Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Asfwhide .. [SOLVED]


Jamie67

Recommended Posts

I found this when I was messing around with comodo .. did a Google search and it stated that this had the potential to be a back door Trojan .. I have no idea what this is .. Does anyone on the forum have any info on this .. I have no clue how it got there .. thanks for you're time on this ..

Link to comment
Share on other sites

That's impossible to tell without knowing the file path and possibly the file size. Jamie67 didn't even give a file extension! Is it a .sys, .exe, .dll or what? Is it in System32 or a temp location? Too many unknowns to make a certain analysis.

 

Besides, security software routinely report other security software as a threat. It happens daily.

 

"F:\DOCUME~1\Gallusik\USTAWI~1\Temp\ASFWHide" file.

 

Log of VirusTotal:

AhnLab-V3 2007.5.4.0 05.03.2007 no virus found

AntiVir 7.4.0.15 05.03.2007 no virus found

Authentium 4.93.8 05.03.2007 no virus found

Avast 4.7.997.0 05.03.2007 Win32:Trojan-gen. {Other}

AVG 7.5.0.467 05.03.2007 no virus found

BitDefender 7.2 05.03.2007 no virus found

CAT-QuickHeal 9.00 05.03.2007 no virus found

ClamAV devel-20070416 05.03.2007 no virus found

DrWeb 4.33 05.03.2007 no virus found

eSafe 7.0.15.0 05.03.2007 no virus found

eTrust-Vet 30.7.3612 05.03.2007 no virus found

Ewido 4.0 05.03.2007 no virus found

FileAdvisor 1 05.03.2007 no virus found

Fortinet 2.85.0.0 05.03.2007 RKProc!tr

F-Prot 4.3.2.48 05.03.2007 no virus found

F-Secure 6.70.13030.0 05.03.2007 no virus found

Ikarus T3.1.1.7 05.03.2007 no virus found

Kaspersky 4.0.2.24 05.03.2007 no virus found

McAfee 5023 05.03.2007 New Malware.z

Microsoft 1.2503 05.03.2007 no virus found

NOD32v2 2238 05.03.2007 no virus found

Norman 5.80.02 05.03.2007 no virus found

Panda 9.0.0.4 05.03.2007 no virus found

 

3 out of 23 would make me believe its a false positive. But this is not the same computer so we can't know for sure.

Link to comment
Share on other sites

More info ..

 

I apologize for the lack of info on this .. I was trying to load a screen shot for you but didn't know how to post it ..

 

Name .. ASFW HIDE ..

Path .. \??\C:\Docume~1\Temp\ASFWHIDE

Driver start .. Demand

Status .. Driver is stopped

Version .. N/A

Company .. N/A

Signed .. Unknown

 

I could not find a file size on this .. sorry for the lack of experience .. I should have known better then to just leave you hanging like that .. Thanks in advance .. :| ..

Link to comment
Share on other sites

Also do this please.

 

Please download SystemLook from one of the below links and save it to your desktop.

 

Link #1

Link #2

 

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

* Double-click SystemLook.exe to run it.

* Copy the contents of the following codebox into the main textfield.

 

:filefind 
*ASFWHIDE* 

 

* Click the Look button to start the scan.

* Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

* When finished, a notepad window will open with the results of the scan. Please post the log.

 

The log can also be found on your desktop entitled SystemLook.txt

Link to comment
Share on other sites

Done ..

 

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 12:42 on 04/03/2010 by Owner (Administrator - Elevation successful)

 

========== filefind ==========

 

Searching for "*ASFWHIDE*"

No files found.

 

-=End Of File=-

 

This is what was brought up ..

Link to comment
Share on other sites

Can you post these 2 DDS logs please.

 

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

Link to comment
Share on other sites

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 13:16:09.93 on Thu 03/04/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.445 [GMT -8:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uSearch Bar = hxxp://www.yahoo.com/search/ie.html

mDefault_Page_URL = hxxp://www.yahoo.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

{0f0b5025-2af8-4709-a5b0-c6b3f1a96851}

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

{97000d46-a412-4797-b2c2-0f806439a16d}

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RemoteControl] c:\program files\cyberlink\powerdvd\PDVDServ.exe

uRun: [LanguageShortcut] c:\program files\cyberlink\powerdvd\language\Language.exe

mRun: [CHotkey] zHotkey.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [showWnd] ShowWnd.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226908459593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: iifdeFUN - iifdeFUN.dll

AppInit_DLLs: EXYGOF.DLL c:\windows\system32\cssdll32.dll c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\efcBuvWP

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 http://www.spywareinfo.com

Link to comment
Share on other sites

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\7v5j4zc3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7v5j4zc3.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-28 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-28 28424]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-28 360584]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-26 906520]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-26 285392]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-24 54752]

S0 CFRMD;CFRMD;c:\windows\system32\drivers\cfrmd.sys --> c:\windows\system32\drivers\CFRMD.sys [?]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-3 311568]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-6-30 69692]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-31 30192]

S3 LQPHY;LQPHY;c:\docume~1\owner\locals~1\temp\lqphy.exe --> c:\docume~1\owner\locals~1\temp\LQPHY.exe [?]

 

=============== Created Last 30 ================

 

2010-03-03 17:56:26 0 d-----w- c:\docume~1\owner\applic~1\FastStone

2010-03-03 17:56:17 0 d-----w- c:\program files\FastStone Capture

2010-03-01 17:09:29 0 d-----w- c:\docume~1\owner\applic~1\ComodoGroup

2010-03-01 17:01:55 0 d-----w- c:\documents and settings\owner\Application DataComodoGroup

2010-03-01 17:00:55 0 d-----w- c:\program files\COMODO

2010-03-01 03:45:44 0 d-----w- C:\Downloads

2010-03-01 03:45:43 0 d-----w- c:\docume~1\owner\applic~1\BitComet

2010-02-24 03:48:28 0 d-----w- c:\docume~1\owner\applic~1\Auslogics

2010-02-24 03:48:19 0 d-----w- c:\program files\Auslogics

2010-02-18 19:13:48 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-02-16 05:27:26 0 d-----w- c:\docume~1\owner\applic~1\AVG9

2010-02-09 16:13:00 0 d-----w- c:\program files\Spybot - Search & Destroy

 

==================== Find3M ====================

 

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 10:00:24 268288 ----a-w- c:\windows\system32\iertutil(2).dll

2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-18 01:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-04-22 19:23:21 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-04-01 02:52:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2008-09-22 23:09:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat

2008-09-22 23:09:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

 

============= FINISH: 13:16:43.42 ===============

Link to comment
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-12-01.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/18/2008 12:57:15 PM

System Uptime: 3/4/2010 8:18:11 AM (5 hours ago)

 

Motherboard: ELITEGROUP | | 945GCT-M3

Processor: Intel Celeron processor | Socket 775 | 1999/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 144 GiB total, 126.079 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 2.584 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP60: 12/5/2009 12:24:37 PM - System Checkpoint

RP61: 12/7/2009 5:23:25 AM - System Checkpoint

RP62: 12/8/2009 6:25:05 AM - System Checkpoint

RP63: 12/9/2009 8:40:37 AM - System Checkpoint

RP64: 12/9/2009 4:31:58 PM - Software Distribution Service 3.0

RP65: 12/11/2009 7:33:25 AM - System Checkpoint

RP66: 12/11/2009 3:09:07 PM - Avg8 Update

RP67: 12/11/2009 3:09:27 PM - Avg8 Update

RP68: 12/13/2009 6:45:15 AM - System Checkpoint

RP69: 12/13/2009 8:58:50 AM - Software Distribution Service 3.0

RP70: 12/16/2009 7:39:39 AM - System Checkpoint

RP71: 12/17/2009 3:46:58 PM - System Checkpoint

RP72: 12/18/2009 8:57:23 AM - Avg8 Update

RP73: 12/19/2009 9:04:18 AM - System Checkpoint

RP74: 12/20/2009 9:11:44 AM - System Checkpoint

RP75: 12/21/2009 9:50:50 AM - System Checkpoint

RP76: 12/22/2009 9:01:23 AM - Avg8 Update

RP77: 12/23/2009 10:00:12 AM - System Checkpoint

RP78: 12/24/2009 6:26:36 PM - System Checkpoint

RP79: 12/25/2009 6:41:36 PM - System Checkpoint

RP80: 12/26/2009 6:29:50 PM - Installed QuickTime

RP81: 12/26/2009 6:33:08 PM - Removed QuickTime

RP82: 12/26/2009 7:37:14 PM - Removed Apple Software Update

RP83: 12/26/2009 7:38:40 PM - Removed Apple Application Support

RP84: 12/28/2009 6:49:44 AM - System Checkpoint

RP85: 12/29/2009 11:34:23 AM - System Checkpoint

RP86: 12/30/2009 12:13:41 PM - System Checkpoint

RP87: 1/1/2010 10:28:19 AM - System Checkpoint

RP88: 1/4/2010 9:31:38 AM - System Checkpoint

RP89: 1/5/2010 5:22:31 PM - System Checkpoint

RP90: 1/6/2010 7:41:54 PM - System Checkpoint

RP91: 1/7/2010 12:47:38 PM - Avg8 Update

RP92: 1/8/2010 4:18:16 PM - System Checkpoint

RP93: 1/9/2010 5:51:13 PM - System Checkpoint

RP94: 1/11/2010 8:11:03 AM - System Checkpoint

RP95: 1/12/2010 1:15:58 PM - System Checkpoint

RP96: 1/13/2010 7:50:08 AM - Software Distribution Service 3.0

RP97: 1/15/2010 11:27:54 AM - System Checkpoint

RP98: 1/17/2010 1:50:53 PM - Removed Music Oasis

RP99: 1/18/2010 10:43:24 AM - Avg8 Update

RP100: 1/19/2010 11:50:55 AM - System Checkpoint

RP101: 1/20/2010 6:41:30 AM - Software Distribution Service 3.0

RP102: 1/20/2010 4:55:45 PM - Installed Java 6 Update 18

RP103: 1/22/2010 8:32:40 AM - Software Distribution Service 3.0

RP104: 1/23/2010 2:58:35 PM - Restore Operation

RP105: 1/23/2010 3:05:12 PM - Software Distribution Service 3.0

RP106: 1/25/2010 9:19:06 AM - System Checkpoint

RP107: 1/26/2010 1:21:59 PM - System Checkpoint

RP108: 1/27/2010 7:05:04 AM - Avg8 Update

RP109: 1/28/2010 8:17:34 AM - System Checkpoint

RP110: 1/29/2010 9:49:59 PM - System Checkpoint

RP111: 1/31/2010 11:33:06 AM - System Checkpoint

RP112: 2/1/2010 2:57:32 PM - System Checkpoint

RP113: 2/5/2010 10:15:23 AM - System Checkpoint

RP114: 2/7/2010 11:28:10 AM - System Checkpoint

RP115: 2/9/2010 7:30:49 PM - System Checkpoint

RP116: 2/10/2010 8:50:53 AM - Software Distribution Service 3.0

RP117: 2/11/2010 3:57:33 PM - System Checkpoint

RP118: 2/15/2010 9:46:59 PM - System Checkpoint

RP119: 2/17/2010 10:28:20 AM - System Checkpoint

RP120: 2/18/2010 11:30:49 AM - Removed SUPERAntiSpyware Free Edition

RP121: 2/20/2010 4:25:42 PM - System Checkpoint

RP122: 2/21/2010 5:20:35 PM - System Checkpoint

RP123: 2/23/2010 9:05:15 AM - System Checkpoint

RP124: 2/24/2010 7:15:13 AM - Software Distribution Service 3.0

RP125: 2/25/2010 8:43:05 AM - System Checkpoint

RP126: 2/26/2010 8:33:03 PM - System Checkpoint

RP127: 2/28/2010 3:55:20 PM - System Checkpoint

RP128: 3/1/2010 9:00:54 AM - Installed COMODO System - Cleaner

RP129: 3/2/2010 10:18:42 AM - System Checkpoint

RP130: 3/4/2010 9:22:57 AM - System Checkpoint

 

==== Installed Programs ======================

 

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.1

Advanced SystemCare 3

Agere Systems PCI-SV92PP Soft Modem

Auslogics Disk Defrag

AVG Free 9.0

COMODO System - Cleaner

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Desktop Netstat 1.3a

DVD Suite

eMachines Connect

EVEREST Home Edition v2.20

Evidence Eliminator

FastStone Capture 5.3

Google Desktop

Google Updater

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel® Graphics Media Accelerator Driver

IObit Security 360

Java Auto Updater

Java 6 Update 18

Junk Mail filter update

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

Move Networks Media Player for Internet Explorer

Mozilla Firefox (3.6)

MSN

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MySpaceIM

Power2Go 5.0

PowerDesk 5.0

PowerDVD

PS2 Multimedia Keyboard Driver

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Recovery Software Suite eMachines

Revo Uninstaller 1.85

Link to comment
Share on other sites

Thank you.

 

 

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

 

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

 

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

 

Exit out of MessengerDisable then delete the two files that were put on the desktop.

 

----------

 

Download HostsXpert and then follow the below steps.

 

* Unzip HostXpert to your desktop.

* Open up the HostsXpert program.

* (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)

* Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).

* Click Create Back Up.

* Then click on Restore Microsoft's Host Files.

* Close the HostsXpert program.

 

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

 

----------

 

If you already have ComboFix be sure to delete it and download a new copy.

 

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

 

Link #1

Link #2

 

**Note: It is important that it is saved directly to your Desktop

 

DO NOT run it yet!

 

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

 

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Delete these files/folders, as follows:

 

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.

It must be Notepad, not Wordpad.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

 

KillAll::

Driver::
LQPHY
ASFWHIDE

File::
C:\Docume~1\Temp\ASFWHIDE

DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
{0f0b5025-2af8-4709-a5b0-c6b3f1a96851}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [Alcmtr] ALCMTR.EXE
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

 

3. Go to the Notepad window and click Edit > Paste

4. Then click File > Save

5. Name the file CFScript.txt - Save the file to your Desktop

6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

 

http://img249.imageshack.us/img249/1218/cfscript1.gif

 

ComboFix will begin to execute, just follow the prompts.

After reboot (in case it asks to reboot), it will produce a log for you.

Post that log (Combofix.txt) in your next reply.

 

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Link to comment
Share on other sites

Thank you Evil fantasy .. I have never done anything like this before so I think its safe to say I'm going to need some time with this .. I will post back when completed .. again .. I em a novice user so please be patient with me .. thank you again ..

Link to comment
Share on other sites

No problem. Just read the instructions closely. It's all explained step by step.

 

I can make it easier for you with the ComboFix instructions if you would rather do it that way.

 

 

Download the below attached CFScript.txt and save it to your desktop (click on the Attached File underneath this post)

 

* If you are using Internet Explorer when the "File download" pop up comes click Save and choose desktop in the list of selections in that window and then click Save.

* If you are using Firefox choose Save to disk then click OK and choose desktop in the list of selections in that window and then click Save.

 

Close all open Web Browsers!

 

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

 

http://img249.imageshack.us/img249/1218/cfscript1.gif

 

This will start ComboFix. ComboFix may ask to reboot the computer when it is finished, please allow it to do so.

 

A new log will be created, post the contents of Combofix.txt in your next reply.

 

Note: these instructions and script were created specifically for this user. If you are not this user do NOT follow these instructions or use this script as it could damage the workings of your system.

CFscript.txt

Link to comment
Share on other sites

From ComboFix?

 

Restart the computer and try running it normally without the CFscript.

 

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click combofix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

When finished ComboFix will produce a log for you.

Post the ComboFix log in your next reply.

 

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

ComboFix 10-03-04.01 - Owner 03/04/2010 16:16:15.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.522 [GMT -8:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_WYEKE_SERVICE

-------\Legacy_ASFWHIDE

-------\Legacy_LQPHY

-------\Service_ASFWHide

-------\Service_LQPHY

 

 

((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))

.

 

2010-03-03 17:56 . 2010-03-03 17:56 -------- d-----w- c:\documents and settings\Owner\Application Data\FastStone

2010-03-03 17:56 . 2010-03-03 17:56 -------- d-----w- c:\program files\FastStone Capture

2010-03-01 17:09 . 2010-03-01 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\ComodoGroup

2010-03-01 17:01 . 2010-03-01 17:01 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup

2010-03-01 17:00 . 2010-03-01 17:00 -------- d-----w- c:\program files\COMODO

2010-03-01 03:45 . 2010-03-01 03:45 -------- d-----w- C:\Downloads

2010-03-01 03:45 . 2010-03-01 03:51 -------- d-----w- c:\documents and settings\Owner\Application Data\BitComet

2010-02-24 03:48 . 2010-02-24 03:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics

2010-02-24 03:48 . 2010-02-24 03:48 -------- d-----w- c:\program files\Auslogics

2010-02-18 19:13 . 2010-02-22 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-02-16 05:27 . 2010-02-16 05:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG9

2010-02-09 16:13 . 2010-02-09 16:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-04 17:01 . 2009-12-08 18:25 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat

2010-03-04 05:12 . 2009-06-17 08:15 -------- d-----w- c:\program files\IObit

2010-03-02 15:50 . 2008-04-01 02:13 -------- d-----w- c:\program files\Windows Media Connect 2

2010-03-02 15:50 . 2008-04-01 02:12 -------- d-----w- c:\program files\Microsoft Works

2010-03-02 15:50 . 2008-04-01 02:12 -------- d-----w- c:\program files\eBay

2010-03-02 15:50 . 2008-04-01 02:11 -------- d-----w- c:\program files\AOL 9.0

2010-02-18 19:31 . 2009-03-16 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2010-02-09 16:56 . 2009-12-16 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-06 16:37 . 2008-09-20 18:22 -------- d-----w- c:\program files\Yahoo!

2010-02-06 08:11 . 2008-09-20 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-02-02 19:08 . 2009-05-20 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-01-29 18:30 . 2010-01-29 18:30 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29cf2d78-n\msvcp71.dll

2010-01-29 18:30 . 2010-01-29 18:30 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29cf2d78-n\jmc.dll

2010-01-29 18:30 . 2010-01-29 18:30 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-29cf2d78-n\msvcr71.dll

2010-01-29 18:30 . 2010-01-29 18:30 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407d1e67-n\decora-sse.dll

2010-01-29 18:30 . 2010-01-29 18:30 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407d1e67-n\decora-d3d.dll

2010-01-24 00:55 . 2009-03-27 22:20 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-21 00:56 . 2010-01-21 00:56 -------- d-----w- c:\program files\Common Files\Java

2010-01-21 00:56 . 2010-01-21 00:56 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2a248951-n\msvcr71.dll

2010-01-21 00:56 . 2010-01-21 00:56 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2a248951-n\msvcp71.dll

2010-01-21 00:56 . 2010-01-21 00:56 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2a248951-n\decora-sse.dll

2010-01-21 00:56 . 2010-01-21 00:56 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2a248951-n\jmc.dll

2010-01-21 00:56 . 2010-01-21 00:56 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2a248951-n\decora-d3d.dll

2010-01-21 00:56 . 2010-01-21 00:56 315392 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79de572f-n\jogl.dll

2010-01-21 00:56 . 2010-01-21 00:56 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79de572f-n\jogl_awt.dll

2010-01-21 00:56 . 2010-01-21 00:56 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-39bff39a-n\gluegen-rt.dll

2010-01-21 00:56 . 2010-01-21 00:56 114688 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79de572f-n\jogl_cg.dll

2010-01-21 00:56 . 2008-04-01 02:18 -------- d-----w- c:\program files\Java

2010-01-20 22:04 . 2009-01-19 19:12 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-17 21:31 . 2010-01-17 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-01-17 21:25 . 2008-04-01 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-01-17 21:25 . 2010-01-17 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-01-08 18:53 . 2009-11-08 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-08 18:53 . 2009-12-04 23:08 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-08 00:07 . 2009-11-08 04:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-11-08 04:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-05 10:00 . 2006-05-07 01:24 832512 ------w- c:\windows\system32\wininet.dll

2010-01-05 10:00 . 2006-10-17 19:57 268288 ----a-w- c:\windows\system32\iertutil(2).dll

2010-01-05 10:00 . 2009-03-20 04:22 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 10:00 . 2006-05-07 01:24 17408 ----a-w- c:\windows\system32\corpol.dll

2010-01-04 18:53 . 2008-09-18 19:57 52872 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-31 16:50 . 2006-05-07 01:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-18 01:14 . 2009-02-17 06:33 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-16 18:43 . 2006-05-07 01:35 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2006-05-07 01:24 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2006-05-07 01:24 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2004-08-04 06:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-19 19:07 . 2009-12-19 19:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

Link to comment
Share on other sites

((((((((((((((((((((((((((((( SnapShot@2010-03-04_23.21.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-05 00:14 . 2010-03-05 00:14 16384 c:\windows\temp\Perflib_Perfdata_414.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CHotkey"="zHotkey.exe" [2006-11-07 547840]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2009-06-11 212992]

"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-26 08:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdeFUN]

iifdeFUN.dll [bU]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18260:TCP"= 18260:TCP:BitComet 18260 TCP

"18260:UDP"= 18260:UDP:BitComet 18260 UDP

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/28/2009 6:22 PM 333192]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/28/2009 6:22 PM 360584]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/26/2009 12:14 AM 906520]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/26/2009 12:14 AM 285392]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/24/2009 9:35 AM 54752]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/3/2010 9:12 PM 311568]

S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 9:44 PM 69692]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/31/2008 6:18 PM 30192]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2010-01-05 10:00 124928 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2010-03-04 c:\windows\Tasks\COMODO System Cleaner Update.job

- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-27 00:28]

 

2010-03-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-20 19:08]

 

2010-03-03 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]

 

2010-02-20 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

 

2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{3E0761C5-F3C6-4D8B-A168-78A0B7BF22CA}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 19:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7v5j4zc3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7v5j4zc3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...