|
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
The two entries I think are the problem are the GLF2F and TBunin onspeed. After several hundred attempts to delete these entries, even from the registry, something keeps putting them back. This is not life threatening just a pain as it is slowing the startup time.
Any advice at your leisure would be much appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:32, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stickies\stickies.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunOnce: [GLF2F.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2F.tmp""
O4 - HKLM\..\RunOnce: [onspeed_toolbar] C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.EXE -df "C:\PROGRA~1\ONSPEE~1\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1197365085951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC99AB2-DE63-4AAD-B0D9-AFA542CC1F34}: NameServer = 80.58.61.250 80.58.61.254
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5422 bytes
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
Hi Grahammelon,
- 1. Download ComboFix.exe using either of these links:
Link 1
Link 3
- Double click on combofix.exe to run the programme & then follow the prompts.
It will create a new system restore point and registry backup.
You will be asked to type 1 (One) and then "enter" to run the programe.
Your firewall may seek permission to allow the programme to run. Check the "Remember" checkbox and click yes
- When finished, it will produce a log for you. Save the log then copy and post it back here with a fresh HJT log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
Edited by Joe_London (Thu Mar 27 2008 09:53 AM)
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Hello again Joe,
Hope you are ok. Hope you had a visit from the easter bunny, looks like I've had a visit from the easter bunin.
Many thanks for your help,........again.
ComboFix 08-03-25.4 - teded2 2008-03-26 21:56:34.1 - FAT32x86
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\start.exe
C:\WINDOWS\Web\default.httcc
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-26 21:45 . 2008-03-26 21:50 1,599,547 --a------ C:\Program Files\ComboFix.exe
2008-03-26 13:34 . 2008-03-26 13:35 532,480 --a------ C:\Program Files\cwshredder.exe
2008-03-26 13:31 . 2008-03-26 13:31 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-26 13:22 . 2008-03-26 13:30 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-03-22 19:37 . 2008-03-22 19:37 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\EPSON
2008-03-22 19:21 . 2008-03-22 19:21 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\Smart Panel
2008-03-22 19:21 . 2008-03-22 19:21 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-22 19:09 . 2008-03-22 19:09 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\ABBYY
2008-03-22 19:09 . 2008-03-22 19:09 39,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
2008-03-22 19:06 . 2008-03-22 19:06 <DIR> d-------- C:\Program Files\ABBYY
2008-03-22 19:06 . 2001-10-19 12:18 708,696 --a------ C:\WINDOWS\SYSTEM32\python21.dll
2008-03-22 19:06 . 2001-10-19 12:18 290,919 --a------ C:\WINDOWS\SYSTEM32\pythoncom21.dll
2008-03-22 19:06 . 2001-10-19 12:19 57,344 --a------ C:\WINDOWS\SYSTEM32\PyWinTypes21.dll
2008-03-22 19:05 . 2008-03-22 19:05 <DIR> d-------- C:\Program Files\Common Files\Python
2008-03-22 19:02 . 1999-06-15 11:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-22 19:02 . 1999-12-07 02:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-22 19:02 . 1999-04-27 00:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-22 19:02 . 2000-09-08 13:31 72 --------- C:\WINDOWS\SYSTEM32\epDPE.ini
2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Program Files\Smart Panel
2008-03-22 18:59 . 2003-03-28 16:56 176,128 --a------ C:\WINDOWS\SYSTEM32\ESWIA30.dll
2008-03-22 18:58 . 2003-03-28 16:57 278,528 --a------ C:\WINDOWS\SYSTEM32\esint30.dll
2008-03-22 18:58 . 2003-03-28 16:50 64,000 --a------ C:\WINDOWS\SYSTEM32\ESFW30.BIN
2008-03-22 18:57 . 2003-03-10 00:00 217,088 --a------ C:\WINDOWS\SYSTEM32\ESDTR.dll
2008-03-22 18:53 . 2008-03-22 18:54 131 --a------ C:\WINDOWS\EPSON Perfection 1670S.ini
2008-03-22 18:20 . 2008-03-22 18:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 18:16 . 2008-03-22 18:18 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-03-21 13:08 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2008-03-21 12:57 . 2007-12-20 09:43 248,448 --a------ C:\WINDOWS\SYSTEM32\PROUnstl.exe
2008-03-20 20:36 . 2008-03-20 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-20 20:36 . 2008-03-20 20:36 79,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys
2008-03-20 20:36 . 2008-03-20 20:36 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2008-03-20 18:56 . 2008-03-20 20:16 20,956,416 --a------ C:\Program Files\CFP_Setup_3.0.20.320_XP_Vista_x32.exe
2008-03-18 17:34 . 2008-03-18 17:34 <DIR> d-------- C:\Program Files\Sun
2008-03-01 13:01 . 2008-03-01 13:01 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-01 12:39 . 2008-03-01 12:59 1,567,713 --a------ C:\Program Files\revosetup.exe
2008-03-01 12:18 . 2008-03-01 12:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-01 12:18 . 2008-03-01 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 11:59 . 2008-03-01 12:17 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:36 139,008 ----a-w C:\WINDOWS\SYSTEM32\guard32.dll
2008-02-21 10:42 --------- d-----w C:\Documents and Settings\teded2\Application Data\LimeWire
2008-02-21 10:41 --------- d-----w C:\Program Files\LimeWire
2008-02-21 10:40 4,506,256 ----a-w C:\Program Files\LimeWireWin.exe
2008-02-19 10:28 --------- d-----w C:\Documents and Settings\teded2\Application Data\SlipStream
2008-02-18 18:03 --------- d-----w C:\Program Files\Foxit Software
2008-02-18 09:36 --------- d-----w C:\Program Files\Secunia
2008-02-18 09:35 469,794 ----a-w C:\Program Files\PSISetup.exe
2008-02-17 22:40 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 12:45 --------- d-----w C:\Documents and Settings\teded2\Application Data\wsInspector
2008-02-17 12:38 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-02-17 12:37 685,988 ----a-w C:\Program Files\isw2.exe
2008-02-16 12:53 --------- d-----w C:\Program Files\Java
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\teded2\Application Data\Uniblue
2008-02-13 11:49 --------- d-----w C:\Documents and Settings\teded2\Application Data\Media Player Classic
2008-02-13 11:48 --------- d-----w C:\Program Files\XP Codec Pack
2008-02-13 11:06 318,904 ----a-w C:\Program Files\wmpfirefoxplugin.exe
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-12 19:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 11:16 --------- d-----w C:\Program Files\Stickies
2008-02-04 11:16 --------- d-----w C:\Documents and Settings\teded2\Application Data\stickies
2008-02-04 11:15 998,944 ----a-w C:\Program Files\stickies.exe
2008-01-23 18:49 2,733,928 ----a-w C:\Program Files\ccsetup204.exe
2008-01-21 19:09 3,080,257 ----a-w C:\Program Files\aaw2007.exe.part
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-12-14 19:59 42,567,136 ----a-w C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
2007-12-11 15:19 6,026,816 ----a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2007-12-11 10:35 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-12-10 23:20 266 --sh--w C:\Program Files\desktop.ini
2007-12-10 23:20 11,079 ---h--w C:\Program Files\folder.htt
2007-12-14 00:51 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121420071215\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 04:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-10-07 12:04 2083664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 15:54 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-20 20:36 1481984]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GLF2F.tmp"="cmd /c rmdir /s /q C:\Program Files\GLF2F.tmp" [ ]
"onspeed_toolbar"="C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-11 15:44 219136]
C:\Documents and Settings\teded2\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:46 757760]
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-05 11:36:24 610304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-20 20:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-20 20:36]
R1 SMBus;Intel(R) SMBus Driver;C:\WINDOWS\system32\DRIVERS\SMBus.sys [2001-08-20 17:33]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-01-22 10:18]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"1999-04-23 21:22:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 22:12:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-03-26 22:14:03
ComboFix-quarantined-files.txt 2008-03-26 21:13:56
.
2008-03-15 11:49:54 --- E O F ---
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
Hi Grahammelon,
Please disable SpybotSD TeaTimer to allow the changes to take effect. You can re-enable it again after we complete the fix.
I strongly recommend uninstalling Limewire via the add/remove utility in the control panel.
For further information please read this article By Taz CC:
http://www.castlecops.com/t204179-P2P_programs_we_ask_that_you_remove_first.html
Open Hijackthis, take another scan and place a checkmark next to these entries.
O4 - HKLM\..\RunOnce: [GLF2F.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2F.tmp""
O4 - HKLM\..\RunOnce: [onspeed_toolbar] C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.EXE -df "C:\PROGRA~1\ONSPEE~1\"
Close all open Windows except Hijackthis and click on "fix Checked".
Open Windows Explorer, Locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:
files...
C:\Program Files\GLF2F.tmp
C:\DOCUMENTS AND SETTINGS\teded2\LOCALS SETTINGS\Temp\TBUNIN~1.EXE
C:\Program Files\LimeWireWin.exe
folders...
C:\Documents and Settings\teded2\Application Data\LimeWire
C:\Program Files\LimeWire
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".
Reboot the Computer.
- Double click on combofix.exe to run the programme & then follow the prompts.
It will create a new system restore point and registry backup.
You will be asked to type 1 (One) and then "enter" to run the programe.
Your firewall may seek permission to allow the programme to run. Check the "Remember" checkbox and click yes
- When finished, it will produce a log for you. Save the log then copy and post it back here with a fresh HJT log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Many thanks Joe,
Had to turn off comodo defense and alert to get combifix to run. When I rebooted PC usual message about windows can't find TBUNUN didn't come up, however when I clicked on combifix to run it did, strange. Also although I turned off S&D, I still got pop up message for GLF2F and onspeed toolbar being denied global entry startup.
Whether that means anything I don't know but thought I'd mention it.
Here is last combi log. Many many thanks for your time and help.
ComboFix 08-03-25.4 - teded2 2008-03-27 14:49:19.2 - FAT32x86
Running from: C:\Program Files\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.
2008-03-26 21:45 . 2008-03-26 21:50 1,599,547 --a------ C:\Program Files\ComboFix.exe
2008-03-26 13:34 . 2008-03-26 13:35 532,480 --a------ C:\Program Files\cwshredder.exe
2008-03-26 13:31 . 2008-03-26 13:31 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-26 13:22 . 2008-03-26 13:30 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-03-22 19:37 . 2008-03-22 19:37 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\EPSON
2008-03-22 19:21 . 2008-03-22 19:21 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\Smart Panel
2008-03-22 19:21 . 2008-03-22 19:21 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-22 19:09 . 2008-03-22 19:09 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\ABBYY
2008-03-22 19:09 . 2008-03-22 19:09 39,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
2008-03-22 19:06 . 2008-03-22 19:06 <DIR> d-------- C:\Program Files\ABBYY
2008-03-22 19:06 . 2001-10-19 12:18 708,696 --a------ C:\WINDOWS\SYSTEM32\python21.dll
2008-03-22 19:06 . 2001-10-19 12:18 290,919 --a------ C:\WINDOWS\SYSTEM32\pythoncom21.dll
2008-03-22 19:06 . 2001-10-19 12:19 57,344 --a------ C:\WINDOWS\SYSTEM32\PyWinTypes21.dll
2008-03-22 19:05 . 2008-03-22 19:05 <DIR> d-------- C:\Program Files\Common Files\Python
2008-03-22 19:02 . 1999-06-15 11:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-22 19:02 . 1999-12-07 02:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-22 19:02 . 1999-04-27 00:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-22 19:02 . 2000-09-08 13:31 72 --------- C:\WINDOWS\SYSTEM32\epDPE.ini
2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Program Files\Smart Panel
2008-03-22 18:59 . 2003-03-28 16:56 176,128 --a------ C:\WINDOWS\SYSTEM32\ESWIA30.dll
2008-03-22 18:58 . 2003-03-28 16:57 278,528 --a------ C:\WINDOWS\SYSTEM32\esint30.dll
2008-03-22 18:58 . 2003-03-28 16:50 64,000 --a------ C:\WINDOWS\SYSTEM32\ESFW30.BIN
2008-03-22 18:57 . 2003-03-10 00:00 217,088 --a------ C:\WINDOWS\SYSTEM32\ESDTR.dll
2008-03-22 18:53 . 2008-03-22 18:54 131 --a------ C:\WINDOWS\EPSON Perfection 1670S.ini
2008-03-22 18:20 . 2008-03-22 18:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 18:16 . 2008-03-22 18:18 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-03-21 13:08 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2008-03-21 12:57 . 2007-12-20 09:43 248,448 --a------ C:\WINDOWS\SYSTEM32\PROUnstl.exe
2008-03-20 20:36 . 2008-03-20 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-20 20:36 . 2008-03-20 20:36 79,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys
2008-03-20 20:36 . 2008-03-20 20:36 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2008-03-20 18:56 . 2008-03-20 20:16 20,956,416 --a------ C:\Program Files\CFP_Setup_3.0.20.320_XP_Vista_x32.exe
2008-03-18 17:34 . 2008-03-18 17:34 <DIR> d-------- C:\Program Files\Sun
2008-03-01 13:01 . 2008-03-01 13:01 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-01 12:39 . 2008-03-01 12:59 1,567,713 --a------ C:\Program Files\revosetup.exe
2008-03-01 12:18 . 2008-03-01 12:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-01 12:18 . 2008-03-01 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 11:59 . 2008-03-01 12:17 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:36 139,008 ----a-w C:\WINDOWS\SYSTEM32\guard32.dll
2008-02-19 10:28 --------- d-----w C:\Documents and Settings\teded2\Application Data\SlipStream
2008-02-18 18:03 --------- d-----w C:\Program Files\Foxit Software
2008-02-18 09:36 --------- d-----w C:\Program Files\Secunia
2008-02-18 09:35 469,794 ----a-w C:\Program Files\PSISetup.exe
2008-02-17 22:40 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 12:45 --------- d-----w C:\Documents and Settings\teded2\Application Data\wsInspector
2008-02-17 12:38 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-02-17 12:37 685,988 ----a-w C:\Program Files\isw2.exe
2008-02-16 12:53 --------- d-----w C:\Program Files\Java
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\teded2\Application Data\Uniblue
2008-02-13 11:49 --------- d-----w C:\Documents and Settings\teded2\Application Data\Media Player Classic
2008-02-13 11:48 --------- d-----w C:\Program Files\XP Codec Pack
2008-02-13 11:06 318,904 ----a-w C:\Program Files\wmpfirefoxplugin.exe
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-12 19:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 11:16 --------- d-----w C:\Program Files\Stickies
2008-02-04 11:16 --------- d-----w C:\Documents and Settings\teded2\Application Data\stickies
2008-02-04 11:15 998,944 ----a-w C:\Program Files\stickies.exe
2008-01-23 18:49 2,733,928 ----a-w C:\Program Files\ccsetup204.exe
2008-01-21 19:09 3,080,257 ----a-w C:\Program Files\aaw2007.exe.part
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-12-14 19:59 42,567,136 ----a-w C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
2007-12-11 15:19 6,026,816 ----a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2007-12-11 10:35 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-12-10 23:20 266 --sh--w C:\Program Files\desktop.ini
2007-12-10 23:20 11,079 ---h--w C:\Program Files\folder.htt
2007-12-14 00:51 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121420071215\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 04:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-10-07 12:04 2083664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 15:54 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-20 20:36 1481984]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-11 15:44 219136]
C:\Documents and Settings\teded2\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:46 757760]
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-05 11:36:24 610304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-20 20:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-20 20:36]
R1 SMBus;Intel(R) SMBus Driver;C:\WINDOWS\system32\DRIVERS\SMBus.sys [2001-08-20 17:33]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-01-22 10:18]
.
Contents of the 'Scheduled Tasks' folder
"1999-04-23 21:22:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 15:05:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-03-27 15:06:39
ComboFix-quarantined-files.txt 2008-03-27 14:06:30
ComboFix2.txt 2008-03-26 21:14:06
.
2008-03-15 11:49:54 --- E O F ---
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
I need a new HJT log as well.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Sorry Joe missed that one, Derrrrrr.
I see the entries are still there??? Also, I switched S&D off but it is switching itself back on.
I hope I am running combi right as when I double click on it as you say, it goes into auto run and I have not typed 1 into it. Oh, by the way, could not find GLF2F.tmp on PC, either in safe mode.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:22, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunOnce: [GLF2F.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2F.tmp""
O4 - HKLM\..\RunOnce: [onspeed_toolbar] C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.EXE -df "C:\PROGRA~1\ONSPEE~1\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1197365085951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC99AB2-DE63-4AAD-B0D9-AFA542CC1F34}: NameServer = 80.58.61.250 80.58.61.254
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5798 bytes
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
Hi Grahammelon,
Not sure if teatimer is causing the problem or not but its still running.
To disable teatimer:
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Then run HJT again and see if you can fix those two entries:
O4 - HKLM\..\RunOnce: [GLF2F.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2F.tmp""
O4 - HKLM\..\RunOnce: [onspeed_toolbar] C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.EXE -df "C:\PROGRA~1\ONSPEE~1\"
Reboot and post a new hjt log when done.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Hello Joe,
As I said before,S&D will not turn off. As soon as I exit, the box re-checks itself, very strange.
Whenever I log on PC I get 2 boxes from S&D saying both those entries have denied global entry startup as per my blacklist. Also S&D does not disappear from task bar even if I try to remove it and invariably says program not responding.
It seems from this that S&D is causing the problem of removing these entries.
Anyway, here is HJT with both entries still there.
Any thoughts. I did read that someone had used SDFix to remove GLF2F.tmp????
Many thanks as always.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:46, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunOnce: [GLF2F.tmp] cmd /c "rmdir /s /q "C:\Program Files\GLF2F.tmp""
O4 - HKLM\..\RunOnce: [onspeed_toolbar] C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.EXE -df "C:\PROGRA~1\ONSPEE~1\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1197365085951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5665 bytes
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Hmmmm,
After several attempts and reboots I have managed to switch off S&D Ttimer, ran HJT and it seems entries are gone.
I'm not getting any pop up messages about TBunin or S&D global startups, soooooo it all seems tickety boo.
My question now is, what will happen when/if I turn Ttimer back on?
Many thanks
Graham
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:20, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1197365085951
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5313 bytes
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
Hi Grahammelon,
We'll deal with Spybot after we've cleaned up.
Those entries have now gone from the HJT log and the Combofix log, however I want to ensure the files are also gone from the hard drive.
You may need to Show hidden files and folders.
To enable the viewing of Hidden files follow these steps:
- Close all programs so that you are at your desktop.
- Double-click on the My Computer icon.
- Select the Tools menu and click Folder Options.
- After the new window appears select the View tab.
- Put a checkmark in the checkbox labeled Display the contents of system folders.
- Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
- Remove the checkmark from the checkbox labeled Hide protected operating system files.
- Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.
Copy the part in bold below into notepad and save it to your Desktop as direxie.bat
Set File type to "All files"
Doubleclick direxie.bat
cd\
cd C:\Documents and Settings\teded2\Local Settings\Temp
dir /x > C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt
Copy and past the log here please
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Hi Joe,
Done what you said re hidden stuff.Copied direxie.bat to desktop but when I dbl click on it, it flashes on screen for a milly second and that's it.
This may be due to an error on my part. Can you clarify. I highlight the bold txt as you say and then under file I am saving as "save frame as" and then to desktop.
However you say save it to notepad then desktop, am I doing something wrong?
Many thanks
Graham
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
|
Quote:
This may be due to an error on my part. Can you clarify. I highlight the bold txt as you say and then under file I am saving as "save frame as" and then to desktop.
It may not be your mistake however make sure you select the save as all files when saving to Desktop and its just "Save As" No frame.
Then, once saved, it should appear on your desktop and the Icon should look like a little cog wheel.
After you double click a short flash is normal but notpad should then open with all the information I need on it. Just copy and paste it here.
If notepad fails to open take a look in C:\ and look for directory.txt Do that first in any event in case its already there, If not delete the current direxie.bat and then start again.
Good luck
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
grahammelon
regular
Reg'd: Mon
Posts: 656
Loc: Not sure
|
|
Hi Joe,
Thanks for your patience.
Don't ask me how I did this, I spent 45 mins and have no idea.
I hope this is the right log. I'm sure you'll let me know.
Many many thanks
Graham
Volume in drive C has no label.
Volume Serial Number is 8EBA-4C72
Directory of C:\Documents and Settings\teded2\Local Settings\Temp
11/12/2007 01:04 <DIR> .
11/12/2007 01:04 <DIR> ..
28/03/2008 21:39 <DIR> WPDNSE
28/03/2008 21:40 0 JET2F67.tmp
28/03/2008 21:45 1,038 jusched.log
2 File(s) 1,038 bytes
3 Dir(s) 29,688,922,112 bytes free
Volume in drive C has no label.
Volume Serial Number is 8EBA-4C72
Directory of C:\Program Files
11/12/2007 00:05 <DIR> .
11/12/2007 00:05 <DIR> ..
11/12/2007 00:05 <DIR> COMMON~1 Common Files
30/12/2007 23:04 <DIR> LGGSM
11/12/2007 00:05 <DIR> CHAT
22/03/2008 19:06 <DIR> ABBYY
11/12/2007 00:13 <DIR> ONLINE~1 Online Services
13/01/2008 13:47 <DIR> EPSON
11/12/2007 00:05 <DIR> ACCESS~1 Accessories
11/12/2007 00:05 <DIR> INTERN~1 Internet Explorer
11/12/2007 00:05 <DIR> NETMEE~1 NetMeeting
11/12/2007 00:05 <DIR> OUTLOO~1 Outlook Express
11/12/2007 00:05 <DIR> WINDOW~1 Windows Media Player
11/12/2007 00:19 <DIR> UNINST~1 Uninstall Information
11/12/2007 00:21 <DIR> DIRECTX DirectX
11/12/2007 00:59 <DIR> WINDOW~2 Windows NT
11/12/2007 00:59 <DIR> MSNGAM~1 MSN Gaming Zone
11/12/2007 00:59 <DIR> MSN
11/12/2007 01:00 <DIR> MESSEN~1 Messenger
11/12/2007 01:00 <DIR> COMPLU~1 ComPlus Applications
11/12/2007 01:02 <DIR> MOVIEM~1 Movie Maker
11/12/2007 01:05 <DIR> MICROS~1 microsoft frontpage
11/12/2007 01:05 <DIR> xerox
11/12/2007 15:19 <DIR> GRISOFT Grisoft
11/12/2007 02:37 <DIR> INTEL Intel
11/12/2007 02:39 <DIR> ANALOG~1 Analog Devices
11/12/2007 11:35 7,467,056 SPYBOT~1.EXE spybotsd15.exe
11/12/2007 11:52 <DIR> SPYBOT~1 Spybot - Search & Destroy
01/03/2008 12:17 2,671,816 SPYWAR~1.EXE spywareblastersetup40.exe
01/03/2008 12:18 <DIR> SPYWAR~1 SpywareBlaster
22/03/2008 18:21 <DIR> TRENDM~1 Trend Micro
22/03/2008 19:00 <DIR> SMARTP~1 Smart Panel
11/12/2007 16:19 6,026,816 FIREFO~1.EXE Firefox Setup 2.0.0.11.exe
11/12/2007 16:20 <DIR> MOZILL~1 Mozilla Firefox
11/12/2007 18:58 <DIR> LUCASA~1 LucasArts
14/12/2007 00:57 <DIR> SYSTEM~1 SystemRequirementsLab
14/12/2007 14:12 <DIR> CCLEANER CCleaner
30/12/2007 23:05 <DIR> LGELEC~1 LG Electronics
14/12/2007 20:59 42,567,136 9371_F~1.EXE 93.71_forceware_winxp2k_english_whql.exe
18/03/2008 17:34 <DIR> SUN Sun
22/03/2008 18:18 812,344 HJTINS~1.EXE HJTInstall.exe
13/01/2008 13:54 <DIR> CANON Canon
21/01/2008 20:09 3,080,257 AAW200~1.PAR aaw2007.exe.part
04/02/2008 12:15 998,944 stickies.exe
04/02/2008 12:16 <DIR> STICKIES Stickies
23/01/2008 19:49 2,733,928 CCSETU~1.EXE ccsetup204.exe
12/02/2008 20:21 <DIR> WINDOW~4 Windows Media Connect 2
13/02/2008 12:48 <DIR> XPCODE~1 XP Codec Pack
17/02/2008 13:37 685,988 isw2.exe
13/02/2008 12:06 318,904 WMPFIR~1.EXE wmpfirefoxplugin.exe
26/03/2008 21:50 1,599,547 COMBOFIX.EXE ComboFix.exe
16/02/2008 13:53 <DIR> JAVA Java
18/02/2008 10:35 469,794 PSISETUP.EXE PSISetup.exe
01/03/2008 12:59 1,567,713 REVOSE~1.EXE revosetup.exe
01/03/2008 13:01 <DIR> VSREVO~1 VS Revo Group
17/02/2008 13:38 <DIR> STARTU~1 Startup Inspector for Windows
18/02/2008 10:36 <DIR> SECUNIA Secunia
18/02/2008 19:03 <DIR> FOXITS~1 Foxit Software
26/03/2008 13:30 2,751,368 CCSETU~2.EXE ccsetup206.exe
20/03/2008 20:16 20,956,416 CFP_SE~2.EXE CFP_Setup_3.0.20.320_XP_Vista_x32.exe
26/03/2008 13:35 532,480 CWSHRE~1.EXE cwshredder.exe
11/12/2007 14:23 <DIR> COMODO
16 File(s) 95,240,507 bytes
46 Dir(s) 29,688,922,112 bytes free
--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time
I wish I had a mind to make up
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10489
Loc: London
|
| |
Previous
Index
Next
Threaded
Edit
Reply
Quote
