Updates fail most links redirect

Gateway / GT5408
January 1, 2009 at 12:18:38
Specs: Windows Vista, 3g
When I try to update anyprogram- windows - ad-aware- avg I get an error message "server disconected" I updated AVG using usb stick ran and "cleanned". Ran malwarebytes then cleanned and re ran nothing listed now as threat. Ran hijack this and log is below.

Prior to redirect if some windows were opened in IE it would open 30 windows. That doesnt happen now but updates fail and links re direct.
Same issues with firefox.
Any help greatly appriciated!

Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
3g ram



See More: Updates fail most links redirect

Report •


#1
January 1, 2009 at 12:45:26
This should suspend the redirects:

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list.
Highlight that driver and right click on it and select DISABLE - NOT uninstall.
Now RESTART your computer.

If that did not work go start > run type cmd and press enter or ok.
type ipconfig /flushdns (The space between g and / is needed)

Then press Enter, type Exit, press Enter again.

If that did not work try Safe Mode with Networking. Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select Safe Mode with Networking, then press "Enter".
Choose your usual account.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins int the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

For Hijack This if it will not run rename the Hijack This.exe file to somethingelse.exe and try installing it again.


Report •

#2
January 1, 2009 at 13:14:07
ipconfig /flushdns = the requested operation requires elevation.

TDSSserv.sys was not listed in device manager. TDTCP was closest listing.

I did run malewarebytes -Updates fail.

I ran the hijack this. The checked as much as I can but nothing listed as not safe.

Log is:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:32 PM, on 1/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
G:\bitlord\BitLord.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage....
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel....
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccomm...
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manage...
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrob...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Users\Owner\AppData\Local\Temp\INSTAL~1.EXE (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 9515 bytes



Report •

#3
January 1, 2009 at 13:41:38
Even though Malwarebytes did not update click on the Malwarebytes icon on your desktop> check "preform quick scan"> click scan. Follow the direction in response #1 once the scan is complete and post the log please.

Report •

Related Solutions

#4
January 1, 2009 at 17:38:25
Also on updates - says server connection shut down. No network connection. I can go to other pages fine but not download updates or follow some links. Almost as if it is blocking addresses related to antivirus software or updates.

Thanks for taking time to help!


Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6001 Service Pack 1

1/1/2009 7:09:52 PM
mbam-log-2009-01-01 (19-09-52).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|M:\|)
Objects scanned: 517415
Time elapsed: 2 hour(s), 31 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#5
January 1, 2009 at 17:42:53
PS here is the message:Connection Interrupted

The connection to the server was reset while the page was loading.


The network link was interrupted while negotiating a connection. Please try again.








Report •

#6
January 1, 2009 at 17:51:01
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, Windows Defender, As-Aware and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

#7
January 2, 2009 at 08:50:23
Well I started the scan after about 30 min's I stopped watching it and Woohooo got up this am everythng is updating again.

So far every thing seems back to normal.

I REALLY APPRICIATE THE HELP!

Thanks a million

If you want the log file I will try to find where it saved and post.


Report •

#8
January 2, 2009 at 09:09:25
There may be some remnant to remove and you need to do some clean-up.

The log should be located at C:\ComboFix.txt.


Report •

#9
January 2, 2009 at 09:28:37
I did have an error @ start up when I ran it widndows\sys32\drivers\msqpdxpbynhecp.sys Then msqpdxplffyccm.dll
Then an error box popped up with an error about "catchme" but it went off before I could writ it down.

Hope this is it:
ComboFix 08-12-31.01 - Owner 2009-01-01 22:04:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1978 [GMT -5:00]
Running from: C:\Users\Owner\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Owner\AppData\Roaming\Adobe\crc.dat
C:\Users\Owner\AppData\Roaming\Adobe\Player.exe.bak
C:\Windows\system32\bszip.dll
C:\Windows\system32\drivers\msqpdxpbynhecp.sys
C:\Windows\system32\msqpdxplffycym.dll
C:\Windows\system32\x64
D:\resycled
D:\resycled\boot.com
F:\resycled
F:\resycled\boot.com
G:\Autorun.inf
G:\resycled
G:\resycled\boot.com
M:\Autorun.inf
M:\resycled
M:\resycled\boot.com

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Service_MSQPDXSERV.SYS
-------\Service_AVG


((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-31 19:13 . 2008-12-31 19:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-12-30 19:05 . 2008-12-30 19:05 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-12-30 19:05 . 2008-12-30 19:05 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-12-30 19:05 . 2008-12-30 19:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-30 19:05 . 2008-12-03 19:52 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-12-30 19:05 . 2008-12-03 19:52 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-12-28 19:40 . 2008-12-28 19:40 107,272 --a------ C:\Windows\System32\drivers\avgtdix.sys
2008-12-28 19:39 . 2008-12-28 19:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-28 19:34 . 2008-12-28 19:34 23,832 --a------ C:\Windows\System32\drivers\avgfwd6x.sys
2008-12-28 12:52 . 2008-12-29 21:26 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-28 12:11 . 2009-01-01 22:19 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-12-28 12:11 . 2008-12-28 19:34 <DIR> d-------- C:\Users\All Users\avg8
2008-12-28 12:11 . 2008-12-28 19:34 <DIR> d-------- C:\ProgramData\avg8
2008-12-28 12:11 . 2008-12-28 12:11 <DIR> d-------- C:\Program Files\AVG
2008-12-28 12:11 . 2008-12-28 19:40 324,872 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-12-28 12:11 . 2008-12-28 19:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-12-24 18:48 . 2008-12-24 18:48 <DIR> d-------- C:\Program Files\videosoft
2008-12-22 08:13 . 2008-12-22 08:13 <DIR> d-------- C:\Users\ENATES~1\AppData\Roaming\WinRAR
2008-12-21 14:33 . 2008-12-21 14:33 <DIR> d-------- C:\Program Files\PC Camera
2008-12-21 14:33 . 2008-12-21 14:33 <DIR> d-------- C:\Program Files\Common Files\PAC207
2008-12-21 14:33 . 2008-02-13 13:17 618,112 --a------ C:\Windows\System32\drivers\PFC027.SYS
2008-12-21 14:33 . 2007-10-04 17:42 48,128 --------- C:\Windows\System32\Remove.exe
2008-12-21 14:33 . 2007-11-02 11:07 6,656 --a------ C:\Windows\System32\CoInst_080213.dll
2008-12-21 14:33 . 2007-10-05 15:40 399 --------- C:\Windows\System32\Remover.ini
2008-12-21 14:25 . 2008-12-21 14:25 <DIR> d-------- C:\Windows\PixArt
2008-12-20 14:04 . 2008-12-20 14:04 <DIR> d-------- C:\Program Files\Global Caché
2008-12-17 20:35 . 2008-12-17 20:35 <DIR> d-------- C:\Windows\Intelliremote
2008-12-17 20:35 . 2008-12-17 20:35 <DIR> d-------- C:\Program Files\Melloware
2008-12-10 20:16 . 2008-10-21 20:22 2,048 --a------ C:\Windows\System32\tzres.dll
2008-12-10 05:18 . 2008-10-21 00:25 296,960 --a------ C:\Windows\System32\gdi32.dll
2008-12-05 11:52 . 2008-12-05 11:52 <DIR> d-------- C:\Users\ENATES~1\AppData\Roaming\Leadertech
2008-12-05 11:52 . 2008-12-05 11:52 <DIR> d-------- C:\Users\ena test\AppData\Roaming\Leadertech
2008-12-03 09:39 . 2008-10-16 16:13 1,809,944 --a------ C:\Windows\System32\wuaueng.dll
2008-12-03 09:39 . 2008-10-16 15:56 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-12-03 09:39 . 2008-10-16 16:09 51,224 --a------ C:\Windows\System32\wuauclt.exe
2008-12-03 09:39 . 2008-10-16 16:09 43,544 --a------ C:\Windows\System32\wups2.dll
2008-12-03 09:38 . 2008-10-16 16:12 561,688 --a------ C:\Windows\System32\wuapi.dll
2008-12-03 09:38 . 2008-10-16 14:08 162,064 --a------ C:\Windows\System32\wuwebv.dll
2008-12-03 09:38 . 2008-10-16 15:55 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-12-03 09:38 . 2008-10-16 16:08 34,328 --a------ C:\Windows\System32\wups.dll
2008-12-03 09:38 . 2008-10-16 13:56 31,232 --a------ C:\Windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 21:14 --------- d-----w C:\ProgramData\Google Updater
2008-12-29 00:43 --------- d-----w C:\Program Files\Lavasoft
2008-12-28 19:49 --------- d#----- C:\Program Files\Yahoo!
2008-12-22 14:17 --------- d-s---w C:\Users\ENATES~1\AppData\Roaming\Microsoft
2008-12-21 19:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-20 19:04 --------- d-----w C:\Program Files\Global Caché
2008-12-16 00:43 --------- d#----- C:\Program Files\HomeLogic
2008-12-11 01:30 --------- d-----w C:\Program Files\Windows Mail
2008-12-11 01:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-12-05 16:52 --------- d-----w C:\Users\ENATES~1\AppData\Roaming\Adobe
2008-11-22 20:07 --------- d-----w C:\Program Files\Nevo
2008-11-22 18:29 --------- d#----- C:\Program Files\Common Files\Adobe
2008-11-21 03:41 --------- d-----w C:\Users\ENATES~1\AppData\Roaming\TVU networks
2008-11-21 03:41 --------- d-----w C:\Users\ena test\AppData\Roaming\TVU networks
2008-11-21 03:35 --------- d#----- C:\Program Files\Common Files\Intuit
2008-11-21 03:35 --------- d-----w C:\Users\ENATES~1\AppData\Roaming\Google
2008-11-21 03:34 --------- d-----w C:\Users\ENATES~1\AppData\Roaming\Identities
2008-11-21 03:34 --------- d-----w C:\Users\ENATES~1\AppData\Roaming\GTek
2008-11-21 03:34 --------- d-----w C:\Users\ena test\AppData\Roaming\GTek
2008-11-19 12:08 --------- d-----w C:\Program Files\Google
2008-11-15 21:12 --------- d-----w C:\ProgramData\{7347075A-54DA-4DC2-8725-3B784667B7E7}
2008-11-15 18:41 --------- d-----w C:\Program Files\girder
2008-11-11 23:04 --------- d-----w C:\ProgramData\AOL Downloads
2008-11-11 01:50 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-07 02:07 --------- d-----w C:\Program Files\Common Files\Supportsoft
2008-11-05 08:22 174 --sha-w C:\Program Files\desktop.ini
2008-11-05 08:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-11-05 08:16 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-11-05 08:16 --------- d-----w C:\Program Files\Windows Journal
2008-11-05 08:16 --------- d-----w C:\Program Files\Windows Collaboration
2008-11-05 08:16 --------- d-----w C:\Program Files\Windows Calendar
2008-11-05 08:15 --------- d-----w C:\Program Files\Windows Defender
2008-11-05 06:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-11-05 06:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-11-01 03:44 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w C:\Windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w C:\Windows\System32\connect.dll
2008-10-16 04:47 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-08-23 03:58 27,869,696 ----a-w C:\Users\Public\gwinstall.exe
2008-08-23 03:46 1,088,105 ----a-w C:\Users\Public\setup.exe
2007-12-25 02:16 262,144 ----a-w C:\ProgramData\ntuser.dat
2008-08-01 15:36 122,880 ----a-w C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 02:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 10:01 182744]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 13:56 423424]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 15:39 151552]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 07:35 176128]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34 213936]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 07:27 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04 39792]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2007-12-10 15:55 323584]
"PAC207_Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2007-12-10 15:55 323584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-12-28 19:39 1601304]
"combofix"="C:\Windows\system32\CF888.exe" [2009-01-01 21:58 318976]
"CHotkey"="zHotkey.exe" [2006-11-07 17:08 547840 C:\Windows\zHotkey.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 17:34 53248 C:\Windows\ModPS2Key.exe]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 15:56 303104 C:\Windows\sttray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="C:\Windows\system32\CF888.exe" [2009-01-01 21:58 318976]

C:\Users\ena test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 19:44:36 101440]

C:\Users\ena test\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 19:44:36 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.l3codec"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NevoMedia Server.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NevoMedia Server.lnk
backup=C:\Windows\pss\NevoMedia Server.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\Windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-01 10:36 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a------ 2005-01-27 12:13 36864 C:\Windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-667740120-947673207-539467700-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-667740120-947673207-539467700-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\girder\\girder.exe"= C:\Program Files\girder\girder.exe:*:Enabled:Trust Girder

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF12A818-686E-4BF1-A5C6-2DA77BDB1664}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{77C38237-856F-4313-975F-7248F88D71D4}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8578349A-BCBD-4C8F-897F-263FBD7F843D}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C3A62E2C-17F8-43A6-8578-C9336253B133}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{62D4D7AB-591B-4612-9FC9-35A1BD2B7E4B}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{65017B32-8682-4FEC-A115-18F07E7A2667}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{040CCE88-0393-4D06-A242-9A673B685A57}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{20414FFB-5F48-441B-BF81-1D9698A516F9}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{3B28A6EB-AEF1-458B-A17E-4C11571171BD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{EAE11351-0219-4050-9C6A-0648404A08CB}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{C17B8330-BE95-4DFC-AB75-9CCB814828CF}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{30EC1A5F-DD76-42C4-A159-5DD74FBB1DD8}F:\\bitlord\\bitlord.exe"= UDP:F:\bitlord\bitlord.exe:BitLord
"UDP Query User{34388A5F-3761-418F-AFB8-AFEE31ACA283}F:\\bitlord\\bitlord.exe"= TCP:F:\bitlord\bitlord.exe:BitLord
"TCP Query User{2D668A5A-32BD-4489-AC6C-5A37CFC6BAB0}G:\\bitlord\\bitlord.exe"= UDP:G:\bitlord\bitlord.exe:BitLord
"UDP Query User{DE1AE230-EE91-405B-970E-8D49D961D18F}G:\\bitlord\\bitlord.exe"= TCP:G:\bitlord\bitlord.exe:BitLord
"TCP Query User{0EBC739B-F6BA-45BD-9BB2-F79C445CE450}C:\\users\\owner\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{F2F8B5E9-4E7D-4C93-B26F-1342F70BF7F5}C:\\users\\owner\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\owner\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{271F219B-247B-4186-894C-F5BDCDA34E76}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{0EDE93AA-7571-4408-94A3-E3631E7A8BA3}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{A8F8EAF2-070B-4E35-ABB5-68793634074A}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{1C70E2F9-61CA-433B-B8D7-930341BF32D3}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{E0A96ABB-DE51-4E35-9DD0-4BE70AC43859}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{0C4EB86F-70C0-4A3E-8A72-F23FBB61A65C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{291996B0-613F-425A-A8B6-571CCF658371}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{58A0A31D-F30B-4B0C-A152-4FA0E7D5F931}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{611ABE4F-D233-4430-A351-61886DE6AC8D}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{CB3D5721-BFF0-4D42-A8EC-D997C475D62C}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"{D0E64030-7938-45C3-9E44-4BBA1B810A3F}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{09A57822-FB8A-4C54-AD86-E616323CCF92}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{0DC115F4-607B-4DED-84F6-A9AB029EA467}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{976E1E22-B388-4E44-A1C1-FE49506DA5E6}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E952D634-E264-46DE-8343-3A51E5B383E7}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{47560467-FF10-4740-9EA5-65DFE6B3C095}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5112C525-C561-4746-B074-3CDED29934F8}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{491D5A81-14C6-4D61-B907-2930D7505C12}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{AAB6089E-E713-4E04-B536-870F9CAEA40E}C:\\program files\\homelogic\\onehome connect\\hlstart.exe"= UDP:C:\program files\homelogic\onehome connect\hlstart.exe:HomeLogic Connect
"UDP Query User{739BA3C6-A17F-41A2-B122-494383D027FF}C:\\program files\\homelogic\\onehome connect\\hlstart.exe"= TCP:C:\program files\homelogic\onehome connect\hlstart.exe:HomeLogic Connect
"TCP Query User{CD88D0C4-EDAD-4F5D-89AE-CFBA17CEE8DC}C:\\users\\owner\\appdata\\local\\temp\\wzse1.tmp\\hlupdate.exe"= UDP:C:\users\owner\appdata\local\temp\wzse1.tmp\hlupdate.exe:hlupdate.exe
"UDP Query User{DB03BB88-D4E3-418D-ADE4-5A53338A3E25}C:\\users\\owner\\appdata\\local\\temp\\wzse1.tmp\\hlupdate.exe"= TCP:C:\users\owner\appdata\local\temp\wzse1.tmp\hlupdate.exe:hlupdate.exe
"TCP Query User{1A7DA0E6-C21C-4351-A0CA-4524EFC46F2F}C:\\homelogic\\gateway.exe"= UDP:C:\homelogic\gateway.exe:Gateway Controller Application
"UDP Query User{C468034F-EAF0-4CD5-A302-DC1B05332AC7}C:\\homelogic\\gateway.exe"= TCP:C:\homelogic\gateway.exe:Gateway Controller Application
"{680AFB31-3364-4B43-A313-FD58DB3153ED}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3499389D-C093-43D4-8167-FAAFDE416277}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BC2AD2FE-955B-486D-966F-B9D6C702E503}"= UDP:5001:hl
"{4FBF9635-E94B-43DA-98E9-746A298E6D49}"= UDP:2998:hl
"TCP Query User{F0004FED-8A42-4F08-BE5B-306EDEFB43CB}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{96ED60F7-9F2B-4E47-BE48-F8C4F86B966F}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{A591C82C-4FF4-4D97-82D2-7AEADBD232D2}C:\\users\\owner\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\owner\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{DFDB2CBD-EA37-490B-B0B4-23F50B03B4B9}C:\\users\\owner\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\owner\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{56C190F2-A68D-4EA0-9456-2C98D71FFE7A}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{9D0B1245-F44E-47CC-8C59-B990BA49FEED}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{11FDC274-84AC-43A8-A784-EC6AE28A722C}C:\\program files\\nevo\\nevomedia server\\nevomediaserver.exe"= UDP:C:\program files\nevo\nevomedia server\nevomediaserver.exe:NevoMedia Server 2.0
"UDP Query User{8FCB99F1-78DF-4BD8-BF5D-2BF8A6D3CD69}C:\\program files\\nevo\\nevomedia server\\nevomediaserver.exe"= TCP:C:\program files\nevo\nevomedia server\nevomediaserver.exe:NevoMedia Server 2.0
"TCP Query User{2B21551A-6EC1-416C-A855-FE74B0809942}C:\\program files\\nevo\\nevomedia player\\nevomediaplayer.exe"= UDP:C:\program files\nevo\nevomedia player\nevomediaplayer.exe:NevoMedia Player 2.0
"UDP Query User{FA257FE7-E5A1-41C4-96C1-4B60D0B6FEFB}C:\\program files\\nevo\\nevomedia player\\nevomediaplayer.exe"= TCP:C:\program files\nevo\nevomedia player\nevomediaplayer.exe:NevoMedia Player 2.0
"{4DE68CCD-C90B-4CA4-B738-E7A03A907576}"= UDP:C:\Program Files\Melloware\Intelliremote\Intelliremote.exe:ENABLE
"{00BB2AB9-01B3-4599-B3FC-DA9B4A7F8663}"= TCP:C:\Program Files\Melloware\Intelliremote\Intelliremote.exe:ENABLE
"{AEAD932F-B519-4AE5-8B16-979BA2869071}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FDBB1BB3-8ED9-42C3-8AE1-865318BAD2E9}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{05D1CDE7-C516-4E89-B940-A901923F4000}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
"C:\\Program Files\\girder\\girder.exe"= C:\Program Files\girder\girder.exe:*:Enabled:Trust Girder

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6x.sys [2008-12-28 19:34:57 23832]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-12-28 12:11:55 324872]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\system32\Drivers\avgtdix.sys [2008-12-28 19:40:20 107272]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-28 19:39:42 903960]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 12:11:47 298264]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-28 19:39:42 1339600]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service []
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 19:37:24 28672]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 18:49:48 7424]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-01-05 15:49:55 5504]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;C:\Users\Owner\AppData\Local\Temp\INSTAL~1.EXE []
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 05:25:17 2589184]
S3 PAC207;Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS [2008-12-21 14:33:43 618112]
S4 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 12:03:30 208896]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-05 16:01:14 29744]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5408
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: C:\Windows\system32\wpclsp.dll
FF - ProfilePath -
.


Report •

#10
January 2, 2009 at 10:06:09
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL,Registry Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Download Registry Search and doubleclick to start it. Enter MSQPDXSERV.SYS in the top edit box and click "Ok". Notepad will be opened with text in it (the file will be saved in the program's folder as well). Post this text.


Report •

#11
January 2, 2009 at 10:40:14
Now I show how much of a nocvie I am.... There is no Icon for the program nor is it listed in all programs. If I Navigate to the combo folder on C drive I dont see combofix.exe I do see a lot of Applications in the combo folder but not combofix.

Should I re download the app?


Report •

#12
January 2, 2009 at 11:20:08
That icon should be a red circle with a white lion/tiger in it named "tool" or "tool.exe" as we renamed it when downloading it.

If not,go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Then download combofix following the previous directions.


Report •


Ask Question