Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:38, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Learn about Dell's laptops, desktops, monitors, printers plus PC electronics & accessories.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
Learn about Dell's laptops, desktops, monitors, printers plus PC electronics & accessories.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Program Files\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
--
End of file - 10293 bytes
-------------------------------------------------------------------------
Malwarebytes:
Malwarebytes' Anti-Malware 1.28
Database version: 1161
Windows 5.1.2600 Service Pack 2
9/16/2008 16:33:38
mbam-log-2008-09-16 (16-33-38).txt
Scan type: Quick Scan
Objects scanned: 80801
Time elapsed: 8 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 15
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\StartMenuAllU sers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Autorun\StartMenuCurr entUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Application Data\rhcjjoj0eg6e\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Temp\GLK69.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Pigy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pigy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------
Combofix:
ComboFix 08-09-15.02 - Kevin 2008-09-16 16:43:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2703 [GMT -4:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_PACKET
-------\Legacy_TDSSSERV
-------\Service_6to4
-------\Service_Packet
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-16 16:22 . 2008-09-16 16:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 16:22 . 2008-09-16 16:22 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2008-09-16 16:22 . 2008-09-16 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 16:22 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 16:22 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 23:33 . 2008-09-15 23:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-15 22:03 . 2008-09-16 04:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 22:01 . 2008-09-16 09:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-15 22:01 . 2008-09-15 22:01 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-15 22:01 . 2008-09-15 22:01 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 22:00 . 2008-09-15 22:00 <DIR> d-------- C:\Program Files\AVG
2008-09-15 21:31 . 2008-09-15 21:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-15 21:26 . 2001-08-28 13:00 499,200 --a------ C:\WINDOWS\system32\gpedit.dll
2008-09-15 21:26 . 2002-08-29 10:44 284,160 --a------ C:\WINDOWS\system32\appmgr.dll
2008-09-15 21:26 . 2002-08-29 10:44 185,856 --a------ C:\WINDOWS\system32\gptext.dll
2008-09-15 21:26 . 2002-08-29 10:44 165,376 --a------ C:\WINDOWS\system32\appmgmts.dll
2008-09-15 21:26 . 2001-08-28 13:00 119,296 --a------ C:\WINDOWS\system32\fde.dll
2008-09-15 21:26 . 2002-08-29 10:44 70,144 --a------ C:\WINDOWS\system32\fdeploy.dll
2008-09-15 21:26 . 2001-08-28 13:00 34,352 --a------ C:\WINDOWS\system32\gpedit.msc
2008-09-15 19:06 . 2008-09-15 19:06 <DIR> d-------- C:\Documents and Settings\Pigy\Application Data\Teleca
2008-09-15 19:00 . 2008-09-15 19:00 <DIR> d-------- C:\Documents and Settings\Pigy\Application Data\Sony Ericsson
2008-09-15 18:26 . 2008-09-15 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-15 16:36 . 2008-09-16 00:51 24 --a------ C:\Documents and Settings\Kevin\jagex_runescape_preferences.dat
2008-09-15 16:35 . 2008-09-15 16:35 <DIR> d-------- C:\Program Files\Sun
2008-09-15 16:34 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-15 16:27 . 2008-09-15 16:36 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-09-13 23:57 . 2008-09-13 23:57 0 --a------ C:\WINDOWS\mngui.INI
2008-09-13 23:53 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys
2008-09-13 23:51 . 2008-09-13 23:51 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Teleca
2008-09-13 23:50 . 2008-09-13 23:50 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Sony Ericsson
2008-09-13 23:48 . 2008-09-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-09-13 23:47 . 2008-09-13 23:47 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-09-13 23:47 . 2008-09-13 23:48 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-09-13 23:47 . 2008-09-13 23:48 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-09-13 23:47 . 2008-09-13 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-09-13 23:01 . 2008-09-13 23:01 <DIR> d-------- C:\Program Files\GoldWave
2008-09-12 18:03 . 2008-09-12 18:03 <DIR> d-------- C:\Documents and Settings\Pigy\Application Data\COWON
2008-08-24 15:08 . 2008-08-24 15:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-24 15:07 . 2008-08-24 15:11 <DIR> d-------- C:\Documents and Settings\Kevin\.housecall6.6
2008-08-24 09:23 . 2008-08-24 09:24 162,008 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-24 09:23 . 2008-08-24 09:24 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-08-24 09:23 . 2008-08-24 09:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-08-24 09:13 . 2008-09-15 17:24 <DIR> d-------- C:\Program Files\WarRock
2008-08-17 13:51 . 2008-08-17 13:51 <DIR> d-------- C:\WINDOWS\Logs
2008-08-17 13:20 . 2008-08-17 13:20 <DIR> d-------- C:\Program Files\Tom.Clancys.Rainbow.Six.Vegas.2.Full-Rip.Skullptura
2008-08-16 21:37 . 2008-08-16 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-16 20:37 --------- d-----w C:\Documents and Settings\Kevin\Application Data\U3
2008-09-16 11:36 --------- d-----w C:\Documents and Settings\Kevin\Application Data\LimeWire
2008-09-16 02:32 --------- d-----w C:\Program Files\Daemon
2008-09-15 22:30 --------- d-----w C:\Program Files\iTunes
2008-09-15 22:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 22:27 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Azureus
2008-09-15 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-15 20:34 --------- d-----w C:\Program Files\Java
2008-09-15 04:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-12 22:03 --------- d-----w C:\Documents and Settings\Pigy\Application Data\LimeWire
2008-09-12 18:03 --------- d-----w C:\Program Files\Azureus
2008-09-08 23:26 --------- d-----w C:\Documents and Settings\Alex\Application Data\LimeWire
2008-09-03 20:58 --------- d-----w C:\Program Files\Microsoft Games
2008-08-17 20:16 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-17 20:16 --------- d-----w C:\Documents and Settings\Kevin\Application Data\SystemRequirementsLab
2008-08-17 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-17 01:37 --------- d-----w C:\Program Files\AIM6
2008-08-17 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-14 22:16 --------- d-----w C:\Program Files\JetAudio
2008-08-11 21:33 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 22:43 --------- d-----w C:\Program Files\Vstplugins
2008-08-09 22:43 --------- d-----w C:\Program Files\Image-Line
2008-08-09 22:42 --------- d-----w C:\Program Files\Outsim
2008-08-08 22:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-08 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-07-21 23:55 --------- d-----w C:\Program Files\Audacity
2008-07-17 18:59 --------- d-----w C:\Documents and Settings\Pigy\Application Data\Nexon
2008-03-08 23:17 22,328 ----a-w C:\Documents and Settings\Kevin\Application Data\PnkBstrK.sys
2006-07-05 09:33 472,000 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2006-04-25 21:30 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2006-04-25 21:30 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 50472]
"Google Update"="C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-28 8429568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [2008-01-31 385024]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2005-09-26 169984]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-15 1235736]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\Alex\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-30 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\Pigy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 1503232]
SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2003-02-03 1568768]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-03-07 745472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\JetAudio\\JetAudio.exe"=
"C:\\Program Files\\Altap Salamander 2.5\\SALAMAND.exe"=
"C:\\Program Files\\Daemon\\daemon.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\WinRAR\\WinRAR.exe"=
"C:\\Program Files\\Sony\\Vegas Pro 8.0\\vegas80.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R1 DLARTL_M
LARTL_M;C:\WINDOWS\system32\Drivers\DLAR TL_M.SYS [2006-08-11 28184]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 datunidr
ellAutomatedPCTuneUp UniDriver;C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.s ys [1999-08-30 9152]
S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 FKLanse;FKLanse;C:\DOCUME~1\Kevin\LOCALS~1\Temp\Ra r$EX17.094\GMS_V53_VIP\GMS_V53_VIP\ms.dat [ ]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2003-10-07 344448]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS
PC Help Forum
» Hardware
» Peripherals
»
Antivirus XP 2008/Google Redirecting/Slow Computer
Antivirus XP 2008/Google Redirecting/Slow Computer
