several baddies have been removed and things are as normal as they can be on this old machine. please tell me if there's any baddies that need delt with.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:41 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\icantdothatdave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...C6-6D5536C585C9}
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca33a4130648b4) (gupdate1ca33a4130648b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 4671 bytes
Full Version: [Resolved] Neighbor's Computer
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Hi Wes,
nothing bad showing so far, but, we'll only know it for sure if you run RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop.
Post the log.txt it generates.
Did you run Ccleaner and mbam on this system ?
Chris
nothing bad showing so far, but, we'll only know it for sure if you run RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop.
Post the log.txt it generates.
Did you run Ccleaner and mbam on this system ?
Chris
yep i ran mbam and ccleaner.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-11-03 17:28:17
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 598 MB (4%) free of 16 GB
Total RAM: 512 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:19 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...C6-6D5536C585C9}
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca33a4130648b4) (gupdate1ca33a4130648b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 4650 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-12 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-08 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe [2009-10-31 466432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-02-27 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe [2008-11-09 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-12 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-10-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2001-08-23 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE"="C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE:*:Enabled:update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcd339c-1624-11de-8c65-00e018448659}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-12-28 18:38:53 ----A---- C:\WINDOWS\system32\26z675pambot9a2.exe
2009-12-26 01:39:29 ----A---- C:\WINDOWS\5e45thiefz987.dll
2009-12-23 08:42:41 ----A---- C:\WINDOWS\12b5baczdoor279.exe
2009-12-23 03:47:03 ----A---- C:\WINDOWS\system32\1520szy9are2979.dll
2009-12-21 06:59:47 ----A---- C:\WINDOWS\1d85stez91792.exe
2009-12-20 16:19:58 ----A---- C:\WINDOWS\system32\45a69ac5dzor590.exe
2009-12-16 17:21:09 ----A---- C:\WINDOWS\f4dazd5a9e2997.dll
2009-12-16 09:01:25 ----A---- C:\WINDOWS\91820spzmbot256.exe
2009-12-14 08:13:53 ----A---- C:\WINDOWS\z9594tr5j66b.dll
2009-12-08 21:08:46 ----A---- C:\WINDOWS\system32\1z925vi9us55.dll
2009-12-06 09:16:03 ----A---- C:\WINDOWS\system32\2z931troj558.dll
2009-12-05 00:10:17 ----A---- C:\WINDOWS\6a52dowzloader2983.exe
2009-12-04 14:51:52 ----A---- C:\WINDOWS\3ffc5teaz18359.exe
2009-12-04 08:02:53 ----A---- C:\WINDOWS\6e5ethreat91z04.exe
2009-12-04 03:22:37 ----A---- C:\WINDOWS\system32\1977zvirus5a99.dll
2009-11-30 20:18:19 ----A---- C:\WINDOWS\system32\46z2s9a5bot399.exe
2009-11-23 04:27:25 ----A---- C:\WINDOWS\14493hac9tooz585.dll
2009-11-18 08:08:32 ----A---- C:\WINDOWS\system32\235fthzeat9919.exe
2009-11-16 06:06:28 ----A---- C:\WINDOWS\system32\3zaaddw5re966.dll
2009-11-14 13:47:17 ----A---- C:\WINDOWS\5519vir1z41.exe
2009-11-04 23:03:06 ----A---- C:\WINDOWS\system32\58z29orm25.dll
2009-11-03 17:22:21 ----D---- C:\Program Files\CCleaner
2009-11-03 17:20:15 ----D---- C:\rsit
2009-11-03 14:59:19 ----D---- C:\WINDOWS\LastGood
2009-11-03 12:26:42 ----SHD---- C:\Config.Msi
2009-11-03 10:53:46 ----D---- C:\Program Files\Avira
2009-11-03 10:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-03 10:49:07 ----D---- C:\Downloads
2009-11-03 08:36:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-01 18:11:14 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-11-01 18:11:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-01 18:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-01 17:41:59 ----D---- C:\Program Files\Trend Micro
2009-10-31 09:06:33 ----A---- C:\WINDOWS\system32\39576szy64a5.dll
2009-10-31 09:06:32 ----A---- C:\WINDOWS\system32\5627zvir9s197.dll
2009-10-31 09:06:32 ----A---- C:\WINDOWS\system32\25052vi5usz49.dll
2009-10-31 09:06:31 ----A---- C:\WINDOWS\system32\25z04t9oj39.exe
2009-10-31 09:06:30 ----A---- C:\WINDOWS\system32\81z5hief23689.dll
2009-10-31 09:06:29 ----A---- C:\WINDOWS\1z4a5teal1193.exe
2009-10-31 09:06:28 ----A---- C:\WINDOWS\system32\959t9ief18z.dll
2009-10-31 09:06:25 ----A---- C:\WINDOWS\25495tr9jz5e.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\system32\4159zd9ware2811.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\49b89i51834z.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\15079hackzool558.dll
2009-10-31 09:06:22 ----A---- C:\WINDOWS\system32\12221n9t-a-viruz75.exe
2009-10-31 09:06:21 ----A---- C:\WINDOWS\system32\693wozm965.exe
2009-10-31 09:06:19 ----A---- C:\WINDOWS\system32\14954not-a-viruz6e6.dll
2009-10-31 09:06:17 ----A---- C:\WINDOWS\system32\7b50szyware31039.dll
2009-10-31 09:06:17 ----A---- C:\WINDOWS\939z9y554.exe
2009-10-31 09:06:17 ----A---- C:\WINDOWS\1395bz9kdoor71.dll
2009-10-31 09:06:16 ----A---- C:\WINDOWS\system32\4395downloaze9547.dll
2009-10-31 09:06:16 ----A---- C:\WINDOWS\67445zr984.exe
2009-10-31 09:06:15 ----A---- C:\WINDOWS\28d9addwz5e2835.exe
2009-10-31 09:06:14 ----A---- C:\WINDOWS\9z65spyware1004.dll
2009-10-31 09:06:13 ----A---- C:\WINDOWS\52dvzr439.dll
2009-10-31 09:06:12 ----A---- C:\WINDOWS\system32\735eviz919.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\65a7s5a9se138z.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\5eecthr95t19z92.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\20514zrojac9.dll
2009-10-31 09:06:08 ----A---- C:\WINDOWS\zc95threat28932.dll
2009-10-31 09:06:06 ----A---- C:\WINDOWS\system32\97b9spywa5e7z5.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\system32\6967not-a-v5rus29z.dll
2009-10-31 09:06:03 ----A---- C:\WINDOWS\system32\2587zo5m17f9.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\4995spazse486.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\30842vir5s96z.exe
2009-10-31 09:06:00 ----A---- C:\WINDOWS\system32\6z0espyware5392.dll
2009-10-31 09:05:54 ----A---- C:\WINDOWS\41f6dz5n9oader2304.dll
2009-10-31 09:05:48 ----A---- C:\WINDOWS\199zvir522.dll
2009-10-31 09:05:44 ----A---- C:\WINDOWS\system32\5a68spywz9e2220.dll
2009-10-31 09:05:39 ----A---- C:\WINDOWS\system32\9z5d9wnloader1984.exe
2009-10-31 09:05:39 ----A---- C:\WINDOWS\6b6zspa9s51595.exe
2009-10-31 09:05:37 ----A---- C:\WINDOWS\system32\158z9not-a-v9rus519.exe
2009-10-31 09:05:36 ----A---- C:\WINDOWS\system32\64e09ownloade5z674.dll
2009-10-31 09:05:36 ----A---- C:\WINDOWS\system32\16626notz9-virus1355.exe
2009-10-31 09:05:35 ----A---- C:\WINDOWS\system32\6692add5arz13259.exe
2009-10-31 09:05:35 ----A---- C:\WINDOWS\2595thiez782.exe
2009-10-31 09:05:29 ----A---- C:\WINDOWS\system32\5b9ebackdo951238z.exe
2009-10-31 09:05:29 ----A---- C:\WINDOWS\system32\546cszea92042.dll
2009-10-31 09:05:28 ----A---- C:\WINDOWS\6348spzmbot4945.exe
2009-10-31 09:05:27 ----A---- C:\WINDOWS\system32\97675orz95a.exe
2009-10-31 09:05:24 ----A---- C:\WINDOWS\system32\qca1428.tmp.exe
2009-10-20 16:48:24 ----A---- C:\WINDOWS\c57zpyware990.exe
2009-10-19 12:03:11 ----A---- C:\WINDOWS\system32\5z35not-a-vi5us819.dll
2009-10-19 11:03:58 ----A---- C:\WINDOWS\system32\5384ba5kdozr9557.dll
2009-10-17 06:30:07 ----A---- C:\WINDOWS\system32\597back9zor2235.dll
2009-10-13 03:08:11 ----HD---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 03:07:58 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 03:04:20 ----HD---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 03:04:05 ----HD---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 03:03:41 ----HD---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 03:02:10 ----HD---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 03:01:39 ----HD---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 03:01:18 ----HD---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 03:01:04 ----HD---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 03:00:41 ----HD---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-09 17:03:49 ----A---- C:\WINDOWS\13z09tro951.dll
2009-10-07 16:48:04 ----A---- C:\WINDOWS\system32\19859vzr5s4a2.exe
2009-10-07 15:26:31 ----A---- C:\WINDOWS\system32\17395hacztool4fb.exe
2009-10-04 01:08:53 ----A---- C:\WINDOWS\system32\19318wormz52.dll
======List of files/folders modified in the last 1 months======
2009-11-03 12:44:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 08:46:26 ----RASH---- C:\boot.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\win.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\system.ini
2009-10-24 03:05:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 V7;V7; C:\WINDOWS\system32\drivers\V7.sys [2000-03-09 7196]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-08 818713]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-08-08 57344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1ca33a4130648b4;Google Update Service (gupdate1ca33a4130648b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-08 323584]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2001-07-31 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-11-03 17:28:17
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 598 MB (4%) free of 16 GB
Total RAM: 512 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:19 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...C6-6D5536C585C9}
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca33a4130648b4) (gupdate1ca33a4130648b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 4650 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-12 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-08 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe [2009-10-31 466432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-02-27 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe [2008-11-09 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-12 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-10-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2001-08-23 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE"="C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE:*:Enabled:update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcd339c-1624-11de-8c65-00e018448659}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-12-28 18:38:53 ----A---- C:\WINDOWS\system32\26z675pambot9a2.exe
2009-12-26 01:39:29 ----A---- C:\WINDOWS\5e45thiefz987.dll
2009-12-23 08:42:41 ----A---- C:\WINDOWS\12b5baczdoor279.exe
2009-12-23 03:47:03 ----A---- C:\WINDOWS\system32\1520szy9are2979.dll
2009-12-21 06:59:47 ----A---- C:\WINDOWS\1d85stez91792.exe
2009-12-20 16:19:58 ----A---- C:\WINDOWS\system32\45a69ac5dzor590.exe
2009-12-16 17:21:09 ----A---- C:\WINDOWS\f4dazd5a9e2997.dll
2009-12-16 09:01:25 ----A---- C:\WINDOWS\91820spzmbot256.exe
2009-12-14 08:13:53 ----A---- C:\WINDOWS\z9594tr5j66b.dll
2009-12-08 21:08:46 ----A---- C:\WINDOWS\system32\1z925vi9us55.dll
2009-12-06 09:16:03 ----A---- C:\WINDOWS\system32\2z931troj558.dll
2009-12-05 00:10:17 ----A---- C:\WINDOWS\6a52dowzloader2983.exe
2009-12-04 14:51:52 ----A---- C:\WINDOWS\3ffc5teaz18359.exe
2009-12-04 08:02:53 ----A---- C:\WINDOWS\6e5ethreat91z04.exe
2009-12-04 03:22:37 ----A---- C:\WINDOWS\system32\1977zvirus5a99.dll
2009-11-30 20:18:19 ----A---- C:\WINDOWS\system32\46z2s9a5bot399.exe
2009-11-23 04:27:25 ----A---- C:\WINDOWS\14493hac9tooz585.dll
2009-11-18 08:08:32 ----A---- C:\WINDOWS\system32\235fthzeat9919.exe
2009-11-16 06:06:28 ----A---- C:\WINDOWS\system32\3zaaddw5re966.dll
2009-11-14 13:47:17 ----A---- C:\WINDOWS\5519vir1z41.exe
2009-11-04 23:03:06 ----A---- C:\WINDOWS\system32\58z29orm25.dll
2009-11-03 17:22:21 ----D---- C:\Program Files\CCleaner
2009-11-03 17:20:15 ----D---- C:\rsit
2009-11-03 14:59:19 ----D---- C:\WINDOWS\LastGood
2009-11-03 12:26:42 ----SHD---- C:\Config.Msi
2009-11-03 10:53:46 ----D---- C:\Program Files\Avira
2009-11-03 10:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-03 10:49:07 ----D---- C:\Downloads
2009-11-03 08:36:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-01 18:11:14 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-11-01 18:11:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-01 18:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-01 17:41:59 ----D---- C:\Program Files\Trend Micro
2009-10-31 09:06:33 ----A---- C:\WINDOWS\system32\39576szy64a5.dll
2009-10-31 09:06:32 ----A---- C:\WINDOWS\system32\5627zvir9s197.dll
2009-10-31 09:06:32 ----A---- C:\WINDOWS\system32\25052vi5usz49.dll
2009-10-31 09:06:31 ----A---- C:\WINDOWS\system32\25z04t9oj39.exe
2009-10-31 09:06:30 ----A---- C:\WINDOWS\system32\81z5hief23689.dll
2009-10-31 09:06:29 ----A---- C:\WINDOWS\1z4a5teal1193.exe
2009-10-31 09:06:28 ----A---- C:\WINDOWS\system32\959t9ief18z.dll
2009-10-31 09:06:25 ----A---- C:\WINDOWS\25495tr9jz5e.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\system32\4159zd9ware2811.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\49b89i51834z.exe
2009-10-31 09:06:24 ----A---- C:\WINDOWS\15079hackzool558.dll
2009-10-31 09:06:22 ----A---- C:\WINDOWS\system32\12221n9t-a-viruz75.exe
2009-10-31 09:06:21 ----A---- C:\WINDOWS\system32\693wozm965.exe
2009-10-31 09:06:19 ----A---- C:\WINDOWS\system32\14954not-a-viruz6e6.dll
2009-10-31 09:06:17 ----A---- C:\WINDOWS\system32\7b50szyware31039.dll
2009-10-31 09:06:17 ----A---- C:\WINDOWS\939z9y554.exe
2009-10-31 09:06:17 ----A---- C:\WINDOWS\1395bz9kdoor71.dll
2009-10-31 09:06:16 ----A---- C:\WINDOWS\system32\4395downloaze9547.dll
2009-10-31 09:06:16 ----A---- C:\WINDOWS\67445zr984.exe
2009-10-31 09:06:15 ----A---- C:\WINDOWS\28d9addwz5e2835.exe
2009-10-31 09:06:14 ----A---- C:\WINDOWS\9z65spyware1004.dll
2009-10-31 09:06:13 ----A---- C:\WINDOWS\52dvzr439.dll
2009-10-31 09:06:12 ----A---- C:\WINDOWS\system32\735eviz919.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\65a7s5a9se138z.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\5eecthr95t19z92.exe
2009-10-31 09:06:10 ----A---- C:\WINDOWS\system32\20514zrojac9.dll
2009-10-31 09:06:08 ----A---- C:\WINDOWS\zc95threat28932.dll
2009-10-31 09:06:06 ----A---- C:\WINDOWS\system32\97b9spywa5e7z5.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\system32\6967not-a-v5rus29z.dll
2009-10-31 09:06:03 ----A---- C:\WINDOWS\system32\2587zo5m17f9.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\4995spazse486.exe
2009-10-31 09:06:03 ----A---- C:\WINDOWS\30842vir5s96z.exe
2009-10-31 09:06:00 ----A---- C:\WINDOWS\system32\6z0espyware5392.dll
2009-10-31 09:05:54 ----A---- C:\WINDOWS\41f6dz5n9oader2304.dll
2009-10-31 09:05:48 ----A---- C:\WINDOWS\199zvir522.dll
2009-10-31 09:05:44 ----A---- C:\WINDOWS\system32\5a68spywz9e2220.dll
2009-10-31 09:05:39 ----A---- C:\WINDOWS\system32\9z5d9wnloader1984.exe
2009-10-31 09:05:39 ----A---- C:\WINDOWS\6b6zspa9s51595.exe
2009-10-31 09:05:37 ----A---- C:\WINDOWS\system32\158z9not-a-v9rus519.exe
2009-10-31 09:05:36 ----A---- C:\WINDOWS\system32\64e09ownloade5z674.dll
2009-10-31 09:05:36 ----A---- C:\WINDOWS\system32\16626notz9-virus1355.exe
2009-10-31 09:05:35 ----A---- C:\WINDOWS\system32\6692add5arz13259.exe
2009-10-31 09:05:35 ----A---- C:\WINDOWS\2595thiez782.exe
2009-10-31 09:05:29 ----A---- C:\WINDOWS\system32\5b9ebackdo951238z.exe
2009-10-31 09:05:29 ----A---- C:\WINDOWS\system32\546cszea92042.dll
2009-10-31 09:05:28 ----A---- C:\WINDOWS\6348spzmbot4945.exe
2009-10-31 09:05:27 ----A---- C:\WINDOWS\system32\97675orz95a.exe
2009-10-31 09:05:24 ----A---- C:\WINDOWS\system32\qca1428.tmp.exe
2009-10-20 16:48:24 ----A---- C:\WINDOWS\c57zpyware990.exe
2009-10-19 12:03:11 ----A---- C:\WINDOWS\system32\5z35not-a-vi5us819.dll
2009-10-19 11:03:58 ----A---- C:\WINDOWS\system32\5384ba5kdozr9557.dll
2009-10-17 06:30:07 ----A---- C:\WINDOWS\system32\597back9zor2235.dll
2009-10-13 03:08:11 ----HD---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 03:07:58 ----HD---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 03:04:20 ----HD---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 03:04:05 ----HD---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 03:03:41 ----HD---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 03:02:10 ----HD---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 03:01:39 ----HD---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 03:01:18 ----HD---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 03:01:04 ----HD---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 03:00:41 ----HD---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-09 17:03:49 ----A---- C:\WINDOWS\13z09tro951.dll
2009-10-07 16:48:04 ----A---- C:\WINDOWS\system32\19859vzr5s4a2.exe
2009-10-07 15:26:31 ----A---- C:\WINDOWS\system32\17395hacztool4fb.exe
2009-10-04 01:08:53 ----A---- C:\WINDOWS\system32\19318wormz52.dll
======List of files/folders modified in the last 1 months======
2009-11-03 12:44:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 08:46:26 ----RASH---- C:\boot.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\win.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\system.ini
2009-10-24 03:05:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 V7;V7; C:\WINDOWS\system32\drivers\V7.sys [2000-03-09 7196]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-08 818713]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-08-08 57344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1ca33a4130648b4;Google Update Service (gupdate1ca33a4130648b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-08 323584]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2001-07-31 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
All these have to go:
C:\WINDOWS\system32\26z675pambot9a2.exe
C:\WINDOWS\5e45thiefz987.dll
C:\WINDOWS\12b5baczdoor279.exe
C:\WINDOWS\system32\1520szy9are2979.dll
C:\WINDOWS\1d85stez91792.exe
C:\WINDOWS\system32\45a69ac5dzor590.exe
C:\WINDOWS\f4dazd5a9e2997.dll
C:\WINDOWS\91820spzmbot256.exe
C:\WINDOWS\z9594tr5j66b.dll
C:\WINDOWS\system32\1z925vi9us55.dll
C:\WINDOWS\system32\2z931troj558.dll
C:\WINDOWS\6a52dowzloader2983.exe
C:\WINDOWS\3ffc5teaz18359.exe
C:\WINDOWS\6e5ethreat91z04.exe
C:\WINDOWS\system32\1977zvirus5a99.dll
C:\WINDOWS\system32\46z2s9a5bot399.exe
C:\WINDOWS\14493hac9tooz585.dll
C:\WINDOWS\system32\235fthzeat9919.exe
C:\WINDOWS\system32\3zaaddw5re966.dll
C:\WINDOWS\5519vir1z41.exe
C:\WINDOWS\system32\58z29orm25.dll
C:\WINDOWS\system32\39576szy64a5.dll
C:\WINDOWS\system32\5627zvir9s197.dll
C:\WINDOWS\system32\25052vi5usz49.dll
C:\WINDOWS\system32\25z04t9oj39.exe
C:\WINDOWS\system32\81z5hief23689.dll
C:\WINDOWS\1z4a5teal1193.exe
C:\WINDOWS\system32\959t9ief18z.dll
C:\WINDOWS\25495tr9jz5e.exe
C:\WINDOWS\system32\4159zd9ware2811.exe
C:\WINDOWS\49b89i51834z.exe
C:\WINDOWS\15079hackzool558.dll
C:\WINDOWS\system32\12221n9t-a-viruz75.exe
C:\WINDOWS\system32\693wozm965.exe
C:\WINDOWS\system32\14954not-a-viruz6e6.dll
C:\WINDOWS\system32\7b50szyware31039.dll
C:\WINDOWS\939z9y554.exe
C:\WINDOWS\1395bz9kdoor71.dll
C:\WINDOWS\system32\4395downloaze9547.dll
C:\WINDOWS\67445zr984.exe
C:\WINDOWS\28d9addwz5e2835.exe
C:\WINDOWS\9z65spyware1004.dll
C:\WINDOWS\52dvzr439.dll
C:\WINDOWS\system32\735eviz919.exe
C:\WINDOWS\system32\65a7s5a9se138z.exe
C:\WINDOWS\system32\5eecthr95t19z92.exe
C:\WINDOWS\system32\20514zrojac9.dll
C:\WINDOWS\zc95threat28932.dll
C:\WINDOWS\system32\97b9spywa5e7z5.exe
C:\WINDOWS\system32\6967not-a-v5rus29z.dll
C:\WINDOWS\system32\2587zo5m17f9.exe
C:\WINDOWS\4995spazse486.exe
C:\WINDOWS\30842vir5s96z.exe
C:\WINDOWS\system32\6z0espyware5392.dll
C:\WINDOWS\41f6dz5n9oader2304.dll
C:\WINDOWS\199zvir522.dll
C:\WINDOWS\system32\5a68spywz9e2220.dll
C:\WINDOWS\system32\9z5d9wnloader1984.exe
C:\WINDOWS\6b6zspa9s51595.exe
C:\WINDOWS\system32\158z9not-a-v9rus519.exe
C:\WINDOWS\system32\64e09ownloade5z674.dll
C:\WINDOWS\system32\16626notz9-virus1355.exe
C:\WINDOWS\system32\6692add5arz13259.exe
C:\WINDOWS\2595thiez782.exe
C:\WINDOWS\system32\5b9ebackdo951238z.exe
C:\WINDOWS\system32\546cszea92042.dll
C:\WINDOWS\6348spzmbot4945.exe
C:\WINDOWS\system32\97675orz95a.exe
C:\WINDOWS\system32\qca1428.tmp.exe
C:\WINDOWS\c57zpyware990.exe
C:\WINDOWS\system32\5z35not-a-vi5us819.dll
C:\WINDOWS\system32\5384ba5kdozr9557.dll
C:\WINDOWS\system32\597back9zor2235.dll
C:\WINDOWS\13z09tro951.dll
C:\WINDOWS\system32\19859vzr5s4a2.exe
C:\WINDOWS\system32\17395hacztool4fb.exe
C:\WINDOWS\system32\19318wormz52.dll
If any of them won't delete, there's something still active.
Can you post the MBAM log. Run MBAM and click on the Logs tab.
C:\WINDOWS\system32\26z675pambot9a2.exe
C:\WINDOWS\5e45thiefz987.dll
C:\WINDOWS\12b5baczdoor279.exe
C:\WINDOWS\system32\1520szy9are2979.dll
C:\WINDOWS\1d85stez91792.exe
C:\WINDOWS\system32\45a69ac5dzor590.exe
C:\WINDOWS\f4dazd5a9e2997.dll
C:\WINDOWS\91820spzmbot256.exe
C:\WINDOWS\z9594tr5j66b.dll
C:\WINDOWS\system32\1z925vi9us55.dll
C:\WINDOWS\system32\2z931troj558.dll
C:\WINDOWS\6a52dowzloader2983.exe
C:\WINDOWS\3ffc5teaz18359.exe
C:\WINDOWS\6e5ethreat91z04.exe
C:\WINDOWS\system32\1977zvirus5a99.dll
C:\WINDOWS\system32\46z2s9a5bot399.exe
C:\WINDOWS\14493hac9tooz585.dll
C:\WINDOWS\system32\235fthzeat9919.exe
C:\WINDOWS\system32\3zaaddw5re966.dll
C:\WINDOWS\5519vir1z41.exe
C:\WINDOWS\system32\58z29orm25.dll
C:\WINDOWS\system32\39576szy64a5.dll
C:\WINDOWS\system32\5627zvir9s197.dll
C:\WINDOWS\system32\25052vi5usz49.dll
C:\WINDOWS\system32\25z04t9oj39.exe
C:\WINDOWS\system32\81z5hief23689.dll
C:\WINDOWS\1z4a5teal1193.exe
C:\WINDOWS\system32\959t9ief18z.dll
C:\WINDOWS\25495tr9jz5e.exe
C:\WINDOWS\system32\4159zd9ware2811.exe
C:\WINDOWS\49b89i51834z.exe
C:\WINDOWS\15079hackzool558.dll
C:\WINDOWS\system32\12221n9t-a-viruz75.exe
C:\WINDOWS\system32\693wozm965.exe
C:\WINDOWS\system32\14954not-a-viruz6e6.dll
C:\WINDOWS\system32\7b50szyware31039.dll
C:\WINDOWS\939z9y554.exe
C:\WINDOWS\1395bz9kdoor71.dll
C:\WINDOWS\system32\4395downloaze9547.dll
C:\WINDOWS\67445zr984.exe
C:\WINDOWS\28d9addwz5e2835.exe
C:\WINDOWS\9z65spyware1004.dll
C:\WINDOWS\52dvzr439.dll
C:\WINDOWS\system32\735eviz919.exe
C:\WINDOWS\system32\65a7s5a9se138z.exe
C:\WINDOWS\system32\5eecthr95t19z92.exe
C:\WINDOWS\system32\20514zrojac9.dll
C:\WINDOWS\zc95threat28932.dll
C:\WINDOWS\system32\97b9spywa5e7z5.exe
C:\WINDOWS\system32\6967not-a-v5rus29z.dll
C:\WINDOWS\system32\2587zo5m17f9.exe
C:\WINDOWS\4995spazse486.exe
C:\WINDOWS\30842vir5s96z.exe
C:\WINDOWS\system32\6z0espyware5392.dll
C:\WINDOWS\41f6dz5n9oader2304.dll
C:\WINDOWS\199zvir522.dll
C:\WINDOWS\system32\5a68spywz9e2220.dll
C:\WINDOWS\system32\9z5d9wnloader1984.exe
C:\WINDOWS\6b6zspa9s51595.exe
C:\WINDOWS\system32\158z9not-a-v9rus519.exe
C:\WINDOWS\system32\64e09ownloade5z674.dll
C:\WINDOWS\system32\16626notz9-virus1355.exe
C:\WINDOWS\system32\6692add5arz13259.exe
C:\WINDOWS\2595thiez782.exe
C:\WINDOWS\system32\5b9ebackdo951238z.exe
C:\WINDOWS\system32\546cszea92042.dll
C:\WINDOWS\6348spzmbot4945.exe
C:\WINDOWS\system32\97675orz95a.exe
C:\WINDOWS\system32\qca1428.tmp.exe
C:\WINDOWS\c57zpyware990.exe
C:\WINDOWS\system32\5z35not-a-vi5us819.dll
C:\WINDOWS\system32\5384ba5kdozr9557.dll
C:\WINDOWS\system32\597back9zor2235.dll
C:\WINDOWS\13z09tro951.dll
C:\WINDOWS\system32\19859vzr5s4a2.exe
C:\WINDOWS\system32\17395hacztool4fb.exe
C:\WINDOWS\system32\19318wormz52.dll
If any of them won't delete, there's something still active.
Can you post the MBAM log. Run MBAM and click on the Logs tab.
thanks ed and chris.
that's what i suspected after running rsit. he was getting regular bogus security alerts and a bogus infection warning. those have stopped. avira wouldn't update and now updates fine. avira also took out 3 trojans before updating and 1 after update.
i'll delete all those files and let y'all know.
From 11/1
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
11/1/2009 6:54:45 PM
mbam-log-2009-11-01 (18-54-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 169758
Time elapsed: 39 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{208d7bcc-9857-4c9e-823b-d04e72490a67} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP756\A0060619.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP756\A0060620.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
from today, 11/3
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2 (Safe Mode)
11/3/2009 9:37:42 AM
mbam-log-2009-11-03 (09-37-42).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169592
Time elapsed: 54 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
that's what i suspected after running rsit. he was getting regular bogus security alerts and a bogus infection warning. those have stopped. avira wouldn't update and now updates fine. avira also took out 3 trojans before updating and 1 after update.
i'll delete all those files and let y'all know.
From 11/1
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
11/1/2009 6:54:45 PM
mbam-log-2009-11-01 (18-54-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 169758
Time elapsed: 39 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{208d7bcc-9857-4c9e-823b-d04e72490a67} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP756\A0060619.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP756\A0060620.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
from today, 11/3
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2 (Safe Mode)
11/3/2009 9:37:42 AM
mbam-log-2009-11-03 (09-37-42).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169592
Time elapsed: 54 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
also disabled system restore and got rid of the mess there.
The oldest malware file is a month ago:
2009-10-04 01:08:53 ----A---- C:\WINDOWS\system32\19318wormz52.dll
There may be files prior to that date as RSIT was run to check the last 30 days. Run RSIT again and use the drop down menu to look for files created/modified in the last three months and see if any more pop out of the woodwork. You'll know 'em when you see 'em with those random file names.
2009-10-04 01:08:53 ----A---- C:\WINDOWS\system32\19318wormz52.dll
There may be files prior to that date as RSIT was run to check the last 30 days. Run RSIT again and use the drop down menu to look for files created/modified in the last three months and see if any more pop out of the woodwork. You'll know 'em when you see 'em with those random file names.
well ed there were several more back 3 months, perhaps 100 older than 3 months plus .bin and .ocx files for each of the bad .exe files. must have been 500/600 files total.
thanks man!
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-11-03 22:30:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (13%) free of 16 GB
Total RAM: 512 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:43 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca33a4130648b4) (gupdate1ca33a4130648b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 4602 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-12 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-08 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-02-27 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe [2008-11-09 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-12 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-10-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2001-08-23 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE"="C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE:*:Enabled:update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcd339c-1624-11de-8c65-00e018448659}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 3 months======
2009-11-03 22:21:12 ----HD---- C:\WINDOWS\PIF
2009-11-03 17:22:21 ----D---- C:\Program Files\CCleaner
2009-11-03 17:20:15 ----D---- C:\rsit
2009-11-03 12:26:42 ----SHD---- C:\Config.Msi
2009-11-03 10:53:46 ----D---- C:\Program Files\Avira
2009-11-03 10:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-03 10:49:07 ----D---- C:\Downloads
2009-11-03 08:36:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-01 18:11:14 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-11-01 18:11:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-01 18:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-01 17:41:59 ----D---- C:\Program Files\Trend Micro
2009-09-17 22:08:34 ----D---- C:\My Music
2009-09-12 07:30:37 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-12 07:30:06 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-12 07:30:06 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-12 07:30:03 ----D---- C:\Program Files\Common Files\xing shared
2009-09-12 07:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-09-05 18:49:36 ----D---- C:\Program Files\Ultimate Doom for Windows 95
2009-08-12 03:05:49 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-06 03:12:18 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-06 03:12:10 ----D---- C:\Program Files\MSBuild
2009-08-06 03:11:54 ----D---- C:\Program Files\Reference Assemblies
2009-08-06 03:10:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-06 03:10:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-06 03:10:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
======List of files/folders modified in the last 3 months======
2009-11-03 22:28:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 08:46:26 ----RASH---- C:\boot.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\win.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\system.ini
2009-10-24 03:05:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-02 13:01:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-12 07:33:00 ----A---- C:\WINDOWS\cdplayer.ini
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-09-11 09:33:52 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 15:45:26 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\url.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mstime.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msrating.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\icardie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\corpol.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\advpack.dll
2009-08-28 05:29:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-08-28 05:29:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-27 00:18:42 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-08-26 03:16:38 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-13 10:16:06 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-05 04:11:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 09:00:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 08:13:32 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 V7;V7; C:\WINDOWS\system32\drivers\V7.sys [2000-03-09 7196]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-08 818713]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-08-08 57344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1ca33a4130648b4;Google Update Service (gupdate1ca33a4130648b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-08 323584]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2001-07-31 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
thanks man!
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-11-03 22:30:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (13%) free of 16 GB
Total RAM: 512 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:43 PM, on 11/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dave.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca33a4130648b4) (gupdate1ca33a4130648b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 4602 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-12 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-21 2554944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-08 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-02-27 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe [2008-11-09 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-12 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-10-11 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2001-08-23 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe:*:Disabled:WebTrap"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE"="C:\Program Files\Avira\AntiVir Desktop\UPDATE.EXE:*:Enabled:update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bcd339c-1624-11de-8c65-00e018448659}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 3 months======
2009-11-03 22:21:12 ----HD---- C:\WINDOWS\PIF
2009-11-03 17:22:21 ----D---- C:\Program Files\CCleaner
2009-11-03 17:20:15 ----D---- C:\rsit
2009-11-03 12:26:42 ----SHD---- C:\Config.Msi
2009-11-03 10:53:46 ----D---- C:\Program Files\Avira
2009-11-03 10:53:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-03 10:49:07 ----D---- C:\Downloads
2009-11-03 08:36:39 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-01 18:11:14 ----D---- C:\Documents and Settings\Dave\Application Data\Malwarebytes
2009-11-01 18:11:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-01 18:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-01 17:41:59 ----D---- C:\Program Files\Trend Micro
2009-09-17 22:08:34 ----D---- C:\My Music
2009-09-12 07:30:37 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-12 07:30:06 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-12 07:30:06 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-12 07:30:03 ----D---- C:\Program Files\Common Files\xing shared
2009-09-12 07:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-09-05 18:49:36 ----D---- C:\Program Files\Ultimate Doom for Windows 95
2009-08-12 03:05:49 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-06 03:12:18 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-06 03:12:10 ----D---- C:\Program Files\MSBuild
2009-08-06 03:11:54 ----D---- C:\Program Files\Reference Assemblies
2009-08-06 03:10:52 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-06 03:10:51 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-06 03:10:51 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
======List of files/folders modified in the last 3 months======
2009-11-03 22:28:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 08:46:26 ----RASH---- C:\boot.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\win.ini
2009-11-03 08:46:26 ----A---- C:\WINDOWS\system.ini
2009-10-24 03:05:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-02 13:01:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-12 07:33:00 ----A---- C:\WINDOWS\cdplayer.ini
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-09-12 07:29:28 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-09-11 09:33:52 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 15:45:26 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-08-29 02:36:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\url.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mstime.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msrating.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\icardie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\corpol.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\advpack.dll
2009-08-28 05:29:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-08-28 05:29:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-27 00:18:42 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-08-26 03:16:38 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-13 10:16:06 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\muweb.dll
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-05 04:11:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 09:00:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 08:13:32 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 SonyFanC;FAN Control Device Service; C:\WINDOWS\System32\Drivers\SonyFanC.sys [2001-09-06 68116]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 V7;V7; C:\WINDOWS\system32\drivers\V7.sys [2000-03-09 7196]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-08 818713]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-08-08 57344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 gupdate1ca33a4130648b4;Google Update Service (gupdate1ca33a4130648b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-08 323584]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2001-07-31 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Hi there. You may want system restore. System restore allows you to rollback changes or recover from a fault. I would disable remote control by right clicking on my computer then click on properties and then click on the tab remote and un-checking it and applying. Remote allows for remote administration of your computer. I would also check the firewall to see if baddies are bypassing it. You can double click on my computer/my network places/ and right clicking on your network connection and going to advance// settings//exceptions. Be careful not to uncheck anything that you would need for the internet, but don't worry you can go back and re-check those items. 
Well maybe you have already done that.
Well maybe you have already done that.
Looks good. There's a malware startup that was disabled using Msconfig:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe []
It's not doing any harm as it's now just a text item in the registry, but check that C:\WINDOWS\system32\qca1428.tmp.exe has left the building.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qca1428.tmp.exe]
C:\WINDOWS\system32\qca1428.tmp.exe []
It's not doing any harm as it's now just a text item in the registry, but check that C:\WINDOWS\system32\qca1428.tmp.exe has left the building.
C:\WINDOWS\system32\qca1428.tmp.exe has left the building. was gone last night when i searched for it. anyway dave thanks ya and i thank ya.
You're welcome, as always.
I'll close this and mark it resolved.
I'll close this and mark it resolved.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.