Hijack and removed requested files.
Combo fix gave this log after running.

ComboFix 08-05-01.3 - Unknown User 2008-05-03 22:25:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2535 [GMT -4:00]
Running from: C:\Documents and Settings\Unknown User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 21:16 . 2008-05-03 21:16 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-03 16:55 . 2008-05-03 16:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 22:03 . 2008-05-02 23:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\SUPERAntiSpyware.com
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Malwarebytes
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 21:47 . 2008-05-02 21:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-02 21:10 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-05-02 21:10 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-04-29 19:03 . 2008-04-29 19:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-04-29 00:13 . 2008-05-01 20:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 21:31 . 2008-05-03 13:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 21:31 . 2008-04-28 21:31 <DIR> d-------- C:\Program Files\AVG
2008-04-28 21:31 . 2008-04-28 21:32 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AVGTOOLBAR
2008-04-28 21:31 . 2008-04-28 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 21:31 . 2008-04-28 21:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 21:31 . 2008-04-28 21:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 20:31 . 2008-04-28 20:31 851,968 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-04-28 07:43 . 2008-04-28 21:11 <DIR> d-------- C:\Program Files\ffdshow
2008-04-27 22:06 . 2008-04-27 22:06 851,968 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
2008-04-26 14:09 . 2008-04-26 14:09 <DIR> d-------- C:\Program Files\MotionBased
2008-04-26 14:09 . 2008-05-03 07:20 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MotionBased
2008-04-26 13:22 . 2006-07-14 19:10 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-04-26 13:22 . 2006-07-14 19:12 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-04-26 13:22 . 2006-07-11 16:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-04-26 07:43 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\Weather Add-in for Windows Live Toolbar
2008-04-26 07:43 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\MSN Money Toolbar Add-in
2008-04-26 07:41 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-26 07:41 . 2008-04-26 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-23 21:07 . 2008-04-23 21:07 1,176 --a------ C:\WINDOWS\_isenv31.ini
2008-04-23 21:06 . 2008-04-23 21:06 <DIR> d-------- C:\Program Files\hp photosmart
2008-04-23 21:06 . 2001-08-03 22:24 311,296 -ra------ C:\WINDOWS\system32\hphmon03.exe
2008-04-23 21:06 . 2001-08-03 22:24 249,856 -ra------ C:\WINDOWS\system32\hph_asui.exe
2008-04-23 21:05 . 2001-08-03 22:24 442,368 --------- C:\WINDOWS\system32\hphc3203.dll
2008-04-23 21:05 . 2001-08-03 22:24 50,704 -ra------ C:\WINDOWS\system32\drivers\hphid409.sys
2008-04-23 21:05 . 2001-08-03 22:24 50,051 -ra------ C:\WINDOWS\system32\drivers\hphs2k09.sys
2008-04-23 21:05 . 2001-08-03 22:24 18,864 -ra------ C:\WINDOWS\system32\drivers\hphius09.sys
2008-04-23 21:05 . 2001-08-03 22:24 15,984 -ra------ C:\WINDOWS\system32\drivers\hphipr09.sys
2008-04-23 21:05 . 2001-08-03 22:24 3,691 --------- C:\WINDOWS\hphinfs.dat
2008-04-23 21:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-23 21:04 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-22 20:59 . 2008-04-22 20:59 4,180 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-04-22 20:38 . 2008-05-03 22:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 20:38 . 2008-04-22 20:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-22 20:35 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-04-22 20:29 . 2007-12-29 10:35 112,992 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2008-04-22 19:02 . 2008-04-24 18:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-22 18:39 . 2008-04-22 18:39 <DIR> d--hs---- C:\Documents and Settings\Unknown User\UserData
2008-04-22 17:27 . 2008-05-03 17:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 17:25 . 2008-04-22 17:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-22 17:13 . 2008-05-03 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\WINDOWS
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Shared
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Incomplete
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Apps
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\.limewire
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\WNR
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\WMTools Downloaded Files
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Webroot
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\VERITAS
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Uniblue
2008-04-22 08:12 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Thunderbird
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\The Blocks Company, LLC
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\TeamViewer
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Symantec
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\STOPzilla!
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Snapfish
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\SmartDraw
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Simply Super Software
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Simple Star
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Shareaza
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Share-to-Web Upload Folder
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Plaxo
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Palo Alto Software Inc
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Omnidrive
2008-04-22 08:10 . 2008-04-22 08:10 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Move Networks
2008-04-22 08:10 . 2008-04-22 08:10 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Microsoft Web Folders
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MailWasherPro
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MailWasher
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Logitech
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Lavasoft
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Kazaa Lite
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Jasc
2008-04-22 08:06 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Intuit
2008-04-22 08:06 . 2008-04-22 08:06 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\InterTrust
2008-04-22 08:06 . 2008-04-22 08:06 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\InstallShield
2008-04-22 08:05 . 2008-04-24 22:01 <DIR> d--h----- C:\Documents and Settings\Unknown User\Application Data\GTek
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\DivX
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\com.codeode
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Cloudmark
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Clark Color Labs
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Broderbund Software
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AVSMedia
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Arcsoft
2008-04-22 07:53 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Apple Computer
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Apple
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AntiSpamFilter
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AdobeUM
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Active Disk
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\ACD Systems
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\abelhadigital.com
2008-04-22 07:12 . 2008-04-22 07:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Apple
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d--h----- C:\WUTemp
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d-------- C:\wintes32
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d-------- C:\{00003A92-25F2-97F1-EA53-37C63FF41066}
2008-04-22 02:30 . 2008-04-22 02:33 <DIR> d-------- C:\WINME
2008-04-22 02:29 . 2008-05-02 23:15 <DIR> d-------- C:\VundoFix Backups
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\USB_WINDOWSXP
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\tools
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\temp\photosmart
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\temp
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\Tax01
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\sUBs
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\Rustbfix
2008-04-22 02:28 . 2008-04-22 02:28 <DIR> d-------- C:\recordnowmax
2008-04-22 02:28 . 2008-04-22 02:28 <DIR> d-------- C:\Palm
2008-04-22 01:41 . 2008-04-22 02:28 <DIR> d-------- C:\My Shared Folder
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\My Downloads
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 01:14 90,112 ----a-w C:\WINDOWS\DUMP32a8.tmp
2008-04-26 11:37 67,872 ----a-w C:\Documents and Settings\Unknown User\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 04:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-15 20:12 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-15 20:12 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-15 18:56 155,995 ----a-w C:\WINDOWS\java\Packages\R3X3BZLB.ZIP
2008-04-15 18:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 20:15 408,576 ----a-w C:\WINDOWS\system32\Smab.dll
2008-02-04 22:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-03 04:54 1,415,032 ----a-w C:\Documents and Settings\Unknown User\Application Data\sydtyson.zip
2006-03-25 02:10 164,792 ----a-w C:\Documents and Settings\Unknown User\DynGate_Setup.exe
2005-12-06 04:24 6,012,150 ----a-w C:\Program Files\DropSend.exe
2003-09-12 02:05 93,826 ----a-w C:\Program Files\PopupPopperSetup.exe
2003-09-12 02:04 233,130 ----a-w C:\Program Files\cookiei.exe
2003-09-12 02:04 2,920,448 ----a-w C:\Program Files\Ad-aware Professional v6.0 Build 158.exe
2003-09-05 19:14 271 --sha-w C:\Program Files\desktop.ini
2003-09-05 19:14 23,357 ---ha-w C:\Program Files\folder.htt
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.
<pre>
----a-w		16,378,548 2003-05-24 05:57:20  C:\Documents and Settings\Unknown User\My Documents\My Shared Folder\RecordNow MAX - CD & DVD Burning .exe
</pre>


------- Sigcheck -------

2004-10-08 08:01 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-10-08 08:01 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2004-10-08 08:01 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
2004-10-08 08:01 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-10-08 08:01 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-10-08 08:01 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-10-08 08:01 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll
2006-10-17 13:33 818688 fed30afc65931e390b3c90dc63e29e42 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 13:45 822784 5b35dae6e4886f64d1da58c4e3e01eb9 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 04:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 10:35 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 06:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2QFE\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2QFE\wininet.dll
2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2007-10-30 13:20 360064 dad88737d89cb9935fa5c8d1ee6f8ac6 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-10-08 08:01 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-10-08 08:01 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-10-08 08:01 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-10-08 08:01 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-10-08 08:01 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-10-08 08:01 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-10-08 08:01 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-10-08 08:01 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 21:31 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 21:31 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 21:31 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [2008-02-11 10:59 289168]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 17:13 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-02-16 18:24 160832]
"gStart"="C:\Garmin\gStart.exe" [2006-09-06 10:05 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 05:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 04:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 04:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 04:41 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 06:09 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 06:12 244512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 09:55 196608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 18:52 259392]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-08-03 22:24 311296]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 21:31 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="C:\Program Files\Laplink\PCmover\LaunchSt.exe" [2006-12-14 15:36 54840]

C:\Documents and Settings\Unknown User\Start Menu\Programs\Startup\
MotionBased Agent.lnk - C:\Program Files\MotionBased\Agent\MBAgent.exe [2006-12-30 10:18:46 909312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-22 17:13:26 124400]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-02 23:54:37 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-02 23:48 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.divxa32"= DivXa32.acm
"vidc.444p"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.aasc"= aasc32.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.ffds"= C:\PROGRA~1\HELDEC~1\FFDSHOW\ffdshow.ax
"VIDC.HFYU"= huffyuv.dll
"vidc.mjpg"= mcmjpg32.dll
"vidc.mpng"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.mvjp"= C:\Program Files\t@b\0.958\686\tabdec.dll
"VIDC.VDOM"= vdowave.drv
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ashMaiSv"=C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
"CookieWall"=C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb04.exe
"iamapp"=C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"StarUpdater"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 18:52]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 18:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 21:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 21:31]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-03 22:24]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 10:35]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 18:52]
S3 GPCIEnu1;GPCIEnu1;C:\WINDOWS\system32\GPCIEnum.sys [2006-08-06 15:06]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 15:59]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-08-03 15:59]

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 01:43:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 00:24:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-04 00:29:47 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-05-03 05:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-05-03 23:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 22:27:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PROCEXP90]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS"
.
Completion time: 2008-05-03 22:27:58
ComboFix-quarantined-files.txt 2008-05-04 02:27:55

Pre-Run: 239,150,809,088 bytes free
Post-Run: 239,134,879,744 bytes free

334 --- E O F --- 2008-05-03 22:32:50

Thank you for your analysis
  • 0

#4
greyknight17
Posted 04 May 2008 - 12:13 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Move these out of your program files folder if they are the installers. They shouldn't be in that folder unless they are installed programs (not installers):

C:\Program Files\DropSend.exe
C:\Program Files\PopupPopperSetup.exe
C:\Program Files\cookiei.exe
C:\Program Files\Ad-aware Professional v6.0 Build 158.exe

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

RENV::
C:\Documents and Settings\Unknown User\My Documents\My Shared Folder\RecordNow MAX - CD & DVD Burning .exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

What programs are you having problems with? Try reinstalling them.

See if you still have any problems now.
  • 0

#5
sydt
Posted 05 May 2008 - 03:49 PM

sydt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello again;
I thought I sent you the log requested but I don't see it.
I took installers out of program files and ran Combofix
Log is as follows:
ComboFix 08-05-01.3 - Unknown User 2008-05-05 17:24:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2254 [GMT -4:00]
Running from: C:\Documents and Settings\Unknown User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Unknown User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 08:11 . 2008-05-05 08:11 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-03 21:16 . 2008-05-03 21:16 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-03 16:55 . 2008-05-03 16:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 22:03 . 2008-05-02 23:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\SUPERAntiSpyware.com
2008-05-02 22:03 . 2008-05-02 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Malwarebytes
2008-05-02 21:49 . 2008-05-02 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 21:47 . 2008-05-02 21:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-02 21:10 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-05-02 21:10 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-04-29 19:03 . 2008-04-29 19:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-04-29 00:13 . 2008-05-04 12:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 21:31 . 2008-05-05 09:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 21:31 . 2008-04-28 21:31 <DIR> d-------- C:\Program Files\AVG
2008-04-28 21:31 . 2008-04-28 21:32 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AVGTOOLBAR
2008-04-28 21:31 . 2008-04-28 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 21:31 . 2008-04-28 21:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 21:31 . 2008-04-28 21:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 20:31 . 2008-04-28 20:31 851,968 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-04-28 07:43 . 2008-04-28 21:11 <DIR> d-------- C:\Program Files\ffdshow
2008-04-27 22:06 . 2008-04-27 22:06 851,968 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
2008-04-26 14:09 . 2008-04-26 14:09 <DIR> d-------- C:\Program Files\MotionBased
2008-04-26 14:09 . 2008-05-03 07:20 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MotionBased
2008-04-26 13:22 . 2006-07-14 19:10 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-04-26 13:22 . 2006-07-14 19:12 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-04-26 13:22 . 2006-07-11 16:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-04-26 07:43 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\Weather Add-in for Windows Live Toolbar
2008-04-26 07:43 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\MSN Money Toolbar Add-in
2008-04-26 07:41 . 2008-04-26 07:43 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-26 07:41 . 2008-04-26 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-23 21:07 . 2008-04-23 21:07 1,176 --a------ C:\WINDOWS\_isenv31.ini
2008-04-23 21:06 . 2008-04-23 21:06 <DIR> d-------- C:\Program Files\hp photosmart
2008-04-23 21:06 . 2001-08-03 22:24 311,296 -ra------ C:\WINDOWS\system32\hphmon03.exe
2008-04-23 21:06 . 2001-08-03 22:24 249,856 -ra------ C:\WINDOWS\system32\hph_asui.exe
2008-04-23 21:05 . 2001-08-03 22:24 442,368 --------- C:\WINDOWS\system32\hphc3203.dll
2008-04-23 21:05 . 2001-08-03 22:24 50,704 -ra------ C:\WINDOWS\system32\drivers\hphid409.sys
2008-04-23 21:05 . 2001-08-03 22:24 50,051 -ra------ C:\WINDOWS\system32\drivers\hphs2k09.sys
2008-04-23 21:05 . 2001-08-03 22:24 18,864 -ra------ C:\WINDOWS\system32\drivers\hphius09.sys
2008-04-23 21:05 . 2001-08-03 22:24 15,984 -ra------ C:\WINDOWS\system32\drivers\hphipr09.sys
2008-04-23 21:05 . 2001-08-03 22:24 3,691 --------- C:\WINDOWS\hphinfs.dat
2008-04-23 21:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-23 21:04 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-22 20:59 . 2008-04-22 20:59 4,180 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-04-22 20:38 . 2008-05-05 07:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 20:38 . 2008-04-22 20:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-22 20:35 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-04-22 20:29 . 2007-12-29 10:35 112,992 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2008-04-22 19:02 . 2008-04-24 18:52 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-22 19:02 . 2008-04-24 18:52 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-22 18:39 . 2008-04-22 18:39 <DIR> d--hs---- C:\Documents and Settings\Unknown User\UserData
2008-04-22 17:27 . 2008-05-03 17:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 17:25 . 2008-04-22 17:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-22 17:13 . 2008-05-04 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\WINDOWS
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Shared
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Incomplete
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\Apps
2008-04-22 13:51 . 2008-04-22 13:51 <DIR> d-------- C:\Documents and Settings\Unknown User\.limewire
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\WNR
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\WMTools Downloaded Files
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Webroot
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\VERITAS
2008-04-22 08:14 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Uniblue
2008-04-22 08:12 . 2008-04-22 08:14 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Thunderbird
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\The Blocks Company, LLC
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\TeamViewer
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Symantec
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\STOPzilla!
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Snapfish
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\SmartDraw
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Simply Super Software
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Simple Star
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Shareaza
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Share-to-Web Upload Folder
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Plaxo
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Palo Alto Software Inc
2008-04-22 08:12 . 2008-04-22 08:12 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Omnidrive
2008-04-22 08:10 . 2008-04-22 08:10 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Move Networks
2008-04-22 08:10 . 2008-04-22 08:10 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Microsoft Web Folders
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MailWasherPro
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\MailWasher
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Logitech
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Lavasoft
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Kazaa Lite
2008-04-22 08:07 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Jasc
2008-04-22 08:06 . 2008-04-22 08:07 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Intuit
2008-04-22 08:06 . 2008-04-22 08:06 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\InterTrust
2008-04-22 08:06 . 2008-04-22 08:06 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\InstallShield
2008-04-22 08:05 . 2008-04-24 22:01 <DIR> d--h----- C:\Documents and Settings\Unknown User\Application Data\GTek
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\DivX
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\com.codeode
2008-04-22 08:01 . 2008-04-22 08:01 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Cloudmark
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Clark Color Labs
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Broderbund Software
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AVSMedia
2008-04-22 07:54 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Arcsoft
2008-04-22 07:53 . 2008-04-22 07:54 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Apple Computer
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Apple
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AntiSpamFilter
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\AdobeUM
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\Active Disk
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\ACD Systems
2008-04-22 07:53 . 2008-04-22 07:53 <DIR> d-------- C:\Documents and Settings\Unknown User\Application Data\abelhadigital.com
2008-04-22 07:12 . 2008-04-22 07:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Apple
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d--h----- C:\WUTemp
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d-------- C:\wintes32
2008-04-22 02:33 . 2008-04-22 02:33 <DIR> d-------- C:\{00003A92-25F2-97F1-EA53-37C63FF41066}
2008-04-22 02:30 . 2008-04-22 02:33 <DIR> d-------- C:\WINME
2008-04-22 02:29 . 2008-05-02 23:15 <DIR> d-------- C:\VundoFix Backups
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\USB_WINDOWSXP
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\tools
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\temp\photosmart
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\temp
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\Tax01
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\sUBs
2008-04-22 02:29 . 2008-04-22 02:29 <DIR> d-------- C:\Rustbfix
2008-04-22 02:28 . 2008-04-22 02:28 <DIR> d-------- C:\recordnowmax
2008-04-22 02:28 . 2008-04-22 02:28 <DIR> d-------- C:\Palm
2008-04-22 01:41 . 2008-04-22 02:28 <DIR> d-------- C:\My Shared Folder
2008-04-22 01:40 . 2008-04-22 01:40 <DIR> d-------- C:\My Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 01:14 90,112 ----a-w C:\WINDOWS\DUMP32a8.tmp
2008-04-26 11:37 67,872 ----a-w C:\Documents and Settings\Unknown User\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 04:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-15 20:12 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-15 20:12 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-15 18:56 155,995 ----a-w C:\WINDOWS\java\Packages\R3X3BZLB.ZIP
2008-04-15 18:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 20:15 408,576 ----a-w C:\WINDOWS\system32\Smab.dll
2008-01-03 04:54 1,415,032 ----a-w C:\Documents and Settings\Unknown User\Application Data\sydtyson.zip
2006-03-25 02:10 164,792 ----a-w C:\Documents and Settings\Unknown User\DynGate_Setup.exe
2003-09-05 19:14 271 --sha-w C:\Program Files\desktop.ini
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2004-10-08 08:01 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-10-08 08:01 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2004-10-08 08:01 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
2004-10-08 08:01 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-10-08 08:01 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-10-08 08:01 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-10-08 08:01 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll
2006-10-17 13:33 818688 fed30afc65931e390b3c90dc63e29e42 C:\WINDOWS\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\ie7updates\KB931768-IE7\wininet.dll
2007-03-07 13:45 822784 5b35dae6e4886f64d1da58c4e3e01eb9 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 04:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 10:35 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 06:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2QFE\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2QFE\wininet.dll
2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2007-10-30 13:20 360064 dad88737d89cb9935fa5c8d1ee6f8ac6 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-10-08 08:01 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-10-08 08:01 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-10-08 08:01 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-10-08 08:01 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-10-08 08:01 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-10-08 08:01 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2004-10-08 08:01 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-10-08 08:01 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-03_22.27.44.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 02:25:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 11:53:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 00:07:02 42,166 ----a-r C:\WINDOWS\Installer\{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 21:31 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 21:31 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 21:31 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [2008-02-11 10:59 289168]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 17:13 68856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-02-16 18:24 160832]
"gStart"="C:\Garmin\gStart.exe" [2006-09-06 10:05 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 05:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 04:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 04:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 04:41 81920]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 06:09 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 06:12 244512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 09:55 196608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 18:52 259392]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2001-08-03 22:24 311296]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 21:31 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="C:\Program Files\Laplink\PCmover\LaunchSt.exe" [2006-12-14 15:36 54840]

C:\Documents and Settings\Unknown User\Start Menu\Programs\Startup\
MotionBased Agent.lnk - C:\Program Files\MotionBased\Agent\MBAgent.exe [2006-12-30 10:18:46 909312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-22 17:13:26 124400]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-05-02 23:54:37 692224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-02 23:48 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.divxa32"= DivXa32.acm
"vidc.444p"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.aasc"= aasc32.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.ffds"= C:\PROGRA~1\HELDEC~1\FFDSHOW\ffdshow.ax
"VIDC.HFYU"= huffyuv.dll
"vidc.mjpg"= mcmjpg32.dll
"vidc.mpng"= C:\Program Files\t@b\0.958\686\tabdec.dll
"vidc.mvjp"= C:\Program Files\t@b\0.958\686\tabdec.dll
"VIDC.VDOM"= vdowave.drv
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ashMaiSv"=C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
"CookieWall"=C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb04.exe
"iamapp"=C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"StarUpdater"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-04-24 18:52]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-04-24 18:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 21:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-28 21:31]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-03 22:24]
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2007-12-29 10:35]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-04-24 18:52]
S3 GPCIEnu1;GPCIEnu1;C:\WINDOWS\system32\GPCIEnum.sys [2006-08-06 15:06]
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2005-08-03 15:59]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2005-08-03 15:59]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 01:43:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-05 21:24:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-05 20:57:03 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-05-04 05:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-05-04 03:00:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 17:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 17:26:25
ComboFix-quarantined-files.txt 2008-05-05 21:26:23
ComboFix2.txt 2008-05-04 18:52:08
ComboFix3.txt 2008-05-04 02:27:59

Pre-Run: 238,751,633,408 bytes free
Post-Run: 238,787,522,560 bytes free

333 --- E O F --- 2008-05-05 21:08:36

I haven't noticed any specific program freezing. Threatfire may be causing conflicts but can't confirm that.

Were you able to determine if I was infected ??

Thanks again for your help.
  • 0

#6
greyknight17
Posted 05 May 2008 - 07:30 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Nothing much besides the things you removed earlier with Malwarebytes and the fixes with HijackThis.

You can try uninstall Threatfire to see if it helps. Your log from here looks clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
sydt
Posted 05 May 2008 - 09:56 PM

sydt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for your help. I removed Threatfire and my system is operating smoothly again.
  • 0

#8
greyknight17
Posted 08 May 2008 - 08:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP