|
|
Wonderwoman
regular
Reg'd: Thu
Posts: 261
|
|
Can some please see if there is anything in this HJ log that maybe slowing my computer down -( slow as a snail)
thank you
Logfile of HijackThis v1.99.1
Scan saved at 21:45:48, on 02/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSGTAG\MSGTAG.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/48.14/uploader2.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: khfDtsRh - khfDtsRh.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31986
Loc: belfast
|
|
can you delete your old version of hijackthis and download the latest version from :-
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Double-click the file you've just downloaded and click on the unzip button to install the program. It will be installed to the C:\Program Files\Trend Micro\HijackThis\ folder by default.
then :-
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Please keep me informed about any changes to your problems during the different steps of the fix
FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
 
When the only tool you own is a hammer, every problem begins to look like a nail. 
|
Wonderwoman
regular
Reg'd: Thu
Posts: 261
|
|
not sure if its my imagination, but seem faster already-
here a both logs -
ComboFix 09-07-02.02 - Compaq_Owner 02/07/2009 22:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.516 [GMT 1:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Compaq_Owner\Application Data\inst.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Installer\2ea358.a374.msi
c:\windows\Installer\8c6af8.msi
c:\windows\Installer\ccf09.msi
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\plugin1.dat
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SysPr.prx
c:\windows\system32\WanPacket.dll
c:\windows\system32\win32
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 21:40 . 2009-07-02 21:40 -------- d-----w- c:\program files\Trend Micro
2009-07-02 07:58 . 2009-06-26 09:06 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-02 07:58 . 2009-06-26 09:06 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-02 07:58 . 2009-06-26 09:06 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-02 07:58 . 2009-06-26 09:06 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-02 07:58 . 2009-06-26 09:06 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-02 07:58 . 2009-06-26 09:06 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-02 07:58 . 2009-06-26 09:06 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-02 07:58 . 2009-06-26 09:06 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-02 07:58 . 2009-06-26 09:06 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-02 07:58 . 2009-06-26 09:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-02 07:58 . 2009-06-26 09:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-01 12:52 . 2009-07-01 12:52 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-30 22:16 . 2009-06-30 22:16 -------- d-----w- c:\program files\IrfanView
2009-06-30 17:05 . 2009-06-30 17:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Anthropics
2009-06-30 16:50 . 2009-06-30 16:50 -------- d-----w- c:\program files\Photo!
2009-06-27 12:55 . 2009-06-27 12:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Kodak
2009-06-27 12:51 . 2009-06-27 12:51 -------- d-----w- c:\program files\Kodak
2009-06-27 12:51 . 2009-06-27 12:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations
2009-06-24 20:17 . 2007-08-29 11:54 185344 ----a-w- c:\windows\system32\iwpsetup.exe
2009-06-11 07:30 . 2009-04-30 21:22 12800 ----a-w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 07:30 . 2009-04-30 21:22 246272 ----a-w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 14:05 . 2009-06-09 14:05 -------- d-----w- c:\program files\MSXML 4.0
2009-06-09 11:27 . 2009-06-09 11:27 -------- d-----w- c:\program files\Coupon Printer
2009-06-09 11:27 . 2009-06-09 11:27 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-06-08 13:40 . 2009-06-08 13:40 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FotoWire
2009-06-07 14:15 . 2009-06-08 15:05 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\skypePM
2009-06-07 14:15 . 2009-06-07 14:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-07 14:11 . 2009-06-24 20:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Skype
2009-06-07 14:10 . 2009-06-07 14:10 -------- d-----w- c:\program files\Common Files\Skype
2009-06-07 14:10 . 2009-06-07 14:10 -------- d-----r- c:\program files\Skype
2009-06-07 14:10 . 2009-06-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-06 22:47 . 2009-06-06 22:47 -------- d-----w- c:\program files\Common Files\CyberLink
2009-06-03 15:25 . 2009-06-03 15:25 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\DoubleD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 21:55 . 2009-03-28 19:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\MailWasherPro
2009-07-02 07:58 . 2009-03-28 16:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 17:42 . 2009-05-24 09:04 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2009-06-27 15:26 . 2009-04-13 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 15:19 . 2009-05-30 17:44 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-26 09:06 . 2009-03-28 16:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 09:06 . 2009-03-28 16:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 14:20 . 2009-06-08 12:43 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Affinegy
2009-06-17 10:27 . 2009-04-13 09:40 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-04-13 09:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 16:32 . 2009-03-28 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 13:40 . 2009-06-08 13:40 -------- d-----w- c:\program files\Common Files\FotoWire
2009-06-08 13:40 . 2009-06-08 10:54 -------- d-----w- c:\program files\Logitech
2009-06-08 13:17 . 2009-05-24 14:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 12:51 . 2005-01-02 06:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 12:39 . 2009-06-08 12:38 -------- d-----w- c:\program files\Virgin Broadband Wireless
2009-06-08 12:39 . 2009-06-08 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
2009-06-08 12:30 . 2009-06-08 12:30 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-08 12:30 . 2009-06-08 12:30 -------- d-----w- c:\program files\NETGEAR
2009-06-08 11:17 . 2009-05-30 07:29 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\CyberLink
2009-06-08 11:14 . 2009-05-30 07:27 -------- d-----w- c:\program files\CyberLink
2009-06-08 11:13 . 2009-05-30 09:13 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2009-06-08 10:55 . 2009-06-08 10:55 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-08 10:54 . 2009-06-08 10:54 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-06-06 22:47 . 2009-05-30 09:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-06 22:47 . 2009-05-30 09:18 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2009-06-06 06:58 . 2009-05-30 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-30 09:24 . 2009-05-30 09:24 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
2009-05-30 09:23 . 2009-05-30 09:23 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2009-05-30 09:21 . 2009-05-30 07:27 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2009-05-30 09:16 . 2009-05-30 09:16 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-05-30 09:15 . 2009-05-30 09:15 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2009-05-30 09:13 . 2009-05-30 09:13 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-05-30 09:11 . 2009-05-30 09:12 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-05-30 07:29 . 2009-03-28 11:15 75104 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-29 13:10 . 2009-04-06 17:01 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Canon
2009-05-29 12:53 . 2009-03-28 16:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2009-05-27 17:32 . 2009-05-27 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-05-27 17:07 . 2009-05-24 14:30 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2009-05-27 15:19 . 2009-05-25 08:54 -------- d-----w- c:\program files\Stellar Phoenix Deleted File Recovery
2009-05-27 15:19 . 2009-05-24 14:55 -------- d-----w- c:\program files\PhotoRescue Wizard PC 3.1.9.11674
2009-05-27 15:19 . 2009-05-24 14:37 -------- d-----w- c:\program files\Digital Photo Recovery
2009-05-25 08:54 . 2009-05-25 08:54 4 ----a-w- c:\windows\vx86036.dat
2009-05-24 15:14 . 2009-05-24 14:48 -------- d-----w- c:\program files\OfficeRecovery
2009-05-24 14:36 . 2009-05-24 14:36 23 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SLLOG.sys
2009-05-24 14:36 . 2009-05-24 14:36 23 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SLLOG.sys
2009-05-24 11:09 . 2009-05-24 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-05-24 09:04 . 2009-05-24 09:04 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-24 09:04 . 2009-05-24 09:04 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2009-05-24 09:04 . 2009-05-24 09:04 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2009-05-24 09:04 . 2009-05-24 09:04 -------- d-----w- c:\program files\VSO
2009-05-23 11:30 . 2009-04-20 17:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\The Complete Genealogy Reporter
2009-05-22 09:53 . 2009-05-22 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VirginMedia
2009-05-19 19:52 . 2009-05-19 19:52 15360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Thinstall\Data Doctor Recovery Digital Camera 3.0.1.5\1000000b00002i\RUNDLL32.exe
2009-05-19 19:52 . 2009-05-19 19:52 15360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Thinstall\Data Doctor Recovery Digital Camera 3.0.1.5\4000005200003i\FamilyTreeBuilder-Comm.exe
2009-05-19 18:59 . 2009-05-19 18:59 15360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Thinstall\Data Doctor Recovery Digital Camera 3.0.1.5\40000097c00002i\MyHeritage.exe
2009-05-19 17:27 . 2009-05-19 17:27 15360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Thinstall\Data Doctor Recovery Digital Camera 3.0.1.5\400000d00002i\DataDoctor-HDD.exe
2009-05-19 17:27 . 2009-05-19 14:02 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Thinstall
2009-05-19 16:54 . 2009-05-19 16:54 -------- d-----w- c:\program files\DiskInternals
2009-05-13 05:15 . 2009-03-28 17:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 08:36 . 2009-03-28 16:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-08 12:01 . 2009-04-09 15:10 -------- d-----w- c:\program files\Google
2009-05-07 15:44 . 2009-03-28 17:38 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 16:52 . 2009-05-04 15:43 -------- d-----w- c:\program files\Family Tree Maker 2008
2009-05-04 15:44 . 2009-05-04 15:44 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe
2009-05-04 15:44 . 2009-05-04 15:44 10134 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe
2009-05-04 15:44 . 2009-05-04 15:44 -------- d-----w- c:\program files\Microsoft WSE
2009-05-04 15:23 . 2009-03-31 16:31 -------- d-----w- c:\program files\Family Tree Maker 2006
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-17 09:58 . 2009-03-28 17:41 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 17:32 . 2009-04-16 17:32 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-15 15:11 . 2009-03-28 17:40 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 15:20 . 2009-04-13 15:20 106496 ----a-w- c:\windows\rtpmsi32.dll
2009-04-13 13:50 . 2009-04-13 13:50 245760 ------w- c:\windows\Setup1.exe
2009-04-13 13:50 . 2009-04-13 13:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-07 20:25 . 2009-04-18 11:34 100944 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-04-07 20:25 . 2009-04-18 11:34 79888 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-04-07 20:25 . 2009-04-18 11:14 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2005-08-07 17:24 . 2009-03-28 18:05 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSGTAG"="c:\program files\MSGTAG\MSGTAG.exe" [2003-09-16 1320448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2009-3-28 16485023]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Windows Update"="c:\windows\system32\svchost.exe"
"Windows Update 4"="c:\windows\system32\svchost.exe"
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"MSGTAG"="c:\program files\MSGTAG\MSGTAG.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"AlcxMonitor"=ALCXMNTR.EXE
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe"
"EPSON Stylus Photo R200 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" -lang 1033
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"InstantBurn"=c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechGalleryRepair"=c:\program files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" startup
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\German\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSGTAG\\MSGTAG.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [04/02/2009 11:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [04/02/2009 11:22 19456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/03/2009 17:08 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/03/2009 17:09 108552]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [30/05/2009 10:12 15784]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/06/06 23:48];c:\program files\CyberLink\PowerDVD8\000.fcl [05/03/2009 01:47 87536]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [28/03/2009 17:08 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28/03/2009 17:08 298776]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [30/05/2009 10:12 162344]
R2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 09:23 150528]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13/04/2009 10:40 195856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13/04/2009 10:40 19096]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [18/04/2009 12:34 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{J2O6W5DJ-14MS-4317-3R78-R5R86E5G12AE}]
c:\program files\System32\Updater.exe Restart
.
Contents of the 'Scheduled Tasks' folder
2009-06-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{4565CF51-C5AF-4B74-AABA-1FE7A5EDB061}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
Notify-khfDtsRh - khfDtsRh.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 22:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1495055109-845452938-3173171980-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1495055109-845452938-3173171980-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{53C38EED-D45D-3C90-EDAD-90F1CE12DCB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(560)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Mediafour\MacDrive 7\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 7\MACDRAPI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-07-02 22:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 21:57
Pre-Run: 165,860,986,880 bytes free
Post-Run: 165,742,043,136 bytes free
337 --- E O F --- 2009-06-14 16:33
HJ log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:10, on 02/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/48.14/uploader2.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 10019 bytes
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31986
Loc: belfast
|
|
that looks clean now, just some tidying up to do.
Click START then RUN
Now type Combofix /u in the runbox and click OK
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
Leave the system section at default.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
Wonderwoman
regular
Reg'd: Thu
Posts: 261
|
|
Did anyone every tell you guys, youre a girls best friend, who needs diamonds when you have Webuser forum 
running like a dream
thanks again
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 31986
Loc: belfast
|
|
glad you're sorted.
Happy to help 
--------------------
IF I HAVE SAVED YOU MONEY, PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE.
When the only tool you own is a hammer, every problem begins to look like a nail.
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
