Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

please help...ive tried everything...really infected! [CLOSED]

Started by aramir1989 , May 31 2008 02:29 AM

This topic is locked

#1
aramir1989

Posted 31 May 2008 - 02:29 AM

New Member

Member
5 posts

HELP ME PLEASE!!!!!!!!!!!!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:26 AM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10883 bytes

#2
greyknight17

Posted 31 May 2008 - 10:43 AM

Malware Expert

Visiting Consultant
16,560 posts

Welcome to GTG.

Please remove AVG Antivirus or Avast. Try not to have more than one antivirus program running.

What kind of problems are you having? I don't see any signs of malware here. If it's a slowdown issue, removing Avast or AVG should do the trick.

Otherwise, you may run the following scan:

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

#3
aramir1989

Posted 01 June 2008 - 02:26 AM

New Member

Topic Starter
Member
5 posts

When I ran ComboFix my computer froze. At first it was running ok and then it just froze, i figured it was doing something so i left it for like 20 min and it did nothing. Could it be that some of my programs running (spyware,antivirus,firewall) are interfering with it? thanks

#4
aramir1989

Posted 01 June 2008 - 02:29 AM

New Member

Topic Starter
Member
5 posts

these localhost IP's keep trying to connect to my pc. 66.102.1.89 and 60.172.219.2 they are being flagged bad by firewall. could it be that virus is on recovery drive? not sure if hijackthis scans all drives...?

#5
greyknight17

Posted 01 June 2008 - 11:47 AM

Malware Expert

Visiting Consultant
16,560 posts

Try getting Combofix from the second link and rename it to CFaramir1989.exe and save it on your desktop. Try running it again.

#6
aramir1989

Posted 01 June 2008 - 10:42 PM

New Member

Topic Starter
Member
5 posts

here is combofix log

ComboFix 08-06-01.6 - HP_Administrator 2008-06-02 0:27:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.546 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator.ALEX\Desktop\CFaramir6232.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Downloaded Program Files\setup.inf
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 00:22 . 2008-06-02 00:22 <DIR> d-------- C:\Program Files\Eltima Software
2008-06-02 00:22 . 2008-03-07 13:57 54,016 --a------ C:\WINDOWS\system32\drivers\evserial.sys
2008-06-02 00:22 . 2008-03-07 13:56 26,880 --a------ C:\WINDOWS\system32\drivers\evsbc.sys
2008-06-02 00:18 . 2008-06-02 00:18 <DIR> d-------- C:\Program Files\Advanced Serial Port Monitor
2008-06-02 00:18 . 2007-06-08 17:44 21,584 --a-s---- C:\WINDOWS\system32\drivers\aspmon.sys
2008-06-02 00:05 . 2008-05-12 21:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-02 00:05 . 2008-05-12 21:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-02 00:05 . 2008-05-12 21:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-02 00:05 . 2008-05-12 21:53 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-02 00:05 . 2008-05-12 21:53 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-01 19:39 . 2008-06-01 23:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\LimeWire
2008-06-01 13:39 . 2008-06-02 00:23 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-01 12:04 . 2007-10-11 21:55 13,848 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-06-01 11:01 . 2008-06-01 11:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 11:01 . 2008-06-01 11:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\SUPERAntiSpyware.com
2008-06-01 11:01 . 2008-06-01 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-01 10:22 . 2008-06-01 10:22 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\InterVideo
2008-06-01 04:02 . 2008-06-01 04:06 <DIR> d-------- C:\ComboFix
2008-05-31 05:19 . 2008-05-31 05:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 05:19 . 2008-05-31 05:19 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\Malwarebytes
2008-05-31 05:19 . 2008-05-31 05:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 05:19 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-31 05:19 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 04:41 . 2008-06-01 10:43 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-05-31 04:41 . 2008-06-01 10:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\Spyware Terminator
2008-05-31 04:41 . 2008-05-31 05:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-31 04:41 . 2008-05-31 04:41 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-31 04:14 . 2008-05-31 04:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-30 04:58 . 2008-06-01 11:28 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-05-30 04:54 . 2008-05-30 04:54 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-30 04:52 . 2008-05-30 04:52 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-05-30 04:22 . 2008-06-01 11:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 04:13 . 2008-05-30 04:13 5 ---h----- C:\WINDOWS\AMX.D98
2008-05-28 05:43 . 2008-05-28 05:43 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\IObit
2008-05-28 05:37 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-28 05:37 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-28 05:37 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-28 05:37 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-28 05:37 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-28 05:37 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-28 05:37 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-28 05:37 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-28 05:37 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-28 05:14 . 2008-05-28 05:14 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\WildTangent
2008-05-28 05:13 . 2008-05-28 05:13 <DIR> d-------- C:\Program Files\HP Games
2008-05-28 05:13 . 2008-05-28 05:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-28 04:35 . 2006-11-13 02:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-28 04:35 . 2006-11-13 02:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-28 04:35 . 2006-11-13 02:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-28 04:23 . 2008-06-02 00:30 4,655,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 04:23 . 2008-05-31 22:12 48,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 04:20 . 2008-05-28 04:20 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\MailFrontier
2008-05-28 04:20 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-28 04:20 . 2008-05-28 04:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-28 04:13 . 2008-06-01 16:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 04:13 . 2008-05-28 05:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\AVGTOOLBAR
2008-05-28 04:13 . 2008-05-28 04:13 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 04:13 . 2008-05-28 04:13 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-28 04:13 . 2008-05-28 04:13 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-28 04:13 . 2008-05-28 04:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 04:12 . 2008-05-28 04:12 <DIR> d-------- C:\Program Files\IObit
2008-05-28 04:09 . 2008-05-28 04:09 <DIR> d--hs---- C:\Documents and Settings\HP_Administrator.ALEX\UserData
2008-05-28 03:54 . 2008-05-28 03:54 <DIR> d-------- C:\WINDOWS\wt
2008-05-28 03:49 . 2007-02-28 05:10 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-28 03:49 . 2007-02-28 05:08 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-28 03:49 . 2007-02-28 04:38 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-28 03:49 . 2007-02-28 04:38 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-28 03:39 . 2008-06-01 12:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-28 03:39 . 2008-05-28 03:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-28 03:36 . 2008-06-01 12:04 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-28 03:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-28 03:27 . 2008-05-28 03:28 1,917 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PX724AA-ABA M7170N_YC_0Pavi_QMXK521_E53NAsyEPC1_47_ILITHIUM_SASUSTek Computer INC._V1.04_B3.03_T050519_WXP2_L409_M1023_J250_7Intel_8Pentium D_93_#080318_N808627DC_Z11C1048C_G10025B60.MRK
2008-05-28 03:25 . 2005-05-05 18:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\WINDOWS
2008-05-28 03:25 . 2005-05-05 19:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\Symantec
2008-05-28 03:25 . 2005-05-05 19:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\SampleView
2008-05-28 03:25 . 2005-05-05 19:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\InterMute
2008-05-28 03:25 . 2005-05-05 18:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX\Application Data\Apple Computer
2008-05-28 03:25 . 2008-06-01 11:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator.ALEX
2008-05-28 03:22 . 2005-05-05 18:50 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-28 03:22 . 2005-05-05 19:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-05-28 03:22 . 2005-05-05 19:03 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-28 03:22 . 2005-05-05 19:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InterMute
2008-05-28 03:22 . 2005-05-05 18:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-05-28 03:15 . 2004-08-04 02:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-28 03:15 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-28 03:15 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-28 03:15 . 2004-08-04 01:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-28 03:15 . 2001-08-17 16:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-28 03:15 . 2001-08-17 17:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-28 03:06 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-05-28 03:06 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-05-28 03:06 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-05-28 03:06 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll
2008-05-28 02:53 . 2008-06-01 11:51 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-27 20:44 . 2008-05-27 20:44 <DIR> d-------- C:\Softpaq
2008-05-27 11:28 . 2008-05-27 21:11 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY.001
2008-05-27 11:27 . 2008-05-27 21:11 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-05-27 08:44 . 2008-05-27 08:44 <DIR> d-------- C:\Program Files\Intel
2008-05-27 08:44 . 2008-05-27 08:44 <DIR> d-------- C:\Intel
2008-05-27 08:33 . 2008-05-28 05:45 160 --a------ C:\WINDOWS\MyDrivers.ini
2008-05-27 08:21 . 2008-05-27 08:21 <DIR> d-------- C:\Program Files\My Drivers
2008-05-27 06:58 . 2008-05-27 06:58 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-27 06:58 . 2008-05-27 06:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-27 06:51 . 2008-05-27 06:51 264 --a------ C:\WINDOWS\setup.iss
2008-05-27 06:50 . 2008-05-27 06:50 <DIR> d-------- C:\Program Files\NewSoft
2008-05-27 06:50 . 2008-05-27 06:50 <DIR> d-------- C:\Program Files\Common Files\PDFView
2008-05-27 06:50 . 2008-05-27 06:50 <DIR> d-------- C:\Program Files\Common Files\NewSoft
2008-05-27 06:48 . 2008-05-27 06:48 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-27 06:48 . 2008-05-27 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-27 06:48 . 2008-05-27 06:48 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-05-27 06:47 . 2008-05-27 06:47 <DIR> d-------- C:\Program Files\ScanSoft
2008-05-27 06:45 . 2008-05-27 06:45 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-05-27 06:41 . 2008-05-27 06:41 <DIR> d--h----- C:\Program Files\CanonBJ
2008-05-27 06:39 . 2008-05-27 08:56 <DIR> d-------- C:\Program Files\Canon
2008-05-25 04:32 . 2008-05-25 04:32 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-24 06:21 . 2008-05-24 06:21 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-24 06:16 . 2008-05-24 06:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-24 05:53 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003493_.tmp
2008-05-21 05:26 . 2008-05-21 05:26 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-05-21 04:42 . 2008-05-21 04:42 <DIR> d-------- C:\758 snes roms games and emulator snes9x
2008-05-19 17:13 . 2008-05-19 17:13 <DIR> d-------- C:\Program Files\e-Speaking
2008-05-19 04:01 . 2008-05-19 04:01 <DIR> d-------- C:\Program Files\courtney [bleep]
2008-05-18 22:08 . 2008-05-18 22:08 <DIR> d-------- C:\SphinxOCX
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 21:53 . 2008-05-12 21:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 04:05 --------- d-----w C:\Program Files\DivX
2008-06-01 23:38 --------- d-----w C:\Program Files\LimeWire
2008-06-01 16:30 --------- d-----w C:\Program Files\Stardock
2008-06-01 16:30 --------- d-----w C:\Program Files\Common Files\Stardock
2008-06-01 16:06 1,570,304 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-06-01 15:51 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-06-01 09:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-01 09:10 --------- d-----w C:\Program Files\Common Files\Real
2008-06-01 08:06 1,537,024 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-05-30 09:18 1,745,895 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-30 08:24 --------- d-----w C:\Program Files\Lavasoft
2008-05-30 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 08:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-28 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-28 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-28 07:54 --------- d-----w C:\Program Files\WildTangent
2008-05-28 07:39 --------- d-----w C:\Program Files\iTunes
2008-05-28 07:37 --------- d-----w C:\Program Files\QuickTime
2008-05-28 07:33 --------- d-----w C:\Program Files\Java
2008-05-28 07:18 851,456 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-05-28 07:18 1,397,248 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-05-28 07:12 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-05-28 07:12 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-05-27 15:25 3,267,584 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-05-27 15:25 2,000,896 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-05-21 00:46 2,865,664 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-05-21 00:46 1,848,832 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-05-20 14:13 3,486,720 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-05-20 14:13 1,846,784 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-05-19 08:02 --------- d-----w C:\Program Files\Football
2008-05-13 04:38 1,783,296 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-07 00:51 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-01 16:33 1,992,704 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-05-01 16:33 1,680,896 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-04-30 23:24 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-30 19:51 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-30 19:51 1,643,520 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-04-30 19:42 1,207,808 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-30 13:37 2,853,376 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-30 13:37 1,642,496 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-30 02:36 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-30 02:32 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-30 02:30 --------- d-----w C:\Program Files\Nero
2008-04-30 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-30 02:06 3,510,272 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-30 02:06 1,642,496 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-30 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 02:01 1,456,640 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-25 16:22 1,578,496 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-25 16:20 1,578,496 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-04-25 16:08 1,577,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-25 05:45 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 01:59 --------- d-----w C:\Program Files\MSBuild
2008-04-25 01:55 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-25 01:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-24 23:51 2,838,528 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-24 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-23 11:29 3,484,672 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-23 11:29 1,495,040 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-04-19 20:52 3,231,232 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-19 20:52 1,482,752 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-19 20:39 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 06:53 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-04-09 07:08 1,384,448 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-09 07:08 1,099,264 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-07 08:32 --------- d-----w C:\Program Files\Zone Labs
2008-04-07 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-07 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 08:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 07:54 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-04-03 00:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-03 00:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-03 11:16 2051328 --a------ C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll" [2008-05-03 11:16 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2008-05-03 11:16 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34 245760]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 07:05 339968]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-13 02:21 14156800 C:\WINDOWS\RTHDCPL.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54 253952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-03 11:16 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 20:07 919016]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 02:50 221184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 05:28:24 258048]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-28 04:13]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 04:13]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-31 04:41]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-03 11:16]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-03 11:16]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-28 04:13]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2008-03-07 13:57]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-05-05 18:25]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-03-07 13:56]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 21:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 16:11:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-28 18:35:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-03-29 05:54:44 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 00:31:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-02 0:32:22
ComboFix-quarantined-files.txt 2008-06-02 04:32:15

Pre-Run: 176,353,001,472 bytes free
Post-Run: 176,453,435,392 bytes free

314 --- E O F --- 2008-05-30 07:01:19

#7
greyknight17

Posted 02 June 2008 - 09:19 AM

Malware Expert

Visiting Consultant
16,560 posts

Log seems to be clear. I see that you have a file sharing program installed. I don't recommend using any kind of these programs as they can contribute to malware infections and may be the reason you are getting outside connections.

#8
aramir1989

Posted 02 June 2008 - 04:37 PM

New Member

Topic Starter
Member
5 posts

These scans dont seem to be scanning my D: drive....its my recover drive and thats what i believe they are backing themselves up to. Ive restored my computer like 5 days ago...then i was running a bunch of programs that still caught malware,spyware,trojans,dialers,downloaders. is there a way to get rid of recovery drive? or any other advice?

#9
greyknight17

Posted 04 June 2008 - 01:23 PM

Malware Expert

Visiting Consultant
16,560 posts

Most of the scanners should have scanned all the drives including the D: drive.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

#10
greyknight17

Posted 11 June 2008 - 09:47 AM

Malware Expert

Visiting Consultant
16,560 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.