|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
September 25th, 2010, 12:27 AM
|
||||
|
||||
Huge download and lately upload. Netstat shows syn_sent. No file sharing apps running
So for the last few months my family has been consistently using over 40GB of bandwidth a month which is a problem as we are capped and we have had had to upgrade to 60 as we managed to use that much last month.. (On the last couple of days last month we used about 10GB in two days) This was originally mainly downloading but has recently become more upload than down.. We have not been torrenting and only using the internet for small things yet we have a huge usage.
Netstat is displaying TCP 192.168.1.101:49557 173-101:57375 SYN_SENT TCP 192.168.1.101:49559 192.168.1.102:microsoft-ds SYN_SENT TCP 192.168.1.101:49560 192.168.1.102:microsoft-ds SYN_SENT TCP 192.168.1.101:49561 192.168.1.102:microsoft-ds SYN_SENT TCP 192.168.1.101:49562 192.168.1.102:microsoft-ds SYN_SENT TCP 192.168.1.101:49563 192.168.1.102:netbios-ssn This is a list from hijack this Running processes: C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe C:\Windows\System32\WTClient.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\soffice.exe C:\Program Files\Desktop Maestro\deskmech.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O3 - Toolbar: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [DiskSuite] C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [SODCPreLoad] D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe D:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\ O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\RMTray.exe /H O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL,avgrsstx. dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: PC Tools Disk Suite (DiskSuiteService) - PC Tools Software - C:\Program Files\PC Tools Disk Suite\DSService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1cab0da1f0c2a24) (gupdate1cab0da1f0c2a24) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - D:\PROGRAM FILES\MAMUTU\a2service.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe 
|
|
#2
September 26th, 2010, 06:59 AM
|
||||
|
||||
|
Hello Etaoin and welcome to CTH
 You have also many programs running there use/"ate" bandwidth. It looks like you have two antivirus program running - Norton and AVG9. "When the resident scanners of two different AV programs are used simultaneously, conflicts can result. The computer may run very, very slowly, it may become difficult to access files" Therefore, please tell which antivirus program you want to keep ?
|
|
#4
September 27th, 2010, 05:18 AM
|
||||
|
||||
|
Good
Download Ccleaner: Here Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit Let´s get a comprehensive report of what is present in your system. Please download DDS: Here If you are using Firefox, go to the toolbar and click File. Then go down to Save As & click. Then save it on the desktop. Save as dds.scr Save as Type : All files to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.
|
|
#5
September 28th, 2010, 01:34 AM
|
||||
|
||||
|
DDS (Ver_10-03-17.01) - NTFSx86
Run by liam at 13:28:26.57 on Tue 28/09/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.1536.131 [GMT 13:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Disk Suite\DSService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe D:\PROGRAM FILES\MAMUTU\a2service.exe C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe C:\Windows\system32\UAService7.exe C:\Windows\System32\Drivers\WTSRV.EXE C:\Program Files\Xobni\XobniService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskhost.exe C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\WTClient.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\soffice.exe C:\Program Files\Desktop Maestro\deskmech.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Liam\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://search.myheritage.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: H - No File uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA1.dll mURLSearchHooks: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso1.dll mURLSearchHooks: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\tbMax1.dll mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso1.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin \ie\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\tbMax1.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA1.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA1.dll TB: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso1.dll TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll TB: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\tbMax1.dll TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup uRun: [SODCPreLoad] d:\program files\ibm\lotus\symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe d:\progra~1\ibm\lotus\symphony\data\.sodc\ uRun: [DesktopMaestro] c:\program files\desktop maestro\RMTray.exe /H uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [WTClient] WTClient.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [SoundMan] SOUNDMAN.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [PrnStatusMX] c:\program files\hewlett-packard\prnstatusmx\PrnStatusMX.exe mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [EasyTuneV] c:\program files\gigabyte\et5\GUI.exe mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRunOnce: [SMRequiresRestart] StartupFolder: c:\users\liam\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL,avgrsstx. dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\liam\appdata\roaming\mozilla\firefox\prof iles\rjxopbqs.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\co FFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\I PSFFPl.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin \firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\liam\appdata\roaming\mozilla\firefox\prof iles\rjxopbqs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.d ll FF - plugin: c:\program files\mozilla firefox\plugins\NPZInst.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin \mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\liam\appdata\locallow\unity\webplayer\loa der\npUnity3D32.dll FF - plugin: c:\users\liam\appdata\roaming\mozilla\firefox\prof iles\rjxopbqs.default\extensions\wildpocketsloader @simopsstudios.com\plugins\npWildPocketsLoader.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
|
|
#6
September 28th, 2010, 01:34 AM
|
||||
|
||||
|
============= SERVICES / DRIVERS ===============
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotc ore2.sys [2010-3-10 30808] R0 hotcore3;hc3ServiceName;c:\windows\system32\driver s\hotcore3.sys [2010-2-19 40560] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005 \symds.sys [2010-9-24 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\040300 0.005\symefa.sys [2010-9-24 173104] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-28 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-28 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-28 243024] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\2 0100901.003\BHDrvx86.sys [2010-9-1 692272] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000. 005\cchpx86.sys [2010-9-24 501888] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\el rawdsk.sys [2010-2-15 20392] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20 100927.001\IDSvix86.sys [2010-9-28 344112] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.00 5\ironx86.sys [2010-9-24 116784] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.00 5\symtdiv.sys [2010-9-24 339504] R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\pc tools disk suite\DSService.exe [2010-2-24 869696] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-18 711352] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-18 711352] R2 Mamutu;Mamutu Service;d:\program files\mamutu\a2service.exe [2008-7-26 380536] R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-28 102448] R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sy s [2007-6-8 18944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\ DrvAgent32.sys [2010-2-22 23456] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2010-2-19 1527900] S3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\drivers\imdisk.sys [2010-2-24 19968] S3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2010-2-24 10240] S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sy s [2007-4-24 10752] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-22 30192] S4 gupdate1cab0da1f0c2a24;Google Update Service (gupdate1cab0da1f0c2a24);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 133104] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-09-28 00:08:43 0 d-----w- c:\program files\CCleaner 2010-09-27 00:57:53 0 d-----w- c:\windows\Internet Logs 2010-09-26 05:10:52 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2010-09-25 02:10:46 0 d-----w- c:\programdata\Google 2010-09-25 01:13:07 0 d-----w- c:\users\liam\appdata\roaming\uTorrent 2010-09-25 00:00:02 0 d-----w- c:\users\liam\appdata\roaming\Malwarebytes 2010-09-24 23:12:07 0 d-----w- c:\program files\Trend Micro 2010-09-23 22:24:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-23 22:24:45 0 d-----w- c:\programdata\Malwarebytes 2010-09-23 22:24:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 22:24:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-23 22:00:28 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2010-09-23 22:00:25 0 d-----w- c:\program files\SpywareBlaster 2010-09-23 03:02:21 23 --sha-w- c:\windows\system32\edacded0.dat 2010-09-23 03:02:21 23 ----a-w- c:\windows\system32\bcdadac7.xml 2010-09-23 03:02:06 0 d-----w- c:\program files\jv16 PowerTools 2009 2010-09-22 05:06:34 0 d-----w- c:\program files\Norton Support 2010-09-22 03:05:53 524288 --sha-w- c:\users\liam\NTUSER.DAT{14f0ee8a-c5ef-11df-9fd4-0016e6da3c66}.TMContainer00000000000000000002.regt rans-ms 2010-09-22 03:05:53 524288 --sha-w- c:\users\liam\NTUSER.DAT{14f0ee8a-c5ef-11df-9fd4-0016e6da3c66}.TMContainer00000000000000000001.regt rans-ms 2010-09-22 03:05:52 65536 --sha-w- c:\users\liam\NTUSER.DAT{14f0ee8a-c5ef-11df-9fd4-0016e6da3c66}.TM.blf 2010-09-21 02:13:38 0 d-----w- c:\programdata\Lavasoft 2010-09-21 01:43:33 0 d-----w- c:\programdata\CheckPoint 2010-09-18 04:38:38 0 d-----w- c:\users\liam\appdata\roaming\EurekaLog 2010-09-18 03:59:19 0 d-----w- c:\users\liam\appdata\roaming\JAM Software 2010-09-18 00:47:55 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS 2010-09-15 20:12:59 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-12 19:31:25 0 ---ha-w- c:\windows\SwSys2.bmp 2010-09-12 19:31:25 0 ---ha-w- c:\windows\SwSys1.bmp 2010-09-11 14:19:19 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-09-11 14:12:03 0 d-----w- c:\windows\system32\URTTEMP 2010-09-11 13:26:58 0 d-----w- c:\program files\Turbine 2010-09-11 09:41:39 0 d-----w- c:\programdata\PMB Files 2010-09-11 09:41:03 0 d-----w- c:\program files\Pando Networks ==================== Find3M ==================== 2010-09-22 05:33:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-09-22 05:33:06 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-09-22 05:33:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-08-13 04:45:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf 2010-08-13 04:45:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf 2010-08-01 05:30:17 2004 ----a-w- c:\windows\checkip.dat 2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-17 21:18:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-09 08:57:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-07-06 03:16:12 94384 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-07-06 03:16:06 2319536 ----a-w- c:\windows\system32\Incinerator.dll 2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe ============= FINISH: 13:30:29.91 ===============
|
|
#7
September 28th, 2010, 01:36 AM
|
||||
|
||||
|
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 14/02/2010 4:13:14 p.m. System Uptime: 28/09/2010 12:10:49 a.m. (13 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | 8I865GME-775-RH Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 2400/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 298 GiB total, 135.575 GiB free. D: is FIXED (NTFS) - 149 GiB total, 54.024 GiB free. E: is CDROM () F: is CDROM () H: is FIXED (NTFS) - 466 GiB total, 139.445 GiB free. I: is CDROM () J: is Removable ==== Disabled Device Manager Items ============= Class GUID: Description: Multimedia Video Controller Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&1F7 DBC9F&0&10F0 Manufacturer: Name: Multimedia Video Controller PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&1F7 DBC9F&0&10F0 Service: Class GUID: Description: Multimedia Controller Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&1F7 DBC9F&0&11F0 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&1F7 DBC9F&0&11F0 Service: ==== System Restore Points =================== RP257: 25/09/2010 11:11:28 a.m. - Installed HiJackThis RP258: 25/09/2010 12:57:16 p.m. - Norton 360 Registry Clean RP260: 25/09/2010 1:37:05 p.m. - Revo Uninstaller's restore point - AVG Free 9.0 RP262: 25/09/2010 1:54:48 p.m. - Revo Uninstaller's restore point - Creatures RP264: 25/09/2010 2:00:40 p.m. - Revo Uninstaller's restore point - Bandwidth Monitor v3.4 build 757 RP266: 25/09/2010 2:12:43 p.m. - Revo Uninstaller's restore point - DAEMON Tools Toolbar RP268: 25/09/2010 2:15:56 p.m. - Revo Uninstaller's restore point - Recuva RP270: 25/09/2010 2:18:07 p.m. - Revo Uninstaller's restore point - WebEx Support Manager for Internet Explorer RP272: 27/09/2010 2:47:22 p.m. - Revo Uninstaller's restore point - Steam RP273: 27/09/2010 2:47:53 p.m. - Removed Steam ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Adobe Reader 9.3.4 Adobe Shockwave Player 11.5 Advanced SystemCare 3 Advertising Center All My Movies 5.3 FULL Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Burning Studio 2010 Ashampoo ClipFinder 1.55 Ashampoo ClipFinder HD 2.06 Ashampoo Photo Commander 5.40 Ashampoo Photo Commander 6.20 Ashampoo UnInstaller Platinum 2.90 ATI AVIVO Codecs ATI Catalyst Install Manager ATI Catalyst Registration AVS Audio Tools version 4.4 Batman: Arkham Asylum BCL easyConverter SDK 1.0.0 Module BitMeter Bonjour Bully Scholarship Edition Canon PhotoRecord Canon Utilities PhotoStitch 3.1 Canon Utilities ZoomBrowser EX Cashbook Complete Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista ccc-core-static ccc-utility CCC Help English CCleaner CD Recovery Toolbox Free 1.1 CDDRV_Installer Cisco Network Magic Classic Shell CNET TechTracker Corel Painter X Corel WinDVD 9 COWON Media Center - jetAudio Basic D-Fend v2 Desktop Maestro 3.0 digitalmax online Print Wizard 4.0.4.3 DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Plus Web Player DolbyFiles DriveImage XML (Private Edition) DriverAgent by eSupport.com DVD Shrink 3.2 EasyTune5 Encyclopaedia Britannica 2007 Ultimate Reference Suite erLT Evil Dead Hail to the King Fallout 3 - The Pitt Family Tree Legends Family Tree Maker 2008 FastStone Image Viewer 4.2 Finding Nemo Firebird SQL Server - MAGIX Edition (US) Free PDF to Word Doc Converter v1.1 Free Studio version 4.8 Glary Utilities 2.6 GOM Player Google Chrome Google Desktop Google Earth Google Update Helper Graboid Video 1.2 Guild Wars Hardware Helper HiJackThis HP Color LaserJet CP1210 Series HP Color LaserJet CP1210 Series Toolbox HP LaserJet Toolbox HP Software Update hppusgCP1215 HPSSupply IBM Lotus Symphony Image Rescue 4 ImagXpress ImDisk Virtual Disk Driver InterVideo MediaOne Gallery InterVideo WinDVD 4 InterVideo WinDVD Creator iolo technologies' Search and Recover iolo technologies' System Mechanic IrfanView (remove only) ISO Recorder IsoBuster 2.7 IsoBuster Toolbar iTunes Java Auto Updater Java(TM) 6 Update 18 JumpStart 3rd Grade 2001 jv16 PowerTools 2009 K-Lite Codec Pack 5.7.0 (Basic) KhalInstallWrapper LEGO Star Wars Logitech SetPoint Lord of the Rings: The Fellowship of the Ring LOTR The Return of the King tm LucasArts' Curse of Monkey Island LucasArts' Monkey 4 MAGIX MP3 Maker 11 deluxe (US) MAGIX Photo Manager 2006 (US) Malwarebytes' Anti-Malware MarketResearch Max_EN Toolbar MediaShow 3.0 MegaView Menu Templates - Starter Kit MgsubfalWua Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WorldWide Telescope Microsoft WSE 3.0 Microsoft XML Parser Morrowind Movie Templates - Starter Kit Mozilla ActiveX Control v1.7.12 Mozilla Firefox (3.6.10) MrvlUsgTracking MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Muppet Treasure Island Music Transfer MyAshampoo Toolbar MyHeritage Family Tree Builder Nero 9 Nero BackItUp Nero BackItUp and Burn Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero PhotoSnap Nero Recode Nero Rescue Agent Nero RescueAgent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress neroxml Network Magic NirSoft ShellExView Norton 360 Norton Security Scan NVIDIA PhysX Oblivion OGA Notifier 2.0.0048.0 Pando Media Booster Paragon Backup & Recovery™ 10.1 Free Edition Paragon Partition Manager 8.0 Personal Passage Express PC Tools Disk Suite 1.0 PhotoNow! 1.0 Picasa 3 Plato DVD Ripper Free 6.66 PowerDesk 6 PowerDVD Primo PrintMaster 12 Project64 1.7.0.55 Pure Networks Platform QuickTime RealPlayer Realtek AC'97 Audio Realtek High Definition Audio Driver RealUpgrade 1.0 Recuva RESIDENT EVIL 5 Benchmark Version Revo Uninstaller 1.89 Runtime Security Update for 2007 Microsoft Office System (KB2277947) Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB2288953) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2251419) Serif PagePlus 8 Serif PagePlus 8.0 PDF Edition Shockwave Skins Smart Pix Manager Sony Picture Utility SoundTrax Spesoft Video To DVD 1.10 Spider-man Spider-Man (tm) Movie Spider-Man 3 (TM) Spider-Man 3(TM) SpywareBlaster 4.3 TES Construction Set The Battle for Middle-earth (tm) The Battle for Middle-earth (tm) II The Hulk(TM) The Lord of the Rings Online™ v03.02.03.8013 The Print Shop TreeSize Free V2.4 TrueCrypt TVUPlayer 2.4.9.1 TweakNow PowerPack 2009 Ulead MediaStudio Pro 7.0 Video Edition Ulead PhotoImpact 8 Ulead VideoStudio 6 SE Basic UltraISO Magazine Edition V8.66 Undelete Plus 2.98 Uniblue DiskRescue 2009 Uninstall 1.0.0.1 Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (kb2291599) VBA (2627.01) VC80CRTRedist - 8.0.50727.4053 VideoLAN VLC media player 0.8.6d Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM Winamp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Encoder 9 Series Windows Media Player Firefox Plugin WinUtilities 9.41 Free Edition WordPerfect Office 12 WordPerfect OfficeReady Xobni Xobni Core ZipGenius 6 (6.0.3.1140) Zoner Photo Studio 11
|
|
#8
September 28th, 2010, 01:36 AM
|
||||
|
||||
|
==== Event Viewer Messages From Past Week ========
28/09/2010 12:07:35 a.m., Error: volmgr [46] - Crash dump initialization failed! 27/09/2010 12:17:31 p.m., Error: Service Control Manager [7022] - The Windows Update service hung on starting. 27/09/2010 10:10:39 a.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 26/09/2010 7:52:45 p.m., Error: Service Control Manager [7022] - The Windows Search service hung on starting. 26/09/2010 7:45:50 p.m., Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code. 26/09/2010 6:10:28 p.m., Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 24/09/2010 11:13:48 a.m., Error: Service Control Manager [7024] - The AVG Free WatchDog service terminated with service-specific error %%-536805315. 23/09/2010 3:29:00 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 22/09/2010 5:41:38 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SymIRON 22/09/2010 5:04:38 p.m., Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 22/09/2010 3:58:27 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 22/09/2010 3:56:56 p.m., Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 22/09/2010 3:55:57 p.m., Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver. 22/09/2010 3:55:57 p.m., Error: SRTSP [4] - Error loading virus definitions. 22/09/2010 3:39:11 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 22/09/2010 3:38:44 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:42 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 22/09/2010 3:38:41 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 22/09/2010 3:38:37 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 22/09/2010 3:38:37 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 22/09/2010 3:38:33 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 22/09/2010 3:38:25 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 22/09/2010 3:38:05 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC discache eeCtrl ElRawDisk FileDisk IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr sptd SRTSP SRTSPX SymIM SYMTDI tdx truecrypt UimBus Uim_IM Wanarpv6 WfpLwf 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 22/09/2010 3:38:04 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 22/09/2010 3:37:33 p.m., Error: sptd [4] - Driver detected an internal error in its data structures for . 22/09/2010 10:55:03 a.m., Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The media is write protected. 22/09/2010 10:53:53 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service. 22/09/2010 10:29:45 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 22/09/2010 10:28:30 a.m., Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 22/09/2010 10:27:48 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 22/09/2010 10:25:15 a.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 22/09/2010 10:25:12 a.m., Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 22/09/2010 10:25:02 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 22/09/2010 10:23:42 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect. 22/09/2010 10:23:42 a.m., Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 22/09/2010 10:23:10 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect. 22/09/2010 10:23:10 a.m., Error: Service Control Manager [7000] - The XobniService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 22/09/2010 10:21:01 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton 360 service to connect. 22/09/2010 10:21:01 a.m., Error: Service Control Manager [7000] - The Norton 360 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 21/09/2010 9:30:23 p.m., Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 21/09/2010 5:43:21 p.m., Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831 21/09/2010 5:23:41 p.m., Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 21/09/2010 3:57:34 p.m., Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 21/09/2010 3:40:13 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 21/09/2010 2:40:56 p.m., Error: bowser [8003] - The master browser has received a server announcement from the computer LIGHTBOX that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EDACFB3A-35B6-47CA-BE7B-3418D0B89. The master browser is stopping or an election is being forced. 21/09/2010 2:15:57 p.m., Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 21/09/2010 11:39:36 p.m., Error: Service Control Manager [7030] - The iolo System Guard service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 21/09/2010 1:46:33 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3. ==== End Of File ===========================
|
|
#9
September 28th, 2010, 06:17 AM
|
||||
|
||||
|
There are still leftovers from AVG.
Download and run AVG Antivirus remover: avgremover.exe Please download Combofix from: Here And save to the desktop. After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: Exit all windows that are currently open on your computer. To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. Double-click on the combofix icon found on your desktop. * Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When finished, it will produce a logfile located at C:\combofix.txt. * Post the contents of that log in your next reply The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
|
|
#10
September 30th, 2010, 05:01 AM
|
||||
|
||||
|
ComboFix 10-09-29.01 - Rachel 30/09/2010 16:39:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.1536.884 [GMT 13:00] Running from: c:\users\Rachel\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0. dat c:\programdata\Microsoft\Network\Downloader\qmgr1. dat c:\programdata\page c:\programdata\page\page.ico c:\programdata\page\page.URL c:\users\Liam\AppData\Roaming\EurekaLog c:\windows\system\QTIM32.DLL c:\windows\system\Wing32.dll ----- BITS: Possible infected sites ----- hxxp://www.graboid.com . ((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 ))))))))))))))))))))))))))))))) . 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Rachel\AppData\Local\temp 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Liam\AppData\Local\temp 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Jennifer\AppData\Local\temp 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Gail\AppData\Local\temp 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-30 03:52 . 2010-09-30 03:52 -------- d-----w- c:\users\Brian\AppData\Local\temp 2010-09-30 03:29 . 2010-09-30 03:30 -------- d-----w- C:\32788R22FWJFW 2010-09-29 23:53 . 2010-09-29 23:53 -------- d-----w- c:\users\Brian\AppData\Local\EIDOS 2010-09-29 23:52 . 2010-09-29 23:52 98304 ----a-w- c:\windows\system32CmdLineExt.dll 2010-09-29 23:45 . 2010-09-29 23:55 -------- d-----w- c:\program files\GameShadow 2010-09-29 14:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2010-09-28 21:23 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 00:08 . 2010-09-28 00:08 -------- d-----w- c:\program files\CCleaner 2010-09-27 00:57 . 2010-09-27 00:57 -------- d-----w- c:\windows\Internet Logs 2010-09-26 20:52 . 2010-09-26 21:10 -------- d-----w- c:\users\Gail\AppData\Local\CrashDumps 2010-09-26 08:20 . 2010-09-26 08:20 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1 2010-09-26 05:10 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2010-09-26 04:59 . 2010-09-27 00:57 -------- d-----w- c:\users\Rachel\AppData\Local\CrashDumps 2010-09-26 04:58 . 2010-09-26 04:58 -------- d-----w- c:\users\Rachel\AppData\Roaming\Malwarebytes 2010-09-25 01:13 . 2010-09-25 11:10 -------- d-----w- c:\users\Liam\AppData\Roaming\uTorrent 2010-09-25 00:00 . 2010-09-25 00:00 -------- d-----w- c:\users\Liam\AppData\Roaming\Malwarebytes 2010-09-24 23:12 . 2010-09-24 23:12 388096 ----a-r- c:\users\Liam\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-24 23:12 . 2010-09-24 23:12 -------- d-----w- c:\program files\Trend Micro 2010-09-23 22:25 . 2010-09-23 22:25 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes 2010-09-23 22:24 . 2010-04-29 03:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-23 22:24 . 2010-09-23 22:24 -------- d-----w- c:\programdata\Malwarebytes 2010-09-23 22:24 . 2010-04-29 03:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 22:24 . 2010-09-23 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-23 22:00 . 2010-09-23 22:18 -------- d-----w- c:\program files\SpywareBlaster 2010-09-23 03:02 . 2010-09-23 03:02 23 --sha-w- c:\windows\system32\edacded0.dat 2010-09-23 03:02 . 2010-09-23 21:50 -------- d-----w- c:\program files\jv16 PowerTools 2009 2010-09-22 06:58 . 2010-09-28 23:15 -------- d-----w- c:\users\Liam\AppData\Local\CrashDumps 2010-09-22 05:55 . 2010-09-30 00:03 -------- d-----w- c:\users\Brian\AppData\Local\CrashDumps 2010-09-22 05:06 . 2010-09-22 05:06 -------- d-----w- c:\program files\Norton Support 2010-09-21 10:49 . 2010-09-22 02:02 -------- d-----w- c:\users\Brian\AppData\Local\Diagnostics 2010-09-21 02:13 . 2010-09-21 05:22 -------- d-----w- c:\programdata\Lavasoft 2010-09-21 01:43 . 2010-09-21 01:43 -------- d-----w- c:\programdata\CheckPoint 2010-09-20 02:32 . 2010-09-21 03:04 -------- d-----w- c:\users\Rachel\AppData\Local\ElevatedDiagnostics 2010-09-20 02:31 . 2010-09-20 02:31 -------- d-----w- c:\users\Rachel\AppData\Roaming\Logitech 2010-09-20 02:30 . 2010-09-30 03:29 -------- d-----w- c:\users\Rachel\AppData\Local\ApplicationHistory 2010-09-18 03:59 . 2010-09-18 03:59 -------- d-----w- c:\users\Liam\AppData\Roaming\JAM Software 2010-09-18 02:18 . 2010-09-18 02:18 -------- d-----w- c:\users\Brian\AppData\Local\Symantec 2010-09-18 00:47 . 2010-09-18 00:56 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS 2010-09-18 00:35 . 2010-09-18 00:35 -------- d-----w- c:\users\Liam\AppData\Local\Symantec 2010-09-15 20:12 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-13 06:47 . 2010-09-13 06:47 -------- d-----w- c:\users\Gail\AppData\Local\ApplicationHistory 2010-09-12 02:25 . 2010-09-12 02:25 -------- d-----w- c:\users\Liam\AppData\Local\The Lord of the Rings Online 2010-09-12 00:29 . 2010-09-12 00:29 3991192 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\data\upgrade\CNET_TechTracker_2_Setup. exe 2010-09-12 00:27 . 2010-09-29 22:59 -------- d-----w- c:\users\Brian\AppData\Local\ApplicationHistory 2010-09-11 20:15 . 2010-09-11 20:15 92 ----a-w- c:\users\Liam\AppData\Local\fusioncache.dat 2010-09-11 20:15 . 2010-09-11 22:56 -------- d-----w- c:\users\Liam\AppData\Local\Turbine 2010-09-11 14:19 . 2007-03-12 04:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2010-09-11 14:17 . 2010-09-28 23:45 -------- d-----w- c:\users\Liam\AppData\Local\ApplicationHistory 2010-09-11 14:12 . 2010-09-11 14:12 -------- d-----w- c:\windows\system32\URTTEMP 2010-09-11 13:26 . 2010-09-11 13:26 -------- d-----w- c:\program files\Turbine 2010-09-11 09:41 . 2010-09-29 11:48 -------- d-----w- c:\users\Liam\AppData\Local\PMB Files 2010-09-11 09:41 . 2010-09-22 03:53 -------- d-----w- c:\programdata\PMB Files 2010-09-11 09:41 . 2010-09-11 09:41 -------- d-----w- c:\program files\Pando Networks 2010-09-03 19:08 . 2010-09-03 19:08 2618368 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe 2010-09-03 05:39 . 2010-08-30 02:33 43008 ----a-w- c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Prof iles\rjxopbqs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-09-03 05:38 . 2010-08-30 02:33 338944 ----a-w- c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Prof iles\rjxopbqs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-09-03 05:38 . 2010-08-30 02:33 346112 ----a-w- c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Prof iles\rjxopbqs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-09-03 05:38 . 2010-08-30 02:34 1496064 ----a-w- c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Prof iles\rjxopbqs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-09-30 03:29 . 2010-06-26 11:50 -------- d-----w- c:\users\Rachel\AppData\Roaming\BitMeter2 2010-09-30 03:29 . 2010-02-22 21:10 -------- d-----w- c:\programdata\Bitmeter2 2010-09-29 23:51 . 2010-02-14 07:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-29 23:34 . 2010-02-18 03:13 -------- d-----w- c:\program files\Eidos 2010-09-29 23:07 . 2010-02-15 05:36 1208 ----a-w- c:\users\Brian\AppData\Roaming\iolo\restore.bat 2010-09-29 14:08 . 2010-02-16 04:40 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-28 00:58 . 2010-02-15 06:21 -------- d-----w- c:\users\Liam\AppData\Roaming\Winamp 2010-09-25 22:47 . 2010-02-21 19:50 -------- d-----w- c:\program files\AskTBar 2010-09-25 02:13 . 2010-07-09 09:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-09-25 02:10 . 2010-02-18 20:36 -------- d-----w- c:\program files\Google 2010-09-25 01:14 . 2010-02-18 22:27 -------- d-----w- c:\program files\VS Revo Group 2010-09-22 05:57 . 2010-02-14 07:18 -------- d-----w- c:\programdata\Norton 2010-09-22 05:33 . 2010-02-14 07:19 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-09-22 05:33 . 2010-02-14 07:19 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-09-22 05:33 . 2010-02-14 07:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-09-22 05:33 . 2010-02-14 07:19 -------- d-----w- c:\program files\Symantec 2010-09-22 03:56 . 2010-06-28 07:12 -------- d-----w- c:\programdata\avg9 2010-09-21 10:41 . 2010-02-14 04:03 208104 ----a-w- c:\users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-18 01:46 . 2010-05-29 06:26 -------- d-----w- c:\users\Liam\AppData\Roaming\Corel 2010-09-17 06:57 . 2010-06-02 21:11 1829 ----a-w- c:\users\Liam\AppData\Roaming\iolo\restore.bat 2010-09-16 15:12 . 2010-02-14 04:28 -------- d-----w- c:\programdata\Microsoft Help 2010-09-12 00:31 . 2010-02-22 20:48 100157 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\uninst.exe 2010-09-11 12:26 . 2010-03-11 03:57 -------- d-----w- c:\users\Liam\AppData\Roaming\dvdcss 2010-09-08 03:44 . 2010-07-19 03:42 -------- d-----w- c:\program files\LucasArts 2010-09-05 10:08 . 2010-03-16 01:31 -------- d-----w- c:\users\Brian\AppData\Roaming\LimeWire 2010-08-29 23:41 . 2010-08-29 23:41 1206 ----a-w- c:\users\Gail\AppData\Roaming\iolo\restore.bat 2010-08-29 23:41 . 2010-02-18 20:57 -------- d-----w- c:\users\Gail\AppData\Roaming\iolo 2010-08-27 01:06 . 2010-08-27 01:06 -------- d-----w- c:\program files\Driver-Soft 2010-08-19 20:09 . 2010-08-19 20:09 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Logitech 2010-08-18 11:28 . 2010-02-14 05:56 -------- d-----w- c:\programdata\Cashbook Complete 2010-08-18 05:13 . 2010-08-27 00:49 52224 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll 2010-08-18 05:13 . 2010-08-27 00:49 101376 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll 2010-08-18 05:12 . 2010-08-27 00:49 52224 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll 2010-08-18 05:12 . 2010-08-27 00:49 101376 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll 2010-08-18 05:11 . 2010-08-27 00:49 52224 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\FFExternalAlert.dll 2010-08-18 05:11 . 2010-08-27 00:49 101376 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}\components\RadioWMPCore.dll 2010-08-18 05:10 . 2010-08-27 00:49 52224 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{867dd841-5bf7-44ca-8426-c5a6eda00735}\components\FFExternalAlert.dll 2010-08-18 05:10 . 2010-08-27 00:49 101376 ----a-w- c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Pro files\spf80zx4.default\extensions\{867dd841-5bf7-44ca-8426-c5a6eda00735}\components\RadioWMPCore.dll 2010-08-16 06:18 . 2010-08-16 06:18 -------- d-----w- c:\users\Liam\AppData\Roaming\FastStone 2010-08-13 08:51 . 2010-08-13 08:51 -------- d-----w- c:\users\Gail\AppData\Roaming\Logitech 2010-08-13 04:56 . 2010-08-13 04:56 -------- d-----w- c:\users\Liam\AppData\Roaming\Logitech 2010-08-13 04:50 . 2010-08-13 04:50 -------- d-----w- c:\users\Brian\AppData\Roaming\Logitech 2010-08-13 04:50 . 2010-08-13 04:50 -------- d-----w- c:\users\Brian\AppData\Roaming\Leadertech 2010-08-13 04:50 . 2010-08-13 04:19 -------- d-----w- c:\program files\Common Files\Logishrd 2010-08-13 04:45 . 2010-08-13 04:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf 2010-08-13 04:45 . 2010-08-13 04:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf 2010-08-13 04:20 . 2010-08-13 04:20 -------- d-----w- c:\programdata\Logitech 2010-08-13 04:19 . 2010-08-13 04:19 -------- d-----w- c:\program files\Logitech 2010-08-13 04:14 . 2010-08-13 04:14 -------- d-----w- c:\programdata\LogiShrd 2010-08-07 02:31 . 2010-08-07 02:31 -------- d-----w- c:\users\Jennifer\AppData\Roaming\ScummVM 2010-08-07 02:30 . 2010-08-07 02:30 -------- d-----w- c:\users\Jennifer\AppData\Roaming\ZipGenius 2010-08-06 23:47 . 2010-02-19 01:42 -------- d-----w- c:\users\Jennifer\AppData\Roaming\iolo 2010-08-06 22:04 . 2010-05-15 23:00 -------- d-----w- c:\users\Jennifer\AppData\Roaming\LimeWire 2010-08-06 21:05 . 2010-08-06 21:05 -------- d-----w- c:\users\Jennifer\AppData\Roaming\BitMeter2 2010-08-01 07:00 . 2010-07-02 13:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\Markup.dll 2010-08-01 05:30 . 2010-08-01 03:59 2004 ----a-w- c:\windows\checkip.dat 2010-07-29 06:30 . 2010-08-12 20:13 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-12 20:13 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-26 01:45 . 2010-07-26 01:45 518 ----a-w- c:\users\Brian\AppData\Roaming\iolo\Registry\Last\ restore.bat 2010-07-17 05:22 . 2010-07-11 05:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\Markup.dll 2010-07-15 02:08 . 2010-07-15 02:08 63827 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\zlib.dll 2010-07-15 02:07 . 2010-07-15 02:07 81920 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\xmltok.dll 2010-07-15 02:07 . 2010-07-15 02:07 61440 ----a-w- c:\users\Brian\AppData\Roaming\CBS Interactive\CNET TechTracker\xmlparse.dll 2010-07-09 09:23 . 2010-07-09 09:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-07-09 08:57 . 2010-05-15 07:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-07-06 03:16 . 2010-02-15 05:26 94384 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-07-06 03:16 . 2010-02-15 05:26 2319536 ----a-w- c:\windows\system32\Incinerator.dll 2010-02-21 21:55 . 2010-02-21 21:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat .
|
|
#11
September 30th, 2010, 05:01 AM
|
||||
|
||||
|
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
. . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840] [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}] 2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] 2010-06-02 04:13 2515552 ----a-w- c:\program files\IsoBuster\tbIso1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}] 2010-06-02 04:13 2515552 ----a-w- c:\program files\Max_EN\tbMax1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 2010-06-02 04:13 2515552 ----a-w- c:\program files\MyAshampoo\tbMyA1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-02 2515552] "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso1.dll" [2010-06-02 2515552] "{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\tbMax1.dll" [2010-06-02 2515552] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso1.dll" [2010-06-02 2515552] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-02 2515552] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] "{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\tbMax1.dll" [2010-06-02 2515552] [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Sh areOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2010-05-01 08:13 291840 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "SODCPreLoad"="d:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe" [2007-10-29 40960] "DesktopMaestro"="c:\program files\Desktop Maestro\RMTray.exe" [2008-07-31 288656] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "WTClient"="WTClient.exe" [2007-04-11 40960] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-09 90112] "SoundMan"="SOUNDMAN.EXE" [2009-04-13 604704] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-07-13 1077248] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-07 472112] "NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-10-07 1086760] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] "iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2010-07-06 378048] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-21 30192] "EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-13 200704] "DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-01-15 267584] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-21 202256] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] c:\users\Liam\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-1-25 1462272] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-13 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 04:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bitmeter2.lnk] backup=c:\windows\pss\Bitmeter2.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Classic Start Menu] 2010-05-01 08:13 92160 ----a-w- c:\program files\Classic Shell\ClassicStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-24 22:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 10:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\ DrvAgent32.sys [2010-02-22 23456] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [2008-12-14 19968] R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2008-12-14 10240] R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sy s [2007-04-23 10752] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.02 9\SYMNDISV.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400] R4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-21 30192] R4 gupdate1cab0da1f0c2a24;Google Update Service (gupdate1cab0da1f0c2a24);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 133104] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-09 691696] R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2005-11-08 647242] S0 hotcore2;hotcore2;c:\windows\system32\drivers\hotc ore2.sys [2006-10-01 30808] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVER S\hotcore3.sys [2010-01-14 40560] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005 \SYMDS.SYS [2010-02-04 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\040300 0.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\2 0100901.003\BHDrvx86.sys [2010-09-01 692272] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000. 005\ccHPx86.sys [2010-02-26 501888] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\el rawdsk.sys [2009-09-07 20392] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20 100928.001\IDSvix86.sys [2010-09-01 344112] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.00 5\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.00 5\SYMTDIV.SYS [2010-05-06 339504] S2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [2009-03-10 869696] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-07-06 711352] S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-07-06 711352] S2 Mamutu;Mamutu Service;d:\program files\MAMUTU\a2service.exe [2008-07-26 380536] S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sy s [2007-06-07 18944] . Contents of the 'Scheduled Tasks' folder 2010-09-30 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-22 02:10] 2010-09-30 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-02-20 22:08] 2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:36] 2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:36] 2010-09-29 c:\windows\Tasks\Norton Security Scan for Brian.job - c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-19 22:06] 2010-09-29 c:\windows\Tasks\Norton Security Scan for Liam.job - c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-19 22:06] 2010-02-25 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2010-02-25 15:22] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://search.myheritage.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Pr ofiles\weotp7r9.default\ FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\components\co FFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\I PSFFPl.dll FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZInst.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N 360] "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2010-09-30 16:58:40 ComboFix-quarantined-files.txt 2010-09-30 03:58 Pre-Run: 140,834,734,080 bytes free Post-Run: 140,763,467,776 bytes free - - End Of File - - 324AE8179ECFE7D94A8E1ED115990BCE
|
|
#12
September 30th, 2010, 12:06 PM
|
||||
|
||||
|
Please run: superantispyware onlinescan
Follow the instructions on the site. When downloaded, click on – Check for updates – Button. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining. Ignore System Restore/Volume Information on ME and XP Please leave the others unchecked. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click NO. When the scan have finished -> Click Preferences . Click the Statistics/Logs tab . Under Scanner Logs , double-click SUPERAntiSpyware Scan Log . It will open in your default text editor (such as Notepad/Wordpad). Save the logfile to desktop Click close and close again to exit the program. Reboot, if needed. Post Superantispyware log, along with new hijackthis log and tell how things are running ? ___________________
|
|
#13
October 5th, 2010, 01:20 AM
|
||||
|
||||
|
The superantispyware log is going to take up about 200,000 characters (10ish posts)
Memory items scanned : 996 Memory threats detected : 0 Registry items scanned : 11138 Registry threats detected : 0 File items scanned : 846355 File threats detected : 2005 They're all tracking cookies (mainly on H which is the old back up hd) except: Adware.MyWebSearch/FunWebProducts H:\20100202_102333_BRIAN\C\PROGRAM FILES\INTERNET EXPLORER\MSIMG32.DLL H:\20100202_102333_BRIAN\C\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL H:\20100202_185558_BRIAN\C\PROGRAM FILES\INTERNET EXPLORER\MSIMG32.DLL H:\20100202_185558_BRIAN\C\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL Trojan.Agent/Gen-Krpytik H:\RACHEL\EXILE\KG_GAME.EXE
|
|
#14
October 5th, 2010, 01:26 AM
|
||||
|
||||
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:38 p.m., on 5/10/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\WTClient.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\soffice.exe C:\Program Files\Desktop Maestro\deskmech.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso1.dll O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O3 - Toolbar: Max EN Toolbar - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\tbMax1.dll O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [DiskSuite] C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [SODCPreLoad] D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe D:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\ O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\RMTray.exe /H O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [SODCPreLoad] D:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe D:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\ (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\RMTray.exe /H (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Liam') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1005\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (User 'Gail') O4 - HKUS\S-1-5-21-3517788748-2569468318-1541020256-1006\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (User 'Jennifer') O4 - S-1-5-21-3517788748-2569468318-1541020256-1003 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Liam') O4 - S-1-5-21-3517788748-2569468318-1541020256-1003 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Liam') O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3. dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: PC Tools Disk Suite (DiskSuiteService) - PC Tools Software - C:\Program Files\PC Tools Disk Suite\DSService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - D:\PROGRAM FILES\MAMUTU\a2service.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe -- End of file - 13080 bytes
|
|
#15
October 5th, 2010, 01:35 AM
|
||||
|
||||
|
Well I'm pretty sure we aren't getting the huge upload anymore (although the 1st of oct was rather large) we are still getting a very large download around 12-3am it seems to be..(it could be my brother though but he says it isn't and I'm sure he would have to know what he was doing to dl a few GB in an couple of hours >.<) anyway I'm going to block the router access to this computer via the mac address after midnight and see if that fixes stuff up
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Slow file (pdf, doc, txt etc..) opening related to VPN- & syn_sent? Move by Murf | bp33 | Networking | 5 | June 22nd, 2011 03:26 PM |
| download, upload | ggharp | Windows Vista | 4 | March 26th, 2011 02:04 AM |
| malware? netstat Explorer.exe SYN_SENT | chuckbert | Malware Removal | 12 | March 18th, 2010 07:57 PM |
| Netstat shows a fileburst.net every time, don't know why. | Glitterdoll | Malware Removal | 8 | December 10th, 2008 02:14 AM |
| Sharing apps in network? | i0r | Networking | 3 | November 19th, 2005 08:12 PM |
All times are GMT +1. The time now is 11:31 PM.