Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #31  
Old September 26th, 2009, 03:40 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Try just downloading without right clicking from here for now. Then just click that and install Malwarebytes.
Reply With Quote
  #32  
Old September 29th, 2009, 04:36 AM
Tyler05's Avatar
Tyler05 Tyler05 is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: Corte Madera, CA
Age: 37
Posts: 220
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/25/2009 8:19:53 PM
mbam-log-2009-09-25 (20-19-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186018
Time elapsed: 29 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{f4e4f68b-6998-476e-84aa-de29fb8158bf}\NameServer (Trojan.DNSChanger) -> Data: 123.123.123.123,85.255.112.167 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{f4e4f68b-6998-476e-84aa-de29fb8158bf}\NameServer (Trojan.DNSChanger) -> Data: 123.123.123.123,85.255.112.167 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\T cpip\Parameters\Interfaces\{f4e4f68b-6998-476e-84aa-de29fb8158bf}\NameServer (Trojan.DNSChanger) -> Data: 123.123.123.123,85.255.112.167 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







I later healed those infections.
Reply With Quote
  #33  
Old September 30th, 2009, 01:07 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
The DNS lookup sending website IP address checks to those malware servers would block access/downloads at the tool sites we use. If you would, reboot, use the Internet a bit, then run a new Malwarebytes scan and check if those settings stayed gone please (weren't picked up again).
Reply With Quote
  #34  
Old September 30th, 2009, 05:14 AM
Tyler05's Avatar
Tyler05 Tyler05 is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: Corte Madera, CA
Age: 37
Posts: 220
The resulting scan results, my friend:









Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/29/2009 9:13:38 PM
mbam-log-2009-09-29 (21-13-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 193648
Time elapsed: 32 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #35  
Old October 1st, 2009, 01:19 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Good, not recreating. Let's check now with a current scan to see what, if anything, remains.


Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that a new RSIT log please.
Reply With Quote
  #36  
Old October 1st, 2009, 03:03 AM
Tyler05's Avatar
Tyler05 Tyler05 is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: Corte Madera, CA
Age: 37
Posts: 220
The results from ESET





And the last RSIT scan:





Logfile of random's system information tool 1.06 (written by random/random)
Run by Tyler at 2009-09-30 18:59:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 380 GB (80%) free of 477 GB
Total RAM: 3326 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:24 PM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tyler.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca011ad3d152ee) (gupdate1ca011ad3d152ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7574 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-26 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll [2009-07-09 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-16 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.d ll [2008-09-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-19 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-24 1957888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-29 2023704]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb10.exe [2004-03-04 172032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
Reply With Quote
  #37  
Old October 1st, 2009, 03:04 AM
Tyler05's Avatar
Tyler05 Tyler05 is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: Corte Madera, CA
Age: 37
Posts: 220
And the second half:




[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-01 203416]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-04-18 321344]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-07-09 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E 1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.e xe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizza rd Downloader"
"C:\Program Files\Sony\EverQuest\EQVoiceService.exe"="C:\Progr am Files\Sony\EverQuest\EQVoiceService.exe:*:Enabled: EQVoiceService"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\sys tem32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\sys tem32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{95b3f905-2b1a-11de-ae58-001838041ca2}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c54d5336-2b66-11de-ae59-001838041ca2}]
shell\AutoRun\command - G:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-09-30 18:20:51 ----D---- C:\Program Files\ESET
2009-09-28 22:22:47 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-28 22:22:47 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-28 22:22:47 ----A---- C:\WINDOWS\system32\java.exe
2009-09-28 20:10:33 ----D---- C:\WINDOWS\Sun
2009-09-28 20:09:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-28 20:09:15 ----D---- C:\Program Files\Java
2009-09-28 20:08:08 ----D---- C:\Documents and Settings\Tyler\Application Data\Sun
2009-09-26 11:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-26 11:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-26 11:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-26 11:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-26 11:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-26 11:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-26 11:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-26 11:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-26 11:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-26 11:18:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-26 11:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-26 11:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-26 11:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-26 11:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-26 11:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-26 11:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-26 11:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-26 11:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-25 21:02:31 ----D---- C:\WINDOWS\ie8updates
2009-09-25 21:02:06 ----D---- C:\WINDOWS\WBEM
2009-09-25 21:01:16 ----HDC---- C:\WINDOWS\ie8
2009-09-25 19:48:55 ----D---- C:\Documents and Settings\Tyler\Application Data\Malwarebytes
2009-09-25 19:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-25 19:48:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-23 19:42:31 ----D---- C:\Program Files\iPod
2009-09-23 19:42:29 ----D---- C:\Program Files\iTunes
2009-09-23 19:42:29 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-23 19:41:21 ----D---- C:\Program Files\QuickTime
2009-09-23 13:47:47 ----A---- C:\WINDOWS\servicelook.txt
2009-09-21 19:54:31 ----A---- C:\WINDOWS\servcheck.bat
2009-09-20 10:04:14 ----D---- C:\Documents and Settings\Tyler\Application Data\Hamachi
2009-09-18 20:12:56 ----SHD---- C:\RECYCLER
2009-09-18 18:41:11 ----A---- C:\ComboFix.txt
2009-09-18 18:37:09 ----D---- C:\WINDOWS\temp
2009-09-18 18:34:20 ----A---- C:\Boot.bak
2009-09-18 18:34:15 ----RASHD---- C:\cmdcons
2009-09-18 18:33:40 ----A---- C:\WINDOWS\zip.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\SWSC.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\SWREG.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\sed.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\PEV.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-18 18:33:40 ----A---- C:\WINDOWS\grep.exe
2009-09-18 18:33:34 ----D---- C:\WINDOWS\ERDNT
2009-09-18 18:32:14 ----D---- C:\Qoobox
2009-09-17 19:50:23 ----D---- C:\rsit
2009-09-17 18:27:27 ----D---- C:\Documents and Settings\Tyler\Application Data\Ventrilo
2009-09-17 18:27:21 ----D---- C:\Program Files\Ventrilo
2009-09-17 18:27:17 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-10 21:00:02 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-09-10 21:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-10 21:00:01 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-09-10 21:00:01 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-09-10 20:59:58 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-09-10 20:59:57 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-09-10 20:59:57 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-09-10 20:59:57 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-09-10 20:59:57 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-09-10 20:59:57 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-09-10 20:59:56 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-09-10 20:59:56 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-09-10 20:59:56 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-09-10 20:59:55 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-09-10 20:59:55 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-09-10 20:59:53 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-09-10 20:59:53 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-09-10 20:59:51 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-09-10 20:59:51 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-09-10 20:59:50 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-09-10 20:59:50 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-09-10 20:59:50 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-09-10 20:59:50 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-09-10 20:59:49 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-09-10 20:59:49 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-09-10 20:59:49 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-09-10 20:59:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-09-10 20:59:48 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-09-10 20:59:48 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-09-10 20:59:40 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-09-10 20:59:40 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-09-10 20:59:40 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-09-10 20:59:39 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-09-10 20:59:39 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-09-10 20:59:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-09-10 20:59:38 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-09-10 20:59:38 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-09-10 20:59:37 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-09-10 20:05:35 ----D---- C:\Program Files\Steam
2009-09-07 17:33:37 ----A---- C:\WINDOWS\ODBC.INI

======List of files/folders modified in the last 1 months======

2009-09-30 18:59:23 ----D---- C:\WINDOWS\Prefetch
2009-09-30 18:55:58 ----D---- C:\Documents and Settings\Tyler\Application Data\DNA
2009-09-30 18:20:51 ----RD---- C:\Program Files
2009-09-30 18:19:31 ----D---- C:\Program Files\Mozilla Firefox
2009-09-30 18:06:11 ----SD---- C:\WINDOWS\Tasks
2009-09-30 18:05:53 ----D---- C:\Program Files\DNA
2009-09-30 18:04:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-28 22:22:50 ----SHD---- C:\WINDOWS\Installer
2009-09-28 22:22:47 ----D---- C:\WINDOWS\system32
2009-09-28 20:10:33 ----D---- C:\WINDOWS
2009-09-27 18:28:07 ----RSD---- C:\WINDOWS\Fonts
2009-09-27 15:32:41 ----D---- C:\Documents and Settings\Tyler\Application Data\FileZilla
2009-09-26 11:49:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-26 11:19:31 ----HD---- C:\WINDOWS\inf
2009-09-26 11:19:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-26 11:19:26 ----A---- C:\WINDOWS\imsins.BAK
2009-09-26 11:19:16 ----D---- C:\WINDOWS\system32\drivers
2009-09-26 11:19:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-26 11:18:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-26 11:17:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-26 11:17:48 ----D---- C:\Program Files\Outlook Express
2009-09-25 21:23:49 ----RSD---- C:\WINDOWS\assembly
2009-09-25 21:07:00 ----D---- C:\WINDOWS\Help
2009-09-25 21:07:00 ----D---- C:\Program Files\Internet Explorer
2009-09-25 21:04:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-25 21:04:11 ----D---- C:\WINDOWS\WinSxS
2009-09-25 21:02:08 ----D---- C:\WINDOWS\system32\config
2009-09-25 21:02:06 ----D---- C:\WINDOWS\system32\en-us
2009-09-25 21:02:01 ----D---- C:\WINDOWS\Media
2009-09-24 19:40:19 ----D---- C:\Documents and Settings\Tyler\Application Data\Apple Computer
2009-09-23 19:43:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-23 19:42:26 ----D---- C:\Program Files\Common Files\Apple
2009-09-21 21:59:54 ----D---- C:\Documents and Settings\Tyler\Application Data\Adobe
2009-09-20 22:08:57 ----D---- C:\Program Files\SpywareGuard
2009-09-20 10:02:25 ----D---- C:\Documents and Settings\Tyler\Application Data\Hamachibackup
2009-09-20 00:35:39 ----SD---- C:\Documents and Settings\Tyler\Application Data\Microsoft
2009-09-18 18:39:17 ----A---- C:\WINDOWS\system.ini
2009-09-18 18:35:57 ----D---- C:\WINDOWS\AppPatch
2009-09-18 18:35:55 ----D---- C:\Program Files\Common Files
2009-09-18 18:34:20 ----RASH---- C:\boot.ini
2009-09-17 18:27:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-10 20:59:25 ----D---- C:\WINDOWS\system32\DirectX
2009-09-07 18:11:48 ----D---- C:\Program Files\FileZilla FTP Client
2009-09-07 17:33:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-07 17:33:08 ----D---- C:\Program Files\Microsoft Office
2009-09-07 17:31:21 ----D---- C:\WINDOWS\system
2009-09-06 22:14:59 ----D---- C:\Program Files\Sony
2009-09-06 22:09:25 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-26 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-26 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-27 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-25 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-16 6132576]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a1w6e5tx;a1w6e5tx; C:\WINDOWS\system32\drivers\a1w6e5tx.sys []
S3 catchme;catchme; \??\C:\456out.com\catchme.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 ALLOW-IO;ALLOW-IO; \??\E:\ALLOW-IO.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-26 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-26 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-16 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-10 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-09-10 189480]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 gupdate1ca011ad3d152ee;Google Update Service (gupdate1ca011ad3d152ee); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Reply With Quote
  #38  
Old October 1st, 2009, 03:50 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Looking good now, and no infection being located there. before we finish up here with some cleaning up of our work, post back how things are running please.
Reply With Quote
  #39  
Old October 1st, 2009, 04:07 AM
Tyler05's Avatar
Tyler05 Tyler05 is offline
Senior Member
 
Join Date: Jun 2004
O/S: Windows XP Home
Location: Corte Madera, CA
Age: 37
Posts: 220
We're looking great, man. Running smoothly - no errors since we began.

Thanks for saving me again!
Reply With Quote
  #40  
Old October 1st, 2009, 05:30 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Very good, and always glad to help here. Just some last steps now to finish our work. I'm was curious why the logs didn't reflect Java installed earlier, but I assume you did install that to run the later scans there. What version is installed now?


For what our work added there, installed softwares like Eset and Malwarebytes, if you don't plan to use them again, uninstall through Add/Remove Programs. Though you may opt to keep Malwarebytes for periodic updated scans there.


You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTM.exe by OldTimer to your desktop. This will help by automatically removing some of the tools we used.

Click OTM.exe to run it and click on Cleanup. You'll be asked if you want to begin cleanup process? Select Yes.

OTM will search for and delete/uninstall many of the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step resetting Restore.

---------

Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.


In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
TV signal fails Ned Seagoon The Anything Else Board 1 July 17th, 2018 04:20 PM
burning fails argongas Windows XP 2 August 4th, 2006 06:17 AM
XP CTRL+ALT+DEL Fails FrankLee Malware Removal 15 November 22nd, 2004 12:11 AM
ME Upgrade on brand new blank HD fails and fails chambeto Windows ME 4 October 26th, 2004 11:09 AM
install fails Rehit Windows XP 0 September 19th, 2004 03:34 PM


All times are GMT +1. The time now is 01:19 AM.