WIN32/Heur problem in XP Home - Page 3 - Tech-101 Free Computer Support

kritius · #21 (**permalink**) 01-13-2010, 04:24 AM

Check if ComboFix log is located at c:\ComboFix.txt, if not look in C:\qoobox and select the most recent log.

mat68046 · #22 (**permalink**) 01-13-2010, 08:06 AM

Thank you...found it on root...

ComboFix 10-01-12.02 - Mark 01/12/2010 18:23:11.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.732 [GMT -5:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100112-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\drivers\avgfwdx.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\avgfwdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Service_Apple Mobile Device
-------\Service_Avgfwfd
-------\Service_Avgfwdx

((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 20:58 . 2010-01-11 20:58 8 --sh--r- c:\windows\system32\CE7E4175C3.sys
2010-01-10 23:21 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-10 23:21 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-10 23:21 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-10 23:21 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-10 23:21 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-10 23:21 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-10 23:21 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-10 23:21 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-10 23:20 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-10 23:20 . 2010-01-10 23:20 -------- d-----w- c:\program files\Alwil Software
2010-01-10 17:04 . 2010-01-10 17:04 -------- d-----w- c:\windows\system32\AGEIA
2010-01-10 17:04 . 2010-01-10 17:05 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-09 16:54 . 2010-01-09 16:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 16:42 . 2008-05-30 19:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-01-09 16:42 . 2008-05-30 19:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-01-09 16:42 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-01-09 16:42 . 2008-05-30 19:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-01-09 16:42 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-01-09 16:42 . 2008-05-30 19:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-01-09 16:42 . 2008-05-30 19:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-01-09 16:42 . 2008-03-05 21:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-01-09 16:42 . 2008-03-05 21:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-01-09 16:42 . 2008-03-05 21:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-01-09 16:40 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-09 16:38 . 2010-01-09 16:40 -------- d-----w- c:\windows\Logs
2010-01-09 16:32 . 2010-01-10 17:10 -------- d-----w- c:\program files\Crane Simulator 2009
2010-01-09 16:17 . 2010-01-09 16:33 -------- d-----w- c:\documents and settings\Mark\Application Data\ImgBurn
2010-01-09 16:11 . 2010-01-09 16:11 -------- d-----w- c:\program files\ImgBurn
2010-01-09 01:57 . 2010-01-09 01:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Conduit
2010-01-09 01:57 . 2010-01-09 01:57 -------- d-----w- c:\program files\Conduit
2010-01-09 01:56 . 2010-01-09 04:25 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\PcWinTech
2010-01-09 01:56 . 2010-01-11 22:13 -------- d-----w- c:\program files\PcWinTech
2010-01-09 01:56 . 2010-01-09 01:56 -------- d-----w- C:\Documents
2010-01-09 01:56 . 2009-06-10 22:22 32768 ----a-w- c:\windows\system32\CleanMem.exe
2010-01-09 01:56 . 2008-09-19 16:37 121856 ----a-w- c:\windows\system32\schtasks.exe
2010-01-09 01:56 . 2010-01-09 02:35 -------- d-----w- c:\windows\CleanMem
2010-01-09 01:56 . 2010-01-09 02:35 -------- d-----w- c:\program files\CleanMem
2010-01-08 22:45 . 2010-01-08 22:45 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\IsolatedStorage
2010-01-08 16:03 . 2010-01-08 21:19 88 --sh--r- c:\windows\system32\77C6EFDC64.sys
2010-01-08 16:03 . 2010-01-11 21:01 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-08 16:03 . 2010-01-08 16:03 -------- d-----w- c:\documents and settings\Mark\Application Data\IsolatedStorage
2010-01-08 15:59 . 2003-08-28 21:08 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-08 15:59 . 2003-08-28 21:06 94208 ----a-w- c:\windows\system32\msvci70d.dll
2010-01-08 15:43 . 2010-01-08 15:43 -------- d-----w- c:\documents and settings\Mark\Application Data\ACT
2010-01-08 15:43 . 2010-01-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-01-08 15:42 . 2010-01-08 15:48 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-08 15:42 . 2010-01-08 15:42 -------- d-----w- c:\program files\ACT
2010-01-07 19:22 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-07 19:22 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-07 03:59 . 2010-01-07 03:59 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59 . 2010-01-07 03:59 -------- d-----w- c:\documents and settings\Mark\Citrix
2010-01-06 14:34 . 2010-01-06 14:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 13:28 . 2010-01-06 13:28 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:56 . 2010-01-05 15:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-01-05 15:40 . 2010-01-05 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-01-05 15:28 . 2010-01-05 15:57 -------- d-----w- C:\$AVG
2010-01-05 15:25 . 2010-01-05 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25 . 2010-01-05 15:25 -------- d-----w- c:\program files\AVG
2010-01-05 15:25 . 2010-01-11 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-05 06:03 . 2010-01-05 06:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 04:23 . 2010-01-05 23:37 -------- d-----w- c:\documents and settings\Mark\Application Data\Stamps.com Internet Postage
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:57 . 2010-01-05 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:56 . 2010-01-07 15:42 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56 . 2010-01-05 06:23 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-01-05 03:52 . 2010-01-05 03:52 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Seven Zip
2010-01-03 23:44 . 2010-01-06 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:24 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03 . 2003-04-14 03:25 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\Nokia
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\PC Suite
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 01:41 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41 . 2009-10-06 16:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-29 01:41 . 2009-10-06 16:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-29 01:41 . 2009-10-06 16:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-29 01:41 . 2009-10-06 16:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-29 01:41 . 2009-10-06 16:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-29 01:41 . 2009-10-06 16:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-29 01:41 . 2009-10-06 16:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Nokia
2009-12-29 01:40 . 2009-12-29 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-28 05:58 . 2009-12-28 05:58 -------- d-----w- c:\program files\HDD Health
2009-12-25 01:01 . 2009-12-25 01:02 -------- d-----w- C:\VProRecovery
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec_Corporation
2009-12-25 00:31 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47 . 2009-12-24 21:59 -------- d-----w- c:\windows\system32\NtmsData
2009-12-14 15:34 . 2009-12-14 15:34 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\HP
2009-12-14 15:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-12 23:18 . 2009-12-10 15:12 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2010-01-11 22:13 . 2008-02-07 04:22 -------- d-----w- c:\program files\Speeditup Free
2010-01-11 16:05 . 2008-02-05 03:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-10 22:46 . 2009-06-28 22:54 -------- d-----w- c:\documents and settings\Mark\Application Data\uTorrent
2010-01-10 17:36 . 2009-02-22 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 16:02 . 2008-01-25 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 15:48 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft.NET
2010-01-08 06:09 . 2009-07-06 23:45 256 ----a-w- c:\documents and settings\Mark\pool.bin
2010-01-08 02:55 . 2009-06-13 01:04 256 ----a-w- c:\windows\system32\pool.bin
2010-01-07 22:45 . 2009-11-02 03:12 -------- d-----w- c:\program files\TetherBerry
2010-01-07 21:07 . 2009-02-22 07:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-02-22 07:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 19:22 . 2010-01-07 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2010-01-07 04:48 . 2008-01-25 04:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 14:43 . 2008-01-25 03:24 -------- d-----w- c:\program files\Java
2010-01-06 14:27 . 2010-01-06 14:27 79488 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 01:41 . 2008-01-25 03:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 00:59 . 2004-08-04 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-05 17:11 . 2008-02-02 01:56 123344 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 15:43 . 2008-01-25 03:40 -------- d-----w- c:\program files\HP
2010-01-05 06:22 . 2010-01-05 03:58 2520483 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2513557 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2512898 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
2010-01-04 15:46 . 2009-11-09 00:33 -------- d-----w- c:\documents and settings\Mark\Application Data\LimeWire
2009-12-31 23:25 . 2009-10-05 23:54 -------- d-----w- c:\documents and settings\Mark\Application Data\HpUpdate
2009-12-29 01:42 . 2009-09-05 00:02 -------- d-----w- c:\program files\DIFX
2009-12-29 01:40 . 2009-12-29 01:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpc si.exe
2009-12-29 01:40 . 2009-12-29 01:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst CCD.exe
2009-12-29 01:40 . 2009-12-29 01:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-12-29 01:40 . 2009-12-29 01:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCS.exe
2009-12-28 02:44 . 2009-12-29 01:40 34440160 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us_web.e xe
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:57 5121427 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\stamps.exe
2009-12-17 21:26 . 2010-01-05 03:57 321108 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\mia.dll
2009-12-15 21:40 . 2009-11-14 00:15 -------- d-----w- c:\documents and settings\Mark\Application Data\Apple Computer
2009-12-14 15:34 . 2008-02-02 01:55 -------- d-----w- c:\documents and settings\Mark\Application Data\HP
2009-12-10 23:59 . 2009-12-10 23:59 -------- d-----w- c:\program files\Common Files\L&H
2009-12-10 23:58 . 2009-12-10 23:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-10 23:56 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft Office2003
2009-12-10 23:55 . 2009-12-10 23:55 -------- d-----w- c:\program files\Microsoft Works
2009-12-10 15:07 . 2008-01-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-10 14:55 . 2009-12-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-30 13:50 . 2008-02-03 11:32 79379 ----a-w- c:\windows\hpfins05.dat
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 18:59 . 2009-11-14 00:14 -------- d-----w- c:\program files\iTunes
2009-11-14 00:15 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 00:14 . 2009-11-09 00:11 -------- d-----w- c:\program files\iPod
2009-11-14 00:14 . 2009-11-14 00:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\program files\QuickTime
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 00:12 . 2009-11-14 00:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 00:11 . 2009-11-14 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-09 00:28 . 2009-11-09 00:28 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-11-03 02:34 . 2009-11-03 02:34 26694 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{79CA0DF6-8860-4680-BDFF-D3E34BAA9244}\BlackBerry.exe
2009-11-01 18:47 . 2009-11-01 18:47 53248 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HostManager"="c:\program files\Common Files\AOL\1204169715\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-03-28 16:38 1015808 ------w- c:\program files\ACT\Act for Windows\ActSage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-03-28 16:43 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 15:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-06-02 21:18 143360 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 15:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 16:39 94208 ------w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-01 23:41 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-09-08 00:41 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 19:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 19:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SymSnapService"=3 (0x3)
"NitroDriverReadSpool"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"GenericMount Helper Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"astcc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TetherBerry"=2 (0x2)
"SQLWriter"=3 (0x3)
"SQLBrowser"=2 (0x2)
"MSSQL$ACT7"=2 (0x2)
"AVGIDSAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204169715\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [6/27/2008 2:05 PM 19478]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/10/2010 6:21 PM 114768]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [6/27/2008 2:05 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [6/27/2008 2:05 PM 431236]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [1/10/2010 6:21 PM 20560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [1/24/2008 10:12 PM 200192]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [12/31/2009 7:03 PM 151808]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [6/27/2008 2:05 PM 64093]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [11/1/2009 10:12 PM 45608]
S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [6/28/2006 8:48 PM 28952920]
S4 TetherBerry;TetherBerry;c:\program files\TetherBerry\TBService.exe [11/1/2009 10:12 PM 49056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-12 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-01-09 22:22]

2010-01-11 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-05-25 21:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myfairpoint.net
TCP: {B137C99D-5365-4A2C-A95F-D1A48982983B} = 208.67.222.222,208.67.220.220
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 18:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(392)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
.
************************************************** ************************
.
Completion time: 2010-01-12 18:42:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-12 23:42
ComboFix2.txt 2010-01-11 22:17
ComboFix3.txt 2010-01-07 15:01

Pre-Run: 22,937,006,080 bytes free
Post-Run: 22,898,323,456 bytes free

- - End Of File - - 651195A032614FD350C197F50937CF92

In addition to the other issues I noted in previous post, I also noticed that the 30-day evaluation clock for ACT! which i was evaluating has been set to zero somehow. I'd only loaded it last week and imported some 1600 records. Not a big deal as it is a trial run but of note. I'll deal with the software provider on that issue, unless you see something in the logfile.

kritius · #23 (**permalink**) 01-13-2010, 08:12 AM

Honestly have no idea about that one.

Quote:

Word 2003 installs something every time I start it and Word 2000 will not run without the a switch, i.e. winword.exe /a.

Tried re installing these?

I'll focus on the rest of the malware and then perhaps it would be a better idea creating a new thread in the windows forum for the boot up time etc.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

mat68046 · #24 (**permalink**) 01-14-2010, 09:24 AM

Kritius

See below KasReport. Took a while for the updates to load; felt funny about letting it run that long with the firewall down.

Ned to be careful with Limewire from the looks of this report! (and everything else, really)

My wife snickers at me from behind the glow of her new Mac and I tell her to no be so sure she's immune, either.

I do work stuff on this machine and my boss tells me to just buy a new machine. I told him the hardware isn't the issue and that a brand-new machine can be infected like any other...Darn it I could have gotten a new laptop on his tab...!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 14, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 14, 2010 03:58:07
Records in database: 3311925
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 113723
Threats found: 6
Infected objects found: 12
Suspicious objects found: 0
Scan duration: 04:13:44

File name / Threat / Threats count
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\Preview-T-5549245-cherokee nation.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\Preview-T-5552428-freedom overspill.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\Preview-T-5573554-freedom overspill.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\Preview-T-5575968-sinnerman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\T-1395984-041 - Howard Jones - Things Can Only Get Better.wma Infected: Trojan-Downloader.WMA.Wimad.v 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\T-5552428-freedom overspill.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\T-5575968-sinnerman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\at api.sys.vir Infected: Rootkit.Win32.TDSS.y 1
C:\System Volume Information\_restore{B332D5E0-9EE1-478C-8411-404986151111}\RP302\A0047931.exe Infected: Packed.Win32.TDSS.z 2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\615F1RT2\TREST11[1].htm Infected: Packed.JS.Agent.bp 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HB08AYUQ\oHff92e024V0100f080006R 89a36f9c102Tb4d787b2201l0409Kb17d9a98317[1].pdf Infected: Exploit.Win32.Pidief.cvl 1

Selected area has been scanned.

kritius · #25 (**permalink**) 01-14-2010, 09:29 AM

Macs are much better.

uninstall Limewire.

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
```
:Processes

:Services

:Reg

:Files
C:\Documents and Settings\Mark\My Documents\LimeWire

:Commands
[purity]
[emptytemp]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

mat68046 · #26 (**permalink**) 01-14-2010, 10:33 AM

I had already deleted Limewire...

OTM log as follows:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Mark\My Documents\LimeWire\Store Purchased folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire\Shared folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire\Saved folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\DNOO337RO4OQ45TIOZ6P U7ZNHEYSDCR5\Spyware Doctor 6 0 0 354 + KeyGen folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete\DNOO337RO4OQ45TIOZ6P U7ZNHEYSDCR5 folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire\Incomplete folder moved successfully.
C:\Documents and Settings\Mark\My Documents\LimeWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mark
->Temp folder emptied: 91776914 bytes
->Temporary Internet Files folder emptied: 9061581 bytes
->Java cache emptied: 15115235 bytes
->FireFox cache emptied: 36400164 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74436 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1232536 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 147.00 mb

OTM by OldTimer - Version 3.1.5.0 log created on 01142010_102656

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!

Registry entries deleted on Reboot...

kritius · #27 (**permalink**) 01-15-2010, 06:48 AM

Post a fresh DDS log.

mat68046 · #28 (**permalink**) 01-16-2010, 02:31 PM

Done, here is the logfile. Let me know if you want the attach.zip file.
Machine's personality is fairly consistent now, just takes a long time to boot. Seemed better earlier in this thread but no so much. Seems to hang on HDD Health but maybe another process loading behind it?

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mark at 14:24:07.39 on Sat 01/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.660 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100116-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\1204169715\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AOL 9.1\waol.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Microsoft Office2003\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttach File: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HDDHealth] c:\program files\hdd health\hddhealth.exe -wl
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HostManager] c:\program files\common files\aol\1204169715\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mic ros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: myfairpoint.net
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activate.myfairpoint.net/sdccommon/download/FairPoint/tgctlcm.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: {B137C99D-5365-4A2C-A95F-D1A48982983B} = 208.67.222.222,208.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles \ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dl l
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.d ll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [2008-6-27 19478]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-10 114768]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [2008-6-27 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [2008-6-27 431236]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2010-1-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-10 138680]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-10 352920]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [2008-1-24 200192]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [2008-6-27 64093]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2008-7-31 81920]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sy s --> c:\windows\system32\drivers\GenericMount.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [2009-12-31 151808]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2009-11-1 45608]
S4 TetherBerry;TetherBerry;c:\program files\tetherberry\TBService.exe [2009-11-1 49056]

=============== Created Last 30 ================

2010-01-15 05:50:35 0 d-----w- C:\Bwgen
2010-01-15 05:43:35 0 d-----w- c:\program files\BrainWave Generator
2010-01-15 05:29:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Sage Software, Inc
2010-01-15 05:19:41 88 --sh--r- c:\docume~1\alluse~1\applic~1\41A3A85ECB.sys
2010-01-15 05:19:39 848 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-01-15 05:14:15 733267 ----a-w- C:\ADChronopher.dll
2010-01-15 05:13:10 0 d-----w- c:\program files\common files\Protexis
2010-01-15 05:03:29 0 d-----w- c:\program files\MSXML 6.0
2010-01-14 15:26:56 0 d-----w- C:\_OTM
2010-01-12 23:21:55 98816 ----a-w- c:\windows\sed.exe
2010-01-12 23:21:55 77312 ----a-w- c:\windows\MBR.exe
2010-01-12 23:21:55 261632 ----a-w- c:\windows\PEV.exe
2010-01-12 23:21:55 161792 ----a-w- c:\windows\SWREG.exe
2010-01-11 20:58:34 8 --sh--r- c:\windows\system32\CE7E4175C3.sys
2010-01-10 17:04:59 0 d-----w- c:\windows\system32\AGEIA
2010-01-09 16:42:16 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-01-09 16:42:16 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-01-09 16:42:15 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-01-09 16:42:13 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-01-09 16:42:10 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-01-09 16:42:10 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-01-09 16:42:08 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-01-09 16:42:06 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-01-09 16:42:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-01-09 16:42:01 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-01-09 16:40:20 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-09 16:38:00 0 d-----w- c:\windows\Logs
2010-01-09 16:32:29 0 d-----w- c:\program files\Crane Simulator 2009
2010-01-09 01:57:00 0 d-----w- c:\program files\Conduit
2010-01-09 01:56:55 0 d-----w- c:\program files\PcWinTech
2010-01-09 01:56:53 0 d-----w- C:\Documents
2010-01-09 01:56:24 32768 ----a-w- c:\windows\system32\CleanMem.exe
2010-01-09 01:56:24 121856 ----a-w- c:\windows\system32\schtasks.exe
2010-01-09 01:56:15 0 d-----w- c:\windows\CleanMem
2010-01-09 01:56:14 0 d-----w- c:\program files\CleanMem
2010-01-08 16:03:15 88 --sh--r- c:\windows\system32\77C6EFDC64.sys
2010-01-08 16:03:14 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-08 16:03:07 0 d-----w- c:\docume~1\mark\applic~1\IsolatedStorage
2010-01-08 15:59:33 94208 ----a-w- c:\windows\system32\msvci70d.dll
2010-01-08 15:59:33 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-08 15:43:12 0 d-----w- c:\docume~1\mark\applic~1\ACT
2010-01-08 15:43:12 0 d-----w- c:\docume~1\alluse~1\applic~1\ACT
2010-01-08 15:42:45 0 d-----w- c:\program files\Microsoft SQL Server
2010-01-08 15:42:45 0 d-----w- c:\program files\ACT
2010-01-07 19:22:22 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-07 19:22:22 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-07 19:22:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2010-01-07 14:31:05 0 d-sha-r- C:\cmdcons
2010-01-07 03:59:56 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59:47 0 d-----w- c:\documents and settings\mark\Citrix
2010-01-06 14:34:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 13:28:42 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:40:01 0 d-----w- c:\docume~1\alluse~1\applic~1\AT&T
2010-01-05 15:28:03 0 d-----w- C:\$AVG
2010-01-05 15:25:38 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25:37 0 d-----w- c:\program files\AVG
2010-01-05 15:25:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-05 04:23:04 0 d-----w- c:\docume~1\mark\applic~1\Stamps.com Internet Postage
2010-01-05 03:58:51 0 d-----w- c:\docume~1\alluse~1\applic~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58:38 0 d-----w- c:\docume~1\alluse~1\applic~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58:17 0 d-----w- c:\docume~1\alluse~1\applic~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:57:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:56:59 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56:59 0 d-----w- c:\program files\Stamps.com Internet Postage
2010-01-04 02:33:39 108336 ----a-w- c:\windows\system32\mswinsck.ocx
2010-01-01 17:24:29 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03:34 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:41:57 0 d-----w- c:\program files\common files\PCSuite
2009-12-29 01:41:49 0 d-----w- c:\program files\common files\Nokia
2009-12-29 01:41:35 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41:27 0 d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41:19 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-29 01:41:18 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-29 01:41:18 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-29 01:41:15 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-29 01:41:15 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-29 01:41:15 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-29 01:41:10 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41:09 0 d-----w- c:\program files\Nokia
2009-12-28 05:58:11 0 d-----w- c:\program files\HDD Health
2009-12-28 05:45:43 4096 --sha-w- C:\VSNAP.IDX
2009-12-25 01:01:46 0 d-----w- C:\VProRecovery
2009-12-25 00:31:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31:26 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-25 00:31:20 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29:47 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47:00 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-01-08 06:09:04 256 ----a-w- c:\documents and settings\mark\pool.bin
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 00:59:10 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-30 13:50:25 79379 ----a-w- c:\windows\hpfins05.dat
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 14:24:50.54 ===============

mat68046 · #29 (**permalink**) 01-29-2010, 09:13 PM

Kritius

Laptop working well now, unsure of your impression of the last post.
Either way there's a world of difference from when I started this thread.

Thank you very much.

Avast! seems to be doing it's thing and it's not a hog like the AVG was. Of all the applets you had me run throughout, what should I use on the occasional check up?

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode