Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/adware.Virtumonde please help me hjt log [RESOLVED]

Started by ChristineBin , Sep 08 2008 10:33 PM

  • This topic is locked This topic is locked

#16
fenzodahl512
Posted 10 September 2008 - 11:32 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

[kill explorer]
C:\Documents and Settings\All Users\Start Menu\Programs\as software\ActualSpy.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DIR8HEZ
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1A7KTUJ
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTENSPY3
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5ARSL6B
EmptyTemp
purity
[start explorer]

[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Post me OTMoveIt2 log.. Then tell me, how is your computer now? :)
  • 0

Advertisements

#17
ChristineBin
Posted 11 September 2008 - 08:38 AM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is the new log. My computer is running good! Do you think everything is ok now? I really appreciate your wisdom and thoroughness! You are very talented. Thank you for everything. I will await your next response. :)







Explorer killed successfully
C:\Documents and Settings\All Users\Start Menu\Programs\as software\ActualSpy.exe moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DIR8HEZ moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1A7KTUJ moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CTENSPY3 moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5ARSL6B moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF1309.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFCEF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_59c.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09112008_103149

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\~DF1309.tmp not found!
C:\DOCUME~1\User\LOCALS~1\Temp\~DFCEF2.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_59c.dat not found!
  • 0

#18
fenzodahl512
Posted 11 September 2008 - 08:43 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. run HijackThis again and post me the log for my final review :)
  • 0

#19
ChristineBin
Posted 11 September 2008 - 09:21 AM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:56 AM, on 9/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HomeBase\HomeBase.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Keyboard Express 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 7857 bytes
  • 0

#20
fenzodahl512
Posted 11 September 2008 - 09:33 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:


I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




NEXT


Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#21
ChristineBin
Posted 12 September 2008 - 08:56 AM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
My computer is running great thanks to you! Is there any way I can send you some money as a gratitude for the help you have offered me? I am so grateful. You are very amazing. Thanks again :)
  • 0

#22
ChristineBin
Posted 12 September 2008 - 09:14 AM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I do have one other quick question. I am cleaning my computer up , as recomended, and getting rid of programs I do not need. I installed a printer awhile back that I no longer have or use. The problem is when I go to add or remove programs. I click the program I want to delete (epson attach to e-mail) and (Epson copy utility) and when I click delete. It says the following error message. "Install Shield ® has encountered a problem and needs to close" Then I am unable to delete the program. I have 6 of these that all start with Epson in my program files. I took the computer back and have no idea what model number I purchased in the first place.
  • 0

#23
fenzodahl512
Posted 12 September 2008 - 10:40 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Try uninstall using Revo Uninstaller...

http://www.revounins...e_download.html
  • 0

#24
ChristineBin
Posted 16 September 2008 - 10:39 AM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I think the virus is still there! My computer is running really slow and I have 50 applications running when I press control alt delete! I am doing a virus scan right now with Avira (the virus scanner you had me download) can we check my computer one last time?
  • 0

#25
fenzodahl512
Posted 16 September 2008 - 11:02 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

I think the virus is still there! My computer is running really slow and I have 50 applications running when I press control alt delete! I am doing a virus scan right now with Avira (the virus scanner you had me download) can we check my computer one last time?



Ok.. lets do this...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply...

1. ESET Online Scanner
2. RSIT log.txt (after ESET step)
  • 0

Advertisements

#26
ChristineBin
Posted 16 September 2008 - 08:03 PM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
here is the file. I am not sure whats going on. I have so many processes running still. This morning There was a Blinking yellow shield from Microsoft saying I needed to update my software. So i pressed it and it started downloading. I dont know if it finished because my COMODO firewall kept coming up and I did not know which parts to allow or not.
Maybe that is a cause. I dont know. I also read the link you gave me about a slow computer and cleaned a lot of my files and did what it said. My computer normally runs pretty fast. its moving slower lately.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3447 (20080916)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=2186614b75ad8340a0b98e48a18b6ff3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-17 01:53:30
# local_time=2008-09-16 09:53:30 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=240323
# found=0
# scan_time=11852
  • 0

#27
ChristineBin
Posted 16 September 2008 - 08:05 PM

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Logfile of random's system information tool 1.02 (written by random/random)
Run by User at 2008-09-16 22:04:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 89 GB (78%) free of 114 GB
Total RAM: 503 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:42 PM, on 9/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\KEYBOA~1\keyexp.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.0.1091 (User 'Default user')
O4 - Global Startup: Keyboard Express 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 7056 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42A7CE31-CEE7-4CCE-A060-A44A7E52E062}]
Watch for Browser Events - C:\PROGRA~1\KEYBOA~1\kie.dll [2004-02-23 452608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} - TextAloud - C:\PROGRA~1\TEXTAL~1\TAForIE.dll [2007-08-25 658432]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-09-12 1655552]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Keyboard Express 3.lnk - C:\PROGRA~1\KEYBOA~1\keyexp.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-09-16 18:32:13 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-16 10:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-16 03:06:40 ----D---- C:\WINDOWS\Prefetch
2008-09-16 01:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-16 01:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-16 01:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-16 01:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-16 01:43:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-16 01:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-16 01:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-16 01:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-16 01:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-16 01:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-16 01:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-09-16 01:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-16 01:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-16 01:37:02 ----D---- C:\WINDOWS\system32\en-us
2008-09-16 01:37:00 ----D---- C:\WINDOWS\system32\scripting
2008-09-16 01:36:59 ----D---- C:\WINDOWS\l2schemas
2008-09-16 01:36:58 ----D---- C:\WINDOWS\system32\en
2008-09-16 01:31:16 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-16 01:27:52 ----D---- C:\WINDOWS\network diagnostic
2008-09-16 01:21:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-14 11:59:26 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-14 11:59:23 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-14 11:59:17 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-14 11:59:15 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-14 11:59:14 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-14 11:59:05 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-14 11:59:05 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-14 11:58:56 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-14 11:58:54 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-14 11:58:53 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-14 11:58:53 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-14 11:58:53 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-14 11:58:53 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-14 11:58:53 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-14 11:58:53 ----N---- C:\WINDOWS\slrundll.exe
2008-09-14 11:58:49 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-14 11:58:47 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-14 11:58:45 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-14 11:58:43 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-14 11:58:42 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-14 11:58:41 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-14 11:58:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-14 11:58:41 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-14 11:58:39 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-14 11:58:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-14 11:58:33 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-14 11:58:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-14 11:58:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-14 11:58:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-14 11:58:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-14 11:58:24 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-14 11:58:24 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-14 11:58:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-14 11:58:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-14 11:58:03 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-14 11:58:02 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-14 11:58:02 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-14 11:58:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-14 11:58:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-14 11:57:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-14 11:57:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-14 11:57:45 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-14 11:57:45 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-14 11:57:45 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-14 11:57:45 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-14 11:57:32 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-14 11:57:31 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-14 11:57:26 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-14 11:57:20 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-14 11:57:10 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-14 11:57:10 ----A---- C:\WINDOWS\003088_.tmp
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-14 11:57:07 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-14 11:57:03 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-14 11:57:02 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-14 11:57:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-14 11:57:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-14 11:57:00 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-14 11:56:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-14 11:56:48 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-14 11:56:46 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-14 11:56:46 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-14 11:56:46 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-14 11:56:45 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-14 11:56:45 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-14 11:56:45 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-14 11:56:45 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-14 11:56:36 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-12 12:47:11 ----D---- C:\Program Files\VS Revo Group
2008-09-12 10:57:48 ----SHD---- C:\RECYCLER
2008-09-12 10:28:26 ----D---- C:\Documents and Settings\User\Application Data\Comodo
2008-09-12 10:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-12 10:28:25 ----A---- C:\WINDOWS\system32\guard32.dll
2008-09-12 10:28:23 ----D---- C:\Program Files\COMODO
2008-09-12 10:24:35 ----D---- C:\Program Files\Avira
2008-09-12 10:24:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-12 10:22:41 ----D---- C:\ComboFix
2008-09-10 22:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-10 22:59:13 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-10 22:59:13 ----A---- C:\WINDOWS\system32\java.exe
2008-09-10 10:40:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 10:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 10:30:59 ----A---- C:\ComboFix.txt
2008-09-10 10:21:41 ----A---- C:\Boot.bak
2008-09-10 10:21:34 ----D---- C:\cmdcons
2008-09-10 10:05:18 ----D---- C:\WINDOWS\erdnt
2008-09-09 18:08:23 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-09 18:08:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 11:05:16 ----D---- C:\rsit
2008-09-08 23:27:30 ----D---- C:\Program Files\Trend Micro
2008-09-08 10:39:05 ----D---- C:\WINDOWS\pss
2008-09-06 11:42:46 ----D---- C:\WINDOWS\system32\bits
2008-09-06 11:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923845$
2008-09-06 11:42:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-06 11:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2008-09-06 11:29:04 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-06 10:55:39 ----SHD---- C:\WINDOWS\CSC
2008-09-06 10:55:33 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-05 22:39:09 ----D---- C:\Program Files\Common Files\Download Manager

======List of files/folders modified in the last 1 months======

2008-09-16 18:36:32 ----D---- C:\Program Files\Mozilla Firefox
2008-09-16 18:32:13 ----RD---- C:\Program Files
2008-09-16 18:32:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 18:32:10 ----D---- C:\WINDOWS\system32
2008-09-16 18:31:49 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-16 18:31:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-16 18:30:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-16 18:26:50 ----D---- C:\Program Files\TextAloud
2008-09-16 18:26:21 ----D---- C:\WINDOWS\Temp
2008-09-16 18:26:04 ----D---- C:\Program Files\Keyboard Express 3
2008-09-16 14:03:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-16 14:00:45 ----D---- C:\WINDOWS\system32\config
2008-09-16 14:00:27 ----D---- C:\WINDOWS\system32\wbem
2008-09-16 14:00:27 ----D---- C:\WINDOWS\Registration
2008-09-16 13:59:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-16 13:59:54 ----D---- C:\WINDOWS
2008-09-16 13:59:28 ----HD---- C:\WINDOWS\inf
2008-09-16 13:37:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-16 13:14:29 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-16 13:14:26 ----RSD---- C:\WINDOWS\assembly
2008-09-16 10:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-16 10:08:10 ----D---- C:\WINDOWS\Help
2008-09-16 03:31:38 ----SHD---- C:\WINDOWS\Installer
2008-09-16 03:31:37 ----HD---- C:\Config.Msi
2008-09-16 03:30:20 ----D---- C:\WINDOWS\WinSxS
2008-09-16 03:07:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-16 03:07:01 ----A---- C:\WINDOWS\setuplog.txt
2008-09-16 03:06:16 ----D---- C:\WINDOWS\system32\Setup
2008-09-16 03:06:16 ----D---- C:\WINDOWS\AppPatch
2008-09-16 03:06:16 ----D---- C:\Program Files\Outlook Express
2008-09-16 03:06:14 ----RSD---- C:\WINDOWS\Fonts
2008-09-16 03:06:10 ----D---- C:\WINDOWS\system32\drivers
2008-09-16 01:47:31 ----D---- C:\WINDOWS\security
2008-09-16 01:44:32 ----A---- C:\WINDOWS\imsins.BAK
2008-09-16 01:42:01 ----D---- C:\Program Files\Messenger
2008-09-16 01:37:35 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-16 01:37:34 ----D---- C:\WINDOWS\ime
2008-09-16 01:37:02 ----D---- C:\WINDOWS\system32\usmt
2008-09-16 01:37:00 ----D---- C:\Program Files\Internet Explorer
2008-09-16 01:36:57 ----D---- C:\WINDOWS\PeerNet
2008-09-16 01:36:57 ----D---- C:\Program Files\Movie Maker
2008-09-16 01:30:59 ----D---- C:\WINDOWS\system32\Restore
2008-09-16 01:30:58 ----D---- C:\WINDOWS\system32\npp
2008-09-16 01:30:58 ----D---- C:\WINDOWS\mui
2008-09-16 01:30:56 ----D---- C:\WINDOWS\msagent
2008-09-16 01:30:54 ----D---- C:\WINDOWS\srchasst
2008-09-16 01:30:53 ----D---- C:\Program Files\NetMeeting
2008-09-16 01:30:50 ----D---- C:\WINDOWS\system32\Com
2008-09-16 01:30:47 ----D---- C:\Program Files\Windows Media Player
2008-09-16 01:30:46 ----D---- C:\Program Files\Windows NT
2008-09-16 01:30:41 ----D---- C:\Program Files\Common Files\System
2008-09-16 01:30:12 ----D---- C:\WINDOWS\system32\oobe
2008-09-16 01:30:09 ----D---- C:\WINDOWS\system
2008-09-16 01:25:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-16 01:21:30 ----D---- C:\WINDOWS\ehome
2008-09-15 15:05:53 ----D---- C:\Program Files\HomeBase
2008-09-12 18:06:15 ----D---- C:\WINDOWS\Debug
2008-09-12 13:08:43 ----D---- C:\Program Files\Hewlett-Packard
2008-09-12 13:07:37 ----RASH---- C:\boot.ini
2008-09-12 13:07:37 ----A---- C:\WINDOWS\win.ini
2008-09-12 13:07:37 ----A---- C:\WINDOWS\system.ini
2008-09-12 13:04:03 ----D---- C:\Program Files\HP
2008-09-12 12:00:39 ----D---- C:\Documents and Settings\User\Application Data\Skype
2008-09-12 11:08:03 ----D---- C:\Program Files\LimeWire
2008-09-12 10:37:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-12 10:31:25 ----SHD---- C:\System Volume Information
2008-09-10 23:05:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-10 23:05:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-10 22:59:12 ----D---- C:\Program Files\Java
2008-09-10 10:23:14 ----D---- C:\Program Files\Common Files
2008-09-06 15:47:04 ----D---- C:\Documents and Settings
2008-09-06 12:12:13 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-09-06 11:49:42 ----SD---- C:\WINDOWS\system32\Microsoft
2008-09-06 11:36:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-27 16:58:34 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-09-12 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-09-12 24208]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 qic157;qic157; C:\WINDOWS\system32\DRIVERS\qic157.sys [2008-04-13 6016]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-01-04 243712]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MagEpNt;MagEpNt; C:\WINDOWS\system32\drivers\MagEpNt.sys [1997-06-12 26304]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-09-12 519936]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
  • 0

#28
fenzodahl512
Posted 17 September 2008 - 04:07 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
your log looks good to me..

There was a Blinking yellow shield from Microsoft saying I needed to update my software. So i pressed it and it started downloading. I dont know if it finished because my COMODO firewall kept coming up and I did not know which parts to allow or not.


Can you show me the screenshot?.. Most probably its legit, and because the COMODO is working to block/allow that updates, it might slower your computer a bit (not to slow though)...
  • 0

#29
fenzodahl512
Posted 21 September 2008 - 12:41 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP