Our November Competition
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Back again!! please check logs
Register for a Free Account

[Fixed] Hijackthis! Logs - Back again!! please check logs posted in the Security & Safety forums; Running windows xp, 32bit. Had been running fine but noticed my space pages were changing. Log files included below, including malware bytes log. ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start ...


Reply
Recommended Driver Scanner
Page 1 of 2 1 2
Old 3 Weeks Ago   #1
Silver Member
 
litobitblond's Avatar
 
Join Date: Sep 2008
Posts: 103
PC Experience: Experienced
Default Back again!! please check logs
Running windows xp, 32bit. Had been running fine but noticed my space pages were changing. Log files included below, including malware bytes log.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/28 14:52
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF77DF000 Size: 18720 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB4F20000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7647000 Size: 42368 File Visible: - Signed: -
Status: -

Name: ASPI32.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASPI32.SYS
Address: 0xF778F000 Size: 16512 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA17000 Size: 258048 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 270336 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB9694000 Size: 1564672 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA8C000 Size: 2637824 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA56000 Size: 221184 File Visible: - Signed: -
Status: -

Name: atinmdxx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
Address: 0xF77BF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: atinpdxx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
Address: 0xF77B7000 Size: 28672 File Visible: - Signed: -
Status: -

Name: atinraxx.sys
Image Path: C:\WINDOWS\System32\DRIVERS\atinraxx.sys
Address: 0xBADFD000 Size: 65536 File Visible: - Signed: -
Status: -

Name: atinrvxx.sys
Image Path: C:\WINDOWS\System32\DRIVERS\atinrvxx.sys
Address: 0xB3F59000 Size: 118784 File Visible: - Signed: -
Status: -

Name: atintuxx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atintuxx.sys
Address: 0xB3F43000 Size: 90112 File Visible: - Signed: -
Status: -

Name: atinxsxx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
Address: 0xB3F76000 Size: 77824 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFD10000 Size: 864256 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7A8E000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB4C9B000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA119000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB4F6A000 Size: 101888 File Visible: - Signed: -
Status: -

Name: aw_host5.sys
Image Path: C:\WINDOWS\system32\drivers\aw_host5.sys
Address: 0xF780F000 Size: 31584 File Visible: - Signed: -
Status: -

Name: awlegacy.sys
Image Path: C:\WINDOWS\System32\Drivers\awlegacy.sys
Address: 0xF793B000 Size: 10048 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79BB000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBAE2D000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7687000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CINEMSUP.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS
Address: 0xB3FD9000 Size: 24576 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ctac32k.sys
Image Path: C:\WINDOWS\System32\drivers\ctac32k.sys
Address: 0xB5084000 Size: 131744 File Visible: - Signed: -
Status: -

Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB938A000 Size: 451008 File Visible: - Signed: -
Status: -

Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB934D000 Size: 102080 File Visible: - Signed: -
Status: -

Name: ctprxy2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Address: 0xF79AD000 Size: 5632 File Visible: - Signed: -
Status: -

Name: ctsfm2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Address: 0xB504A000 Size: 124704 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798B000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7667000 Size: 61440 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB91CD000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A73000 Size: 4096 File Visible: - Signed: -
Status: -

Name: emupia2k.sys
Image Path: C:\WINDOWS\System32\drivers\emupia2k.sys
Address: 0xB5069000 Size: 107744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7807000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7577000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xBA151000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF747A000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79B9000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBAFD0000 Size: 10624 File Visible: - Signed: -
Status: -

Name: Gernuwa.sys
Image Path: Gernuwa.sys
Address: 0xF789B000 Size: 14208 File Visible: - Signed: -
Status: -

Name: GTNDIS5.SYS
Image Path: C:\WINDOWS\system32\GTNDIS5.SYS
Address: 0xB0E68000 Size: 15872 File Visible: - Signed: -
Status: -

Name: ha10kx2k.sys
Image Path: C:\WINDOWS\System32\drivers\ha10kx2k.sys
Address: 0xB50A5000 Size: 766816 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\Drivers\HIDCLASS.SYS
Address: 0xF7557000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\Drivers\HIDPARSE.SYS
Address: 0xBA129000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HSF_USR.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_USR.sys
Address: 0xB93F9000 Size: 729728 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB0EF8000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7677000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF76A7000 Size: 42112 File Visible: - Signed: -
Status: -

Name: InCDfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDfs.SYS
Address: 0xB5015000 Size: 84096 File Visible: - Signed: -
Status: -

Name: InCDPass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\InCDPass.sys
Address: 0xF781F000 Size: 27072 File Visible: - Signed: -
Status: -

Name: InCDrec.SYS
Image Path: C:\WINDOWS\System32\Drivers\InCDrec.SYS
Address: 0xF79C1000 Size: 5056 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBADAD000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB4F83000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB5002000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7817000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB07E6000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB95A9000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7451000 Size: 92928 File Visible: - Signed: -
Status: -

Name: LHidFlt2.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
Address: 0xBA121000 Size: 24448 File Visible: - Signed: -
Status: -

Name: LHidUsb.Sys
Image Path: C:\WINDOWS\System32\Drivers\LHidUsb.Sys
Address: 0xF7567000 Size: 33536 File Visible: - Signed: -
Status: -

Name: LMouFlt2.sys
Image Path: C:\WINDOWS\System32\Drivers\LMouFlt2.sys
Address: 0xF7547000 Size: 63424 File Visible: - Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF798F000 Size: 7360 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB1BC3000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79BD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77FF000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7757000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xBAFF0000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mqac.sys
Image Path: C:\WINDOWS\System32\drivers\mqac.sys
Address: 0xB1A4F000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB1B7E000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB4DBD000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA139000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF76E7000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBAF89000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF740A000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7424000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBAFBC000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB1E27000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB9336000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7587000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xB9832000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB4F42000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA131000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA9F9000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OMCI.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
Address: 0xBAFF4000 Size: 12864 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PDIHWCTL.SYS
Image Path: C:\WINDOWS\System32\Drivers\PDIHWCTL.SYS
Address: 0xB1CB3000 Size: 11776 File Visible: - Signed: -
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xBAFCC000 Size: 9856 File Visible: - Signed: -
Status: -

Name: PfModNT.sys
Image Path: C:\WINDOWS\System32\drivers\PfModNT.sys
Address: 0xB1AB2000 Size: 15776 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9366000 Size: 147456 File Visible: - Signed: -
Status: -

Name: portd2k.sys
Image Path: C:\WINDOWS\system32\DRIVERS\portd2k.sys
Address: 0xBAFC0000 Size: 14976 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB92FD000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7747000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7717000 Size: 20000 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF793F000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF76B7000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF76C7000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF76D7000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF774F000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB4E55000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79BF000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB92CD000 Size: 196224 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xB0F39000 Size: 139520 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF7697000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RMCast.sys
Image Path: C:\WINDOWS\System32\drivers\RMCast.sys
Address: 0xB189F000 Size: 203136 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB08D9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RT61.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys
Address: 0xB0D39000 Size: 356096 File Visible: - Signed: -
Status: -

Name: serscan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serscan.sys
Address: 0xF79AF000 Size: 6784 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7468000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB195D000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xBAE0D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79B1000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB1857000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB4FA9000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF773F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF779F000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF76F7000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xB176F000 Size: 97280 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB926F000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79B7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF77F7000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xB9872000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB965C000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF77EF000 Size: 20608 File Visible: - Signed: -
Status: -

Name: USR_BSC2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys
Address: 0xB95CC000 Size: 231168 File Visible: - Signed: -
Status: -

Name: USR_MDMV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys
Address: 0xB94AC000 Size: 1035008 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA141000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9680000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xB9842000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77A7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB16E2000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
SpyCatcher Express 5.1.2
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

DDS (Ver_09-10-26.01) - NTFSx86
Run by Marilyn at 14:57:50.15 on Wed 10/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.595 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Tenebril\SpyCatcher\ProtectorSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marilyn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ATI Scheduler] c:\program files\ati multimedia\main\ATISched.EXE
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\marilyn\startm~1\programs\startup\ami-up~1.lnk - c:\program files\alchemy mindworks\up2date\AMI-up2date.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mag ict~1.lnk - c:\program files\portrait displays\magictune\DTHtml.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spy cat~1.lnk - c:\program files\tenebril\spycatcher\SpyCatcher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150050385515
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.0036342593
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} - hxxp://www.umediaserver.net/bin/UMediaControl3.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/shpo/default/shapo.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup151.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marilyn\applic~1\mozilla\firefox\profi les\tq1njf2d.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-15 297752]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\drivers\cinemsup.sys [2006-6-11 6144]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [2003-1-29 14416]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-1-21 14976]
R2 Protector;Protector;c:\program files\tenebril\spycatcher\ProtectorSvc.exe [2008-7-8 3020608]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2005-12-28 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2005-12-28 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2005-12-28 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2005-12-28 38912]
S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2004-7-11 11008]
S3 DCamUSB20;USB 2.0 WebCam;c:\windows\system32\drivers\CsMini20.sys [2004-7-11 126037]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2005-12-28 13824]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-10-21 21:19:48 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-21 21:19:48 1409 ----a-w- c:\windows\QTFont.for
2009-10-21 17:25:50 0 d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2009-10-21 17:25:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Tenebril
2009-10-21 17:25:35 0 d-----w- c:\program files\Tenebril
2009-10-18 01:49:28 236544 ----a-w- c:\windows\PEV.exe
2009-09-30 19:30:46 0 d-----w- c:\docume~1\marilyn\applic~1\Trillian

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-15 18:04:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-07 00:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 20:23:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-08-18 01:52:46 4056576 ------w- c:\program files\pspx.msi
2005-08-18 01:52:44 1942 ------w- c:\program files\Setup.ini
2005-08-18 01:52:40 7032943 ------w- c:\program files\_NoVer~1.cab
2005-08-18 01:52:34 745272 ------w- c:\program files\_Yahoo~1.cab
2005-08-18 01:52:34 2674349 ------w- c:\program files\RCDLL_~1.cab
2005-08-18 01:52:34 1086668 ------w- c:\program files\ThumbS~1.cab
2005-08-18 01:52:34 1054 ------w- c:\program files\Retail.cab
2005-08-18 01:52:30 1900383 ------w- c:\program files\EXE_Pr~1.cab
2005-08-18 01:52:28 63803765 ------w- c:\program files\Conten~1.cab
2005-08-18 01:52:08 20557824 ------w- c:\program files\PaintS~1.cab
2005-08-18 01:51:56 1080225 ------w- c:\program files\_ISUS.cab
2005-08-18 01:51:54 6011 ------w- c:\program files\Update~1.cab
2005-07-14 05:27:56 2587408 ------w- c:\program files\msi31.exe
2005-07-14 05:25:26 1822520 ------w- c:\program files\instmsiw.exe
2005-07-14 05:25:16 1708856 ------w- c:\program files\instmsia.exe
2005-07-14 05:24:44 5515 ------w- c:\program files\0x0409.ini
2006-07-31 01:47:19 848 --sh--w- c:\windows\system32\KGyGaAvL.sys
2008-11-07 04:11:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110620081 107\index.dat

============= FINISH: 14:58:31.87 ===============

Malwarebytes' Anti-Malware 1.41
Database version: 3047
Windows 5.1.2600 Service Pack 3

10/28/2009 2:29:03 PM
mbam-log-2009-10-28 (14-29-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 268260
Time elapsed: 2 hour(s), 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5F991996-E8D2-4A4A-9D11-BA685C79CE0F}\RP90\A0009360.dll (Search.Hijacker) -> Quarantined and deleted successfully.
litobitblond is offline   Reply With Quote
Advertisement - Register to Remove

Old 3 Weeks Ago   #2
Mod Team Leader
 
smokeycheech's Avatar
 
Join Date: Dec 2005
Location: Skynet HQ (kinda near PCHF bunker)
Posts: 2,189
PC Experience: Learning more every day!
Default Re: Back again!! please check logs
Hello Litobitblond, welcome back to the forum!

One of our security team will be with you as soon as possible to go through the logs for you

Smokeycheech
__________________
If an elephant never forgets, how come they never win mastermind?
smokeycheech is online now   Reply With Quote
Old 3 Weeks Ago   #3
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862
PC Experience: Elite PC Guru
Default Re: Back again!! please check logs
I dont see any problems....

You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote
Old 3 Weeks Ago   #4
Silver Member
 
litobitblond's Avatar
 
Join Date: Sep 2008
Posts: 103
PC Experience: Experienced
Default Re: Back again!! please check logs
Here is the combo fix log since maleware bytes found that one hyjack problem wanted to make sure there wasn't anything left on my computer.

ComboFix 09-10-27.08 - Marilyn 10/28/2009 17:18.9.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.582 [GMT -5:00]
Running from: c:\documents and settings\Marilyn\Desktop\xxxFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PROTECTOR
-------\Service_Protector

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-21 17:25 . 2009-10-21 17:25 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2009-10-21 17:25 . 2009-10-21 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenebril
2009-10-21 17:25 . 2009-10-21 17:25 -------- d-----w- c:\program files\Tenebril
2009-10-16 22:50 . 2009-10-16 22:50 -------- d-----w- c:\documents and settings\Marilyn\Local Settings\Application Data\AIM
2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-30 19:30 . 2009-09-30 19:31 -------- d-----w- c:\documents and settings\Marilyn\Application Data\Trillian
2009-09-30 19:30 . 2009-10-28 22:25 -------- d-----w- c:\program files\Trillian
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-28 22:25 . 2004-04-26 02:03 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
2009-10-28 22:25 . 2004-04-26 02:03 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
2009-10-18 01:40 . 2004-04-11 21:46 -------- d-----w- c:\program files\Java
2009-10-11 15:37 . 2007-10-17 13:50 -------- d-----w- c:\program files\PhotoScape
2009-10-07 15:33 . 2007-01-31 15:38 -------- d-----w- c:\program files\Google
2009-09-16 19:21 . 2008-08-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 19:14 . 2009-09-16 17:20 -------- d-----w- c:\program files\Yahoo!
2009-09-16 17:20 . 2007-05-20 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2008-08-29 22:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-08-29 22:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 16:43 . 2009-09-05 16:30 -------- d-----w- c:\program files\softendo.com
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-04-11 07:14 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-15 18:04 . 2009-08-15 18:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 18:04 . 2009-08-15 18:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-15 18:04 . 2009-08-15 18:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 18:04 . 2009-08-15 18:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:24 . 2004-08-12 13:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-12 13:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-12 13:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-04-11 07:14 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-04-11 07:08 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-12 13:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-06-12 14:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-04-11 07:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-04-11 08:10 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2001-08-23 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 20:23 . 2008-11-22 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-08-18 01:52 . 2005-11-24 17:47 4056576 ------w- c:\program files\pspx.msi
2005-08-18 01:52 . 2005-11-24 17:47 1942 ------w- c:\program files\Setup.ini
2005-08-18 01:52 . 2005-11-24 17:47 7032943 ------w- c:\program files\_NoVer~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 745272 ------w- c:\program files\_Yahoo~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 2674349 ------w- c:\program files\RCDLL_~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 1086668 ------w- c:\program files\ThumbS~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 1054 ------w- c:\program files\Retail.cab
2005-08-18 01:52 . 2005-11-24 17:47 1900383 ------w- c:\program files\EXE_Pr~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 63803765 ------w- c:\program files\Conten~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 20557824 ------w- c:\program files\PaintS~1.cab
2005-08-18 01:51 . 2005-11-24 17:47 1080225 ------w- c:\program files\_ISUS.cab
2005-08-18 01:51 . 2005-11-24 17:47 6011 ------w- c:\program files\Update~1.cab
2005-07-14 05:27 . 2005-11-24 17:47 2587408 ------w- c:\program files\msi31.exe
2005-07-14 05:25 . 2005-11-24 17:47 1822520 ------w- c:\program files\instmsiw.exe
2005-07-14 05:25 . 2005-11-24 17:47 1708856 ------w- c:\program files\instmsia.exe
2005-07-14 05:24 . 2005-11-24 17:47 5515 ------w- c:\program files\0x0409.ini
2005-01-07 20:20 . 2005-01-07 20:20 278528 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 20:20 . 2005-01-07 20:20 143360 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
2006-07-31 01:47 . 2006-07-14 19:36 848 --sh--w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ATI Scheduler"="c:\program files\ATI Multimedia\main\ATISched.EXE" [2001-10-02 28672]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-09 28672]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-11 20992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Marilyn\Start Menu\Programs\Startup\
AMI-Up2Date.lnk - c:\program files\Alchemy Mindworks\Up2Date\AMI-up2date.exe [2004-4-25 290816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicTune.lnk - c:\program files\Portrait Displays\MagicTune\DTHtml.exe [2003-9-29 125952]
SpyCatcher.lnk - c:\program files\Tenebril\SpyCatcher\SpyCatcher.exe [2008-12-10 2370352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 18:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\system32\PCANotify.dll
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_06\bin\jusched.exe
"WatchDog"=c:\program files\mobile PhoneTools\WatchDog.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.ex e
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\VCOM\\Web Easy Pro\\WebEasy5.exe"=
"c:\\Program Files\\VectorWorks 10.1\\VectorWorks.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8419:TCP"= 8419:TCPca1
"7378:UDP"= 7378:UDPca2
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/15/2009 1:04 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/15/2009 1:04 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/15/2009 1:04 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/15/2009 1:04 PM 297752]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [1/29/2003 3:08 PM 14416]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [1/21/2006 8:54 PM 14976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [12/28/2005 8:54 AM 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [12/28/2005 8:55 AM 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [12/28/2005 8:54 AM 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [12/28/2005 8:54 AM 38912]
S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\drivers\csaud.sys [7/11/2004 9:55 AM 11008]
S3 DCamUSB20;USB 2.0 WebCam;c:\windows\system32\drivers\CsMini20.sys [7/11/2004 9:55 AM 126037]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [12/28/2005 8:55 AM 13824]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-24 c:\windows\Tasks\Backup M_s.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
2009-10-27 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-16 14:22]
2009-10-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-24 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} - hxxp://www.umediaserver.net/bin/UMediaControl3.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
FF - ProfilePath - c:\documents and settings\Marilyn\Application Data\Mozilla\Firefox\Profiles\tq1njf2d.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\documents and settings\Marilyn\Desktop\HijackThis.exe

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-28 17:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\msdtc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\xxxfix\CF15433.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\xxxfix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-28 17:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:34
Pre-Run: 34,199,998,464 bytes free
Post-Run: 34,102,706,176 bytes free
- - End Of File - - 0162EBE8E4A472746730F74793EDBD69
litobitblond is offline   Reply With Quote
Old 3 Weeks Ago   #5
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862
PC Experience: Elite PC Guru
Default Re: Back again!! please check logs
Thats all fine.No problems.All I suggest you do is remove Viewpoint.Its a resource hog.
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote
Old 3 Weeks Ago   #6
Silver Member
 
litobitblond's Avatar
 
Join Date: Sep 2008
Posts: 103
PC Experience: Experienced
Default Re: Back again!! please check logs
Pancake last time I was here..Crush helped me remove it. Are you still seeing it somewhere. Gosh I took off a long log full of viewpoint ****, where might I find somewhere else to take it off.

Thanks for your help!
litobitblond is offline   Reply With Quote
Old 3 Weeks Ago   #7
Senior Security Analyst
 
Pancake's Avatar
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,862
PC Experience: Elite PC Guru
Default Re: Back again!! please check logs
If you uninstalled it via Add Remove then thats fine and all thats left is just a reference line in the registry.Its not a problem.
__________________
  • An Australian Member of
  • and
My real name is Eddy
Pancake is offline   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
back, check, logs
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Fixed: Can someone check these logs darkeevee [Fixed] Hijackthis! Logs 14 04-07-2009 09:07 AM
Logs need check xanz [Fixed] Hijackthis! Logs 12 04-01-2009 11:39 AM
Fixed: Can someone check these logs for me? pootsey [Fixed] Hijackthis! Logs 6 03-22-2009 10:35 PM
Fixed: Can someone just check these logs please pc18 [Fixed] Hijackthis! Logs 13 07-27-2008 11:34 PM
[Fixed] can you check my logs genie3251 [Fixed] Hijackthis! Logs 6 10-14-2006 08:34 PM

« Google redirect virus help!! | HELP! 4 Viruses on Computer »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 08:50 PM.
Powered by vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2