Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IEXPLORE.EXE VIRUS! Maybe More Please Help [Solved]

Started by EldonM , Aug 11 2009 05:26 AM

  • This topic is locked This topic is locked

#16
EldonM
Posted 19 August 2009 - 03:54 AM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
kk sorry took so long for me to get back. ill try this out and get back to you.
  • 0

Advertisements

#17
Perplexus
Posted 20 August 2009 - 10:37 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
No problem, I'm still here :)
  • 0

#18
EldonM
Posted 22 August 2009 - 04:53 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
****UPDATE****

Ok I'm not fully done, but I wanted to say this before hand.

I ran the CFScript...went fine, but then Kapersky thingy suddenly started working and I didn't even start it. Just turned came on all on its own. So I ran that scanner and omg it took a full 2 and a half days undisturbed to scan my computer. Yes I said it. 2 days. Just to find nothing.

RootRepeal Step.

Again this is not working. It'll run for a few seconds then become a Not Responding Program. (Will Explain More Soon)

I am currently running the ESET Online Scanner. So far nothing major happened. I did seem to bump me off the internet but it could have been a coincidence. Happens with wireless. Currently at 34% Scanned.

Now some issues I have noticed since I've started this forum.

1. I have notice my system is taking alooooot longer to boot up and shutdown. Also programs such as Firefox, Games, and what not are running very slowly (Not internet lag but loading in general.
2. Which is actually the real problem. Any program I run not alot but regularly have be either become Not Responding upon opening or with have little spikes where is becomes Not Responding and then go back to normal. This is a first.

Also I have decided to remove AVG and disable Window Defender till I resolve this problem. I also have been disconnecting this computer from the internet when not in use and have not been surfing the web other then GeeksToGo via my gmail replys.

Once ESET is complete i will write back with the results.

COMBOFIX LOG

ComboFix 09-08-18.01 - pc 9/2009 Wed 5:59.4.2 - NTFSx86
Running from: c:\users\pc\Desktop\ComboFix.Com.exe
Command switches used :: c:\users\pc\Desktop\CFScript.txt
SP: MalwareRemovalBot *disabled* (Updated) {A1232420-73C1-4975-8BAE-9C821D8B8D78}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-5MJSP.lnk"
"c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-F2V8N.lnk"
"c:\windows\system32\drivers\06659393.sys"
"c:\windows\system32\drivers\62378827.sys"
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\drivers\fidbox.idx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-5MJSP.lnk
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-F2V8N.lnk
c:\users\pc\Desktop\Virus Removal Tool
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\advdis.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\arj.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\arjpack.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avlib.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avp.dt
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\Avp_io32.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avp_iont.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avp1.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avp3info.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avpgs.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avpgui.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avpmgr.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avs.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avspm.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avzkrnl.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avzproxy.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\avzscan.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\base64.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\base64p.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\basegui.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\avp_x.set
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\backup.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\bt.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\engine.dt
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\keylogger.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\klavemu.kdl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\klavemu.kfb
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\krnldrv.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\megabase.avc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\neural.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\neurald.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\neurale.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\neuralm.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\ports.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\prt.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\repair.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\rootkit.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\scripts.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signf001.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signf002.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signf003.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signf004.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signf005.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signfavp.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\signfusr.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\sr.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\srdb.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\startup.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\syscheck.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\sysipu.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\tsw.avz
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bases\verdicts.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\bl.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\btdisk.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\btimages.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\buffer.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\cab.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\crpthlpr.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\deflate.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\dmap.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\drivers\62378827.cat
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\drivers\62378827.inf
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\drivers\62378827.sys
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\drivers\drvins32.exe
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\dtreg.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\explode.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\filemap.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\fsdrvplg.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\fssync.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\getsi.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\hashcont.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\hashmd5.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\hccmp.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\ichk2.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\inflate.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\inifile.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\is-F2V8N.cfg
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\is-F2V8N.com
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\is-F2V8N.exe
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\iwgen.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\kldirobj.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\klipc.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\l_llio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\lha.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\mailmsg.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\mdmap.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\memmodsc.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\memscan.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\Microsoft.VC80.CRT.manifest
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\minizip.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\minst.exe
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\mkavio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\msoe.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\msvcm80.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\msvcp80.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\msvcr80.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\nfio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\ntfsstrm.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\ods.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\params.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\passdmap.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\pdm.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\pdm2rt.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\prkernel.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\prloader.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\procmon.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\prremote.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\prseqio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\prutil.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\pxstub.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\qb.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\rar.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\reggrd.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\regmap.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\report.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\report\detected.idx
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\report\detected.rpt
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\report\eventlog.rpt
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\report\report.rpt
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\resip.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\scmhlpr.dll
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\sfdb.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\avz.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\avzkrnl.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\credits.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\hints.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\iso3166-1.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\main.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\oas.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\prot.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\report.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\scan.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\service.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\en\settings.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\enums.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\activity.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\application.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\Arrow.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\background.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\badmail.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\banner.gif
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\Banner.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\battery.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\bootsect.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\collapse.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\danger24.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\danger32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\dialer.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\disk.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\display.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\error.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\expand.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\floppy.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\Goodmail.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\gripper.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\help.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\help16.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\i16.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\i24.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\i32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\ids.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\ie.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\info.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\integrity.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\internet.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\internet16.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\intranet.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kav_en.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kav_ru.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kav2006.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kav2006rus.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_bs.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_caps.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_ctrl.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_enter.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_lshift.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_normal.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_rshift.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_slash.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_space.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kbdbtn_tab.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\key.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\kl.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\local.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\lockbutton.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\locked.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\logo.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\mail.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\mail_bad.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\main_off16.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\main_off32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\main_on16.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\main_on32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\memory.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\msg_bad.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\msg_deleted.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\msg_good.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\msg_new.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\msg_question.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\navstate.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\navstate2.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\network.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\nonrecursive.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\notepad.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\Notify.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\office.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\ok.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\ok24.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\ok32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\password.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\pause.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\popup_allowed.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\popup_blocked.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\Privacy.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\rdisk.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\regedit.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\regicons.ico
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\run.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\settings.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\startupobj.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\stealth.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\stop.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\t_hdr.bmp
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\t_row.bmp
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\taskbar.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antihacker32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antihackerX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antispam32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antispamX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antispy32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\antispyX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\datafiles.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\datafiles32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\file32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\fileX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\mail32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\mailX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\pdm32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\pdmX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\prot32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\protection.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\scan32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\scanX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\support.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\support32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\updater32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\updaterX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\web32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\tasks\webX.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\title.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\trusted.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\unkobj.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\unlocked.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\visa.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\warning.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\warning24.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\warning32.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\images\wizard.png
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\avz.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\main.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\oas.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\prot.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\report.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\scan.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\service.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\layout\settings.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\prot.loc
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\skin.ini
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\skin\sounds\Infected.wav
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\startup.exe
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\stdcomp.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\stenum2.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\stored.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\superio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\tempfile.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\thpimpl.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\timer.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\tm.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\unarj.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\uniarc.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\unlzx.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\unreduce.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\unshrink.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\unstored.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\vmarea.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\wdiskio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\winreg.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\xorio.ppl
c:\users\pc\Desktop\Virus Removal Tool\is-F2V8N\zcompare.ppl
c:\users\pc\Desktop\Virus Removal Tool\Log.bat
c:\users\pc\Desktop\Virus Removal Tool\Scan.bat
c:\users\pc\Desktop\Virus Removal Tool\Script.bat
c:\users\pc\Desktop\Virus Removal Tool\Start.lnk
c:\users\pc\Desktop\Virus Removal Tool\unins000.dat
c:\users\pc\Desktop\Virus Removal Tool\unins000.exe
c:\windows\Cursors\aero_link.cur
c:\windows\system32\drivers\06659393.sys
c:\windows\system32\drivers\62378827.sys
c:\windows\system32\drivers\fidbox.dat . . . . failed to delete
c:\windows\system32\drivers\fidbox.idx . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-5MJSPDRV
-------\Legacy_IS-F2V8NDRV
-------\Service_is-5MJSPdrv
-------\Service_is-F2V8Ndrv


((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-14 17:15 . 2009-08-14 17:15 -------- d-----w- c:\programdata\is-QLM61
2009-08-14 17:14 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\80355064.sys
2009-08-14 17:14 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\80496249.sys
2009-08-14 10:22 . 2009-08-14 10:22 -------- d-----w- c:\programdata\is-26O5D
2009-08-14 10:22 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\52506116.sys
2009-08-13 12:21 . 2009-08-19 10:15 45217824 ------w- c:\windows\system32\drivers\fidbox.dat
2009-08-13 12:13 . 2009-08-13 12:13 -------- d-----w- c:\programdata\is-5MJSP
2009-08-13 12:11 . 2009-08-13 12:11 -------- d-----w- c:\programdata\is-F2V8N
2009-08-12 02:28 . 2009-08-12 03:05 -------- d-s---w- C:\ComboFix
2009-08-12 02:22 . 2009-08-12 02:22 -------- d-----w- C:\_OTS
2009-08-11 23:25 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:25 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:25 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:25 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:25 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:25 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:25 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:24 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 00:49 . 2009-08-11 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 00:49 . 2009-08-13 19:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 00:48 . 2009-08-13 19:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-11 00:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 00:45 . 2009-08-11 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 00:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:45 . 2009-08-18 18:13 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-10 22:42 . 2009-08-10 22:42 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-10 22:42 . 2009-08-10 22:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-10 22:42 . 2009-08-10 22:42 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-10 22:42 . 2009-08-10 22:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 22:42 . 2009-08-18 21:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-10 22:42 . 2009-08-11 18:30 -------- d-----w- c:\programdata\avg8
2009-08-10 22:42 . 2009-08-10 22:42 -------- d-----w- c:\program files\AVG
2009-08-10 22:37 . 2009-08-10 22:37 -------- d-----w- c:\users\pc\AppData\Roaming\AVG8
2009-08-10 19:34 . 2009-08-10 19:34 -------- d-----w- c:\program files\Enigma Software Group
2009-07-23 20:40 . 2009-07-23 20:40 -------- d-----w- c:\users\pc\AppData\Local\Blizzard Entertainment
2009-07-20 20:05 . 2009-05-09 04:03 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 10:19 . 2009-07-01 20:54 -------- d-----w- c:\program files\iCall
2009-08-19 10:15 . 2009-08-13 12:21 321560 ------w- c:\windows\system32\drivers\fidbox.idx
2009-08-15 21:57 . 2009-05-04 02:09 -------- d-----w- c:\program files\Steam
2009-08-12 04:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 00:49 . 2008-05-10 04:42 -------- d-----w- c:\program files\Java
2009-08-10 19:19 . 2009-06-25 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 11:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 20:23 . 2009-06-25 16:54 -------- d-----w- c:\programdata\Yahoo!
2009-07-15 20:23 . 2008-05-10 04:55 -------- d-----w- c:\program files\Yahoo!
2009-07-09 22:29 . 2009-04-08 18:21 74352 ----a-w- c:\users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 12:42 . 2009-05-04 02:09 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 21:15 . 2009-06-29 21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\DivX
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 07:01 . 2009-04-08 18:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 17:37 . 2009-06-25 17:37 -------- d-----w- c:\users\pc\AppData\Roaming\EyeballChatUserData
2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Microsoft
2009-06-25 17:18 . 2009-06-25 17:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 16:55 . 2009-06-25 16:55 -------- d-----w- c:\users\pc\AppData\Roaming\Yahoo!
2009-06-25 13:52 . 2009-06-25 13:52 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2009-06-22 10:48 . 2009-06-22 10:48 29422 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-06-22 10:48 . 2009-06-22 10:48 23558 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-06-15 15:24 . 2009-07-15 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-26 23:50 . 2009-06-25 19:09 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-13_01.38.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-14 17:18 45140 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-08-19 10:17 76114 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 18:17 . 2009-08-19 10:17 10862 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-976446966-681447286-595784949-1000_UserData.bin
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-08 18:13 . 2009-08-18 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 18:13 . 2009-08-18 21:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 18:13 . 2009-08-18 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-08-13 01:38 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 51200 c:\windows\inf\infpub.dat
+ 2009-08-19 10:15 . 2009-08-19 10:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-19 10:15 . 2009-08-19 10:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-03 06:57 . 2009-08-15 21:34 174886 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-08-17 21:54 625384 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-12 17:55 625384 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-17 21:54 116946 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-12 17:55 116946 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:44 . 2009-08-14 17:16 302968 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:44 . 2009-08-10 19:47 302968 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 10:25 . 2009-08-13 01:38 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:22 . 2009-08-12 17:48 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-08-13 19:44 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-29 20:17 . 2009-08-13 12:26 23948282 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" [2008-12-18 1587576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-14 2007832]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-QLM61.lnk - c:\users\pc\Desktop\Virus Removal Tool4\is-QLM61\startup.exe [2009-8-14 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-3 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A0F3010C-EDED-448F-BA34-A7C4F648124F}"= Profile=Public|c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{8D694A1D-5C1C-45D7-9F9C-3E49FCF20725}"= Profile=Public|c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{3BD4EACE-D721-439B-9994-87AFFE21AE6F}"= Profile=Public|c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{14EBA6E8-0DFA-4150-8D5A-6A1E40140308}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3B8E3CD7-3B86-4C76-83DA-B9DB034B351F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9456FEA2-0226-4BB1-9E2D-6E51EBE0BBD4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C1D1AF4-0E5E-4B9A-95DD-29E5F47E09B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C213E9A9-1DFC-480C-BB57-C8E2C1908018}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{CE1F88AE-B377-4D24-876D-6B0AA237134D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E86996D4-D31D-499E-B690-F850A4398FD0}"= UDP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{482F3615-7FE3-481D-AA71-F659A3747EC8}"= TCP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{FB4FA511-00E3-43FC-85C4-9FE20AC9DD77}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DADD39FF-CDFA-46C2-9252-16AC562489F2}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DE03CA48-6B56-4FA9-BE65-44AE64C2F754}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{29FE6ECB-6E41-41D8-9684-63590ED4F112}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AAF611EC-321C-4D14-BB44-106B644488AD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA68B420-2AF4-4657-9E8C-30AE7C0F97A5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C628AA5-B52C-4F06-8083-FA0D4869D344}"= Disabled:c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B6459DBC-DB5A-4B61-980C-AAF27FB4719D}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{FC0DF4FE-77B0-4F44-BCA6-387092A82E09}"= Disabled:c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{701E631E-FBC0-4EEB-858E-7C9BF48D7F8A}c:\\program files\\icall\\icall.exe"= Disabled:UDP:c:\program files\icall\icall.exe:iCall Internet Phone
"UDP Query User{6F97430B-0992-4967-9FB4-8CC5B4490E11}c:\\program files\\icall\\icall.exe"= Disabled:TCP:c:\program files\icall\icall.exe:iCall Internet Phone
"{96765EEC-C146-4BEC-AACB-CEA36DC87C7B}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{96DA82C9-C224-4E2B-AE96-10EFC01CB1CE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{220E9EDD-F31B-48B6-A15C-890118F8D3C1}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{843C02F3-24CB-4447-85CE-72D30FF5AAD2}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{28F793EB-BE69-4C5D-ADA4-6985E44C9F60}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{B1E3FD48-712A-455A-8C1E-E51926FA32A4}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{0823A206-DD42-4147-9775-E4DC33716378}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EF15B55F-B1B4-4512-A747-3F22CFD5586E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{57B8AE1D-F467-42FD-A3F3-CE28E0C527D3}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{63AA6243-B375-4007-9DC1-1633C1D0B293}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{B1EE2C43-2DBF-4BA9-BAE7-084B0C2F882C}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{86CED3BA-C518-47F4-93EE-51D483CA6F63}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisabledInterfaces"= {4E04C502-EDEC-449A-8A2C-135C7CCF7662},{AB7FBB3F-AAAD-447C-97C0-9EFCFC1C3A01}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\iCall\\iCall.exe"= c:\program files\iCall\iCall.exe:*:Enabled:iCall

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [8/10/2009 6:42 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/10/2009 6:42 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/10/2009 6:42 PM 108552]
R1 is-26O5Ddrv;is-26O5Ddrv;c:\windows\System32\drivers\52506116.sys [8/14/2009 6:22 AM 148496]
R1 is-IUVMDdrv;is-IUVMDdrv;c:\windows\System32\drivers\80496249.sys [8/14/2009 1:14 PM 148496]
R1 is-QLM61drv;is-QLM61drv;c:\windows\System32\drivers\80355064.sys [8/14/2009 1:14 PM 148496]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/10/2009 6:42 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/10/2009 6:42 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 12:49 AM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [5/3/2009 9:43 PM 472832]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\pc\Desktop\SysProt\SysProtDrv.sys [8/11/2009 7:11 AM 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldofwarcraft.com/info/classes/talent-index/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\hwov6o0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 06:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000000A7DD94D4AC3F84C3D 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3716)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\users\pc\Desktop\Virus Removal Tool4\is-QLM61\is-QLM61.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-19 6:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 10:22
ComboFix2.txt 2009-08-13 12:27
ComboFix3.txt 2009-08-13 01:43
ComboFix4.txt 2009-08-12 03:05

Pre-Run: 57,460,240,384 bytes free
Post-Run: 56,981,180,416 bytes free

579 --- E O F --- 2009-08-18 00:10

Edited by EldonM, 22 August 2009 - 04:58 PM.

  • 0

#19
EldonM
Posted 22 August 2009 - 05:55 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
****UPDATE****
ESET Online Scanner Done and Found Nothing.
  • 0

#20
Perplexus
Posted 23 August 2009 - 07:41 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi EldonM,

Sorry the scan took so long. That tends to happen when antivirus programs are not disabled. Clean scans are always good :)

Let's continue on and then we'll see about speeding it up :)


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\windows\system32\drivers\80355064.sys
c:\windows\system32\drivers\80496249.sys
c:\windows\system32\drivers\52506116.sys
c:\windows\system32\drivers\fidbox.dat
c:\windows\TEMP\TMP0000000A7DD94D4AC3F84C3D

Folder::
c:\programdata\is-QLM61
c:\programdata\is-26O5D
c:\programdata\is-5MJSP
c:\programdata\is-F2V8N
c:\users\pc\Desktop\Virus Removal Tool4

Registry::

Driver::
is-26O5Ddrv
is-IUVMDdrv
is-QLM61drv

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#21
EldonM
Posted 23 August 2009 - 05:00 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ComboFix 09-08-22.06 - pc 3/2009 Sun 18:41.5.2 - NTFSx86
Running from: c:\users\pc\Desktop\ComboFix.Com.exe
Command switches used :: c:\users\pc\Desktop\CFScript.txt
SP: MalwareRemovalBot *disabled* (Updated) {A1232420-73C1-4975-8BAE-9C821D8B8D78}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\52506116.sys"
"c:\windows\system32\drivers\80355064.sys"
"c:\windows\system32\drivers\80496249.sys"
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\TEMP\TMP0000000A7DD94D4AC3F84C3D"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\is-26O5D
c:\programdata\is-26O5D\~PRCustomProps#122.dat
c:\programdata\is-26O5D\~PRObjects#122.dat
c:\programdata\is-5MJSP
c:\programdata\is-5MJSP\~PRCustomProps#122.dat
c:\programdata\is-5MJSP\~PRObjects#122.dat
c:\programdata\is-F2V8N
c:\programdata\is-F2V8N\~PRCustomProps#122.dat
c:\programdata\is-F2V8N\~PRObjects#122.dat
c:\programdata\is-QLM61
c:\programdata\is-QLM61\~PRCustomProps#122.dat
c:\programdata\is-QLM61\~PRObjects#122.dat
c:\windows\system32\drivers\52506116.sys
c:\windows\system32\drivers\80496249.sys
c:\windows\system32\drivers\fidbox.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-26O5DDRV
-------\Legacy_IS-IUVMDDRV
-------\Legacy_IS-QLM61DRV
-------\Service_is-26O5Ddrv
-------\Service_is-IUVMDdrv


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 22:48 . 2009-08-23 22:51 -------- d-----w- c:\users\pc\AppData\Local\temp
2009-08-23 22:48 . 2009-08-23 22:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-23 22:48 . 2009-08-23 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-22 17:20 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-22 17:20 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-22 17:20 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-22 17:20 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-22 17:20 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-22 17:20 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-22 17:20 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-22 17:20 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-20 08:48 . 2009-08-20 08:48 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-12 02:28 . 2009-08-12 03:05 -------- d-s---w- C:\ComboFix
2009-08-12 02:22 . 2009-08-12 02:22 -------- d-----w- C:\_OTS
2009-08-11 23:25 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:25 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:25 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:25 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:25 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:25 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:25 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:24 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 00:49 . 2009-08-11 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 00:49 . 2009-08-13 19:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 00:48 . 2009-08-13 19:59 -------- d-----w- c:\programdata\Lavasoft
2009-08-11 00:45 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 00:45 . 2009-08-11 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 00:45 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:42 . 2009-08-10 22:42 -------- d-----w- c:\program files\AVG
2009-08-10 19:34 . 2009-08-10 19:34 -------- d-----w- c:\program files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 22:50 . 2009-08-13 12:21 8568704 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-08-22 17:30 . 2009-07-01 20:54 -------- d-----w- c:\program files\iCall
2009-08-15 21:57 . 2009-05-04 02:09 -------- d-----w- c:\program files\Steam
2009-08-12 04:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 00:49 . 2008-05-10 04:42 -------- d-----w- c:\program files\Java
2009-08-10 19:19 . 2009-06-25 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 11:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 20:23 . 2009-06-25 16:54 -------- d-----w- c:\programdata\Yahoo!
2009-07-15 20:23 . 2008-05-10 04:55 -------- d-----w- c:\program files\Yahoo!
2009-07-09 22:29 . 2009-04-08 18:21 74352 ----a-w- c:\users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-03 12:42 . 2009-05-04 02:09 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 21:15 . 2009-06-29 21:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\DivX
2009-06-28 13:30 . 2009-05-04 03:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 07:01 . 2009-04-08 18:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 17:37 . 2009-06-25 17:37 -------- d-----w- c:\users\pc\AppData\Roaming\EyeballChatUserData
2009-06-25 17:26 . 2009-06-25 17:26 -------- d-----w- c:\program files\Microsoft
2009-06-25 17:18 . 2009-06-25 17:18 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 16:55 . 2009-06-25 16:55 -------- d-----w- c:\users\pc\AppData\Roaming\Yahoo!
2009-06-25 13:52 . 2009-06-25 13:52 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2009-06-22 10:48 . 2009-06-22 10:48 29422 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-06-22 10:48 . 2009-06-22 10:48 23558 ----a-r- c:\users\pc\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-06-15 15:24 . 2009-07-15 10:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 10:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 10:58 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 10:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-26 23:50 . 2009-06-25 19:09 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-13_01.38.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 17:20 . 2009-06-15 15:00 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\secur32.dll
+ 2009-08-22 17:20 . 2009-06-15 14:53 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\secur32.dll
+ 2009-08-22 17:20 . 2009-06-15 15:25 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\secur32.dll
+ 2009-08-22 17:20 . 2009-06-15 15:24 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\secur32.dll
+ 2009-08-22 17:20 . 2009-06-15 15:08 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\secur32.dll
+ 2009-08-22 17:20 . 2009-06-15 15:28 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\secur32.dll
+ 2008-01-21 01:58 . 2009-08-22 23:51 45340 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-08-22 23:51 76390 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 18:17 . 2009-08-22 23:51 10910 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-976446966-681447286-595784949-1000_UserData.bin
+ 2009-04-08 18:13 . 2009-08-22 17:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-08 18:13 . 2009-08-22 17:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-08 18:13 . 2009-08-22 17:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-08 18:13 . 2009-08-12 22:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-08-23 01:11 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 51200 c:\windows\inf\infpub.dat
+ 2009-08-22 17:20 . 2009-06-15 12:51 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 12:48 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 13:03 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 12:57 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 12:59 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 13:10 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
+ 2009-08-22 17:20 . 2009-06-15 15:00 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 14:53 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 15:25 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 15:24 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 15:08 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 15:28 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\schannel.dll
+ 2009-08-22 17:20 . 2009-06-15 14:59 217600 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 14:53 218624 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 15:24 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 15:22 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 15:06 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 15:25 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\msv1_0.dll
+ 2009-08-22 17:20 . 2009-06-15 14:58 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 14:52 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 15:22 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 15:21 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 15:04 496640 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 15:23 494592 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\kerberos.dll
+ 2009-08-22 17:20 . 2009-06-15 15:00 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 14:54 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 15:26 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 15:24 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 15:09 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 15:29 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\wdigest.dll
+ 2009-08-22 17:20 . 2009-06-15 21:17 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\ksecdd.sys
+ 2009-08-22 17:20 . 2009-06-15 23:15 439864 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\ksecdd.sys
+ 2009-08-22 17:20 . 2009-06-15 18:40 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\ksecdd.sys
+ 2009-08-22 17:20 . 2009-06-15 18:20 439896 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\ksecdd.sys
+ 2009-08-22 17:20 . 2009-06-15 23:20 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\ksecdd.sys
+ 2009-08-22 17:20 . 2009-06-15 18:12 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\ksecdd.sys
+ 2009-07-03 06:57 . 2009-08-22 17:13 175998 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-08-12 17:55 625384 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-22 23:56 625384 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-12 17:55 116946 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-22 23:56 116946 c:\windows\System32\perfc009.dat
- 2006-11-02 12:44 . 2009-08-10 19:47 302968 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:44 . 2009-08-14 17:16 302968 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 10:25 . 2009-08-23 01:11 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-13 01:26 143360 c:\windows\inf\infstrng.dat
+ 2009-08-22 17:20 . 2009-06-15 14:58 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsasrv.dll
+ 2009-08-22 17:20 . 2009-06-15 14:52 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsasrv.dll
+ 2009-08-22 17:20 . 2009-06-15 15:25 1257984 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsasrv.dll
+ 2009-08-22 17:20 . 2009-06-15 15:23 1256448 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsasrv.dll
+ 2009-08-22 17:20 . 2009-06-15 15:04 1235456 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsasrv.dll
+ 2009-08-22 17:20 . 2009-06-15 15:23 1233920 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsasrv.dll
- 2006-11-02 10:22 . 2009-08-12 17:48 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-08-22 17:28 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-29 20:17 . 2009-08-13 12:26 23948282 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" [2008-12-18 1587576]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-3 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A0F3010C-EDED-448F-BA34-A7C4F648124F}"= Profile=Public|c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{8D694A1D-5C1C-45D7-9F9C-3E49FCF20725}"= Profile=Public|c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{3BD4EACE-D721-439B-9994-87AFFE21AE6F}"= Profile=Public|c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{14EBA6E8-0DFA-4150-8D5A-6A1E40140308}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3B8E3CD7-3B86-4C76-83DA-B9DB034B351F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9456FEA2-0226-4BB1-9E2D-6E51EBE0BBD4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C1D1AF4-0E5E-4B9A-95DD-29E5F47E09B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C213E9A9-1DFC-480C-BB57-C8E2C1908018}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{CE1F88AE-B377-4D24-876D-6B0AA237134D}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E86996D4-D31D-499E-B690-F850A4398FD0}"= UDP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{482F3615-7FE3-481D-AA71-F659A3747EC8}"= TCP:c:\users\Public\Games\World of Warcraft\Launcher.exe:World of Warcraft
"{FB4FA511-00E3-43FC-85C4-9FE20AC9DD77}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DADD39FF-CDFA-46C2-9252-16AC562489F2}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:BackgroundDownloader
"{DE03CA48-6B56-4FA9-BE65-44AE64C2F754}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{29FE6ECB-6E41-41D8-9684-63590ED4F112}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AAF611EC-321C-4D14-BB44-106B644488AD}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA68B420-2AF4-4657-9E8C-30AE7C0F97A5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8C628AA5-B52C-4F06-8083-FA0D4869D344}"= Disabled:c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B6459DBC-DB5A-4B61-980C-AAF27FB4719D}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{FC0DF4FE-77B0-4F44-BCA6-387092A82E09}"= Disabled:c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{701E631E-FBC0-4EEB-858E-7C9BF48D7F8A}c:\\program files\\icall\\icall.exe"= Disabled:UDP:c:\program files\icall\icall.exe:iCall Internet Phone
"UDP Query User{6F97430B-0992-4967-9FB4-8CC5B4490E11}c:\\program files\\icall\\icall.exe"= Disabled:TCP:c:\program files\icall\icall.exe:iCall Internet Phone
"{96765EEC-C146-4BEC-AACB-CEA36DC87C7B}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{96DA82C9-C224-4E2B-AE96-10EFC01CB1CE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{57B8AE1D-F467-42FD-A3F3-CE28E0C527D3}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{63AA6243-B375-4007-9DC1-1633C1D0B293}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{B1EE2C43-2DBF-4BA9-BAE7-084B0C2F882C}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{86CED3BA-C518-47F4-93EE-51D483CA6F63}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{14526CF1-2445-4679-9AF7-B984CB94D5D1}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader
"{53341440-6DEC-4A06-B095-D16BB10DDD71}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\iCall\\iCall.exe"= c:\program files\iCall\iCall.exe:*:Enabled:iCall

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 12:49 AM 24652]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\System32\drivers\A3AB.sys [5/3/2009 9:43 PM 472832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldofwarcraft.com/info/classes/talent-index/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\hwov6o0m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 18:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1604)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-23 18:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 22:55
ComboFix2.txt 2009-08-19 10:22
ComboFix3.txt 2009-08-13 12:27
ComboFix4.txt 2009-08-13 01:43
ComboFix5.txt 2009-08-23 22:37

Pre-Run: 51,331,055,616 bytes free
Post-Run: 51,147,165,696 bytes free

300 --- E O F --- 2009-08-22 17:26
  • 0

#22
Perplexus
Posted 23 August 2009 - 06:05 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
How is your machine running now?
  • 0

#23
EldonM
Posted 24 August 2009 - 01:25 PM

EldonM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
well... nothing has been acting funny no Not Responding or Freeze up since then, no mysterious running process. I guess Thumbs Up and Good to let it hit the road again :). Big Kudos and Ty again Perplexus. :) Make sure to get a raise after dealing with this problem for what a week and a half now >.< lol ty for sticky it through.
  • 0

#24
Perplexus
Posted 24 August 2009 - 01:59 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
It's been my pleasure :)

Well done! Your log appears clean! :)

------------------
Step 1:
------------------

We're almost done. We need to do some clean up and get you on your way.

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
(This will remove all restore points to rid your machine of saved infected files and create a new restore point)

------------------
Step 2:
------------------

We need to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions.

  • Run OTS.exe
  • Click the Clean Up button in top right corner.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Now delete any logs that you have left over on your desktop.


------------------
Step 3:
------------------

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Note: It is a good idea to run TFC to clear out all your temp files every now and again. This helps to keep your computer running more efficiently. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


------------------
Step 4:
------------------

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vunerable.

Please go to Microsoft's Windows Update and download all the critical updates to help prevent possible re-infection.

It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.

---------------------------------------------------------------------------------------------

This is a good time to set up protection against further attacks. Read our How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker, and a real time spyware program to prevent malware intrusions. Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

---------------------------------------------------------------------------------------------

Anti Virus Programs

One AntiVirus is a must have! But never more than one, as this can and will cause conflicts and false readings. It is imperative that you have an antivirus program installed on your computer to browse safely in the world of today's internet. Antivirus programs will find and delete any malicious files on your computer as well as protecting your computer from such files in the first place. The best of your antivirus program options are these:

---------------------------------------------------------------------------------------------

Personal Firewalls

Firewalls help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are some free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

---------------------------------------------------------------------------------------------

Anti Spyware

Anti Spyware helps to eliminate certain types of infections. I would recommend getting these and running the scans at least twice a month. Also a real-time protector is beneficial to stop infections before they start. SpywareGuard is an excellent choice here.
  • Posted ImageSUPERAntiSpyware is a powerful tool that can eliminate nasties that make it onto your machine.
  • Posted ImageSpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • Posted ImageSpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

---------------------------------------------------------------------------------------------

Safer Web Browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are some good free alternatives:
All are faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

If you choose FireFox, here are a couple of addons that I recommend:
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must have if you do alot of Google searches.

---------------------------------------------------------------------------------------------

Other Recommendations

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Take Care and Happy Surfing! :)
  • 0

#25
Perplexus
Posted 26 August 2009 - 05:19 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP