Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have been infected with Zlob.trojan and Adware.bho.je. SpyHunter finds them and tells me they are deleted but the browser hijack is still happening. I have run SpyHunter in safe mode with System Restore turned off with the same results. Ad-Aware will not complete a scan. I am at a loss as to how to get rid of this stuff. Any help would be appreciated.
Jim
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.Please download SmitFraudFix from this link:
Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky and other antivirus programs) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0 
Smitfraudfix will not run, it just flashes a DOS window and closes. HJT log cannot be sent, screen goes blank when I click on "submit follow up".
Jim
0
Lets see if we can get it to run.
If you have deleted the Smitfraud.zip file redownload it please.
You antivirus will most likely give you a warning, just ignore it.
Next, right click the Smitfraud.zip folder> click extract all> next> in the top box type in C:\Smitfraud >next.
Now navigate to C:\Smitfraud and open the folder then double click the "smitfraudfix.cmd" file. Give it a minute, the run screen is blue.
0
I cant post long reply. Site errors. Can I get the info. to u some other way? I have HJT and Smitfraud logs.
Jim
0
Click "private message" at the bottom right of my last response and see if you can post it there.
If not run this windows fix tool then try to post the regular method. it repairs many windows issues.
Download Dial-a fix to your desktop.
Place a check in these boxes:
1. Empty temp folder
2. Fix windows installer
3. Fix windows update
4. Fix ssl/Https/Cryptscv
5. All 6 boxes under Registration CenterPress Go.
Wait a few minutes then exit the program.
0
Used Dial-A-Fix, still no joy. PM results in this;
Private Message
As the original poster of this thread, you should not use the private message feature to communicate with people who replied to your question. Instead, please address all concerns you have using the reply form on the message itself.
Return to MessageJim
0
I sent you a PM, to recieve ot go to the top of this page, left side, click "my computing.net".
0
Turn off Spyware Doctor, SpyHunter and Ad-Aware untill we get your computer clean.
Please download HostsXpert from the following link:
Extract the HostsXpert.zip by doing the following:Right-click HostsXpert.zip and select extract all – Follow the wizard and extract it to your DesktopClick Finish. Double-click the HostsXpert folder and then double-click HostsXpert.exe. Click “ Restore MS Hosts File” and press OK.Exit the program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.
Download SDFix.exe and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
2. Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
3. Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
0
SDFix did not run.
If you have any of these programs they must be turned off while running SDFix and you must be in safe mode:
A. Your antivirus (ever which one you have).
B. Your Antispyware
1 Spybot S&D (Teatimer)
2 Ad-Aware Ad-Watch
3 Spywareguard
4 Windows Defender
5 TrojanHunter Guard
6 Disable SpySweeper
7 WinPatrol
8 CounterSpy
9 AVG Anti-Spyware (formerly ewido)
10 Spyware Doctor
11 Prevx
12 ProcessGuard
13 ZoneAlarm's OS Firewall
14 Ad-Aware 2007 ServiceDelete the copy on your desktop incase it was damaged then download a new copy. Make sure you are offline, turn off the above programs and anyother s you might have, reboot into safe mode, run SDFIX, restart the computer, post its log.
If you were to get a warning box "avg plugin for office" or similar when you download SDFix let me know before you run it please.
0
I still rcv. error windows cannot find c:\docume~1\j9835.mur\desktop\sdfix\runthis.bat\runthis.bat. The system is much better but I still have issues with trying to re install my camera. Firefox crashes on a regular basis also. At least now I can update my spyware program files and send this.
Jim
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.To run combofix do the following:
1. Go offline, turn off you antivirus and antispyware programs.
2. Run Combofix and save the log.
3. Restart the computer to get the antivirus running but leave the antispyware programs off for now.
4. Go online and post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
ComboFix 08-08-28.06 - J. Murray 2008-08-29 10:06:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1578 [GMT -5:00]
Running from: C:\Garbage\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\bin.clearspring.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com\ud.sol
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_TDSSSERV
-------\Service_tdssserv
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.2008-08-28 20:05 . 2008-08-28 20:05 <DIR> d-------- C:\temp
2008-08-28 20:05 . 2008-08-28 19:59 24,576 --a------ C:\temp\IadHide3.dll
2008-08-28 20:00 . 2008-08-28 20:00 <DIR> d-------- C:\SXS
2008-08-28 18:59 . 2008-08-28 18:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-28 18:55 . 2008-08-24 05:08 <DIR> d-------- C:\SDFix
2008-08-27 18:54 . 2008-08-29 10:10 86,528 --a------ C:\WINDOWS\system32\drivers\bkqfr2rqrhp.sys
2008-08-27 18:54 . 2008-08-27 18:54 3 --a------ C:\temp.tmp
2008-08-27 16:09 . 2008-08-27 16:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 16:09 . 2008-08-27 16:09 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\PC Tools
2008-08-27 16:09 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-27 16:09 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-27 16:09 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-27 16:09 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 07:58 . 2008-08-28 20:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-26 20:14 . 2008-08-26 20:14 3,414 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-26 18:05 . 2008-08-26 18:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 08:35 . 2008-08-26 08:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-25 23:35 . 2008-08-28 16:56 <DIR> d-------- C:\WINDOWS\system32\276177
2008-08-25 23:35 . 2008-08-28 19:21 <DIR> d-------- C:\Program Files\Applications
2008-08-25 21:19 . 2002-12-10 05:55 278,528 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-08-25 21:19 . 2002-12-10 05:53 236,121 --a------ C:\WINDOWS\system32\drivers\CamDrL21.sys
2008-08-25 21:19 . 2002-12-10 05:51 179,712 --a------ C:\WINDOWS\system32\drivers\LVSVF.dll
2008-08-25 21:19 . 2002-12-10 05:55 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-08-25 21:19 . 2002-12-10 05:54 127,022 --a------ C:\WINDOWS\system32\LVComS.exe
2008-08-25 21:19 . 2002-12-10 05:55 114,688 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-08-25 21:19 . 2002-12-10 05:57 69,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-08-25 21:19 . 2002-12-10 05:54 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2008-08-25 21:19 . 2002-12-10 05:51 12,112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-08-25 21:19 . 2002-12-10 05:43 11,653 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-08-25 14:18 . 2008-08-28 14:29 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-25 13:04 . 2008-08-25 18:16 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-25 13:04 . 2008-08-25 13:04 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\ImgBurn
2008-08-25 13:04 . 2008-08-25 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-24 20:11 . 2008-08-24 20:11 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\Leadertech
2008-08-24 20:09 . 2008-08-25 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-07 09:01 . 2008-08-07 09:02 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\GrabIt
2008-08-06 11:55 . 2008-08-06 11:55 <DIR> d-------- C:\WINDOWS\system32\Atheros_L2
2008-08-06 09:46 . 2008-08-06 09:46 <DIR> d-------- C:\Program Files\Driver Magician
2008-08-06 09:14 . 2008-08-06 09:18 <DIR> d---s---- C:\Documents and Settings\Administrator.CYBERMAX
2008-08-05 17:34 . 2008-08-25 19:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-04 09:29 . 2008-08-06 09:18 <DIR> d-------- C:\Program Files\Collectorz.com
2008-07-31 21:12 . 2008-07-31 21:12 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2008-07-31 15:09 . 2008-07-31 15:09 <DIR> d-------- C:\Program Files\Stardock
2008-07-31 15:09 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-07-29 19:38 . 2008-07-29 19:57 <DIR> d-------- C:\Program Files\Amorous Professor Cherry
2008-07-29 11:14 . 2008-07-29 11:14 <DIR> d-------- C:\Program Files\GameShadow.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-29 13:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-29 13:50 --------- d-----w C:\Program Files\GetRight
2008-08-29 01:26 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-29 01:00 --------- d-----w C:\Program Files\Logitech
2008-08-29 00:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 00:43 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-26 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-26 00:35 --------- d-----w C:\Program Files\Common Files\logishrd
2008-08-25 13:04 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\skypePM
2008-08-12 23:19 --------- d-----w C:\Program Files\QuickPar
2008-08-06 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 01:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-26 17:55 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\AdobeUM
2008-07-26 14:29 --------- d-----w C:\Program Files\The Adventure Company
2008-07-26 12:44 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2008-07-26 12:44 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2008-07-26 12:44 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2008-07-26 12:44 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2008-07-25 19:32 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Simply Super Software
2008-07-25 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-24 02:04 --------- d-----w C:\Program Files\filehippo.com
2008-07-23 08:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-22 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-22 00:32 --------- d-----w C:\Program Files\MSBuild
2008-07-22 00:30 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-20 15:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 15:25 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-20 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 22:47 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-19 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-18 22:48 --------- d-----w C:\Program Files\Quicken
2008-07-18 22:48 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-07-18 22:48 --------- d-----w C:\Program Files\Common Files\Intuit
2008-07-18 22:48 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Intuit
2008-07-18 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-18 01:19 --------- d-----w C:\Program Files\DVD Decrypter
2008-07-17 19:47 --------- d-----w C:\Program Files\Fellowes
2008-07-17 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fellowes
2008-07-17 19:34 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Acoustica
2008-07-17 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-17 19:13 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-16 00:50 --------- d-----w C:\Program Files\VideoReDoTVSuite
2008-07-16 00:50 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\VideoReDo-TVSuite
2008-07-15 22:51 --------- d-----w C:\Program Files\Agent
2008-07-15 11:28 --------- d-----w C:\Program Files\Google
2008-07-14 21:55 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\GARMIN
2008-07-13 19:38 --------- d-----w C:\Program Files\Palm
2008-07-09 21:00 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Corel
2008-07-09 20:51 --------- d-----w C:\Program Files\WordPerfect Office 11
2008-07-09 20:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-09 20:51 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-07-09 20:50 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-09 17:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-08 22:47 73,216 ----a-w C:\WINDOWS\ST6UNST.exe
2008-07-08 22:47 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-07 21:14 --------- d-----w C:\Program Files\EndItAll
2008-07-03 19:28 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\XTrackCad
2008-07-03 19:27 --------- d-----w C:\Program Files\XTrkCAD4
2008-07-03 18:28 --------- d-----r C:\Program Files\Aston2 Menu
2008-07-03 14:03 --------- d-----w C:\Program Files\Raxco
2008-07-03 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-03 13:52 --------- d-----w C:\Program Files\Vista Drive Icon
2008-07-02 22:57 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-07-02 18:51 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5984.exe
2008-07-02 18:51 14,290 ----a-w C:\Program Files\settings.dat
2008-07-02 18:51 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-07-02 18:51 --------- d-----w C:\Program Files\PDFCreator
2008-07-02 16:51 --------- d-----w C:\Program Files\VS Revo Group
2008-07-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-07-02 14:59 --------- d-----w C:\Program Files\AWS
2008-07-02 14:59 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\WeatherBug
2008-07-02 02:18 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\ACD Systems
2008-07-02 02:13 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-02 02:13 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-02 02:13 --------- d-----w C:\Program Files\ACD Systems
2008-07-02 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-02 02:06 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-07-01 22:46 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Media Player Classic
2008-07-01 22:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-01 21:59 --------- d-----w C:\Program Files\ClipMate6
2008-07-01 21:59 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Thornsoft Development
2008-07-01 16:13 --------- d-----w C:\Program Files\Eset
2008-07-01 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-01 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-01 14:27 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Ahead
2008-07-01 14:25 --------- d-----w C:\Program Files\Nero
2008-07-01 14:24 --------- d-----w C:\Program Files\Ahead
2008-07-01 14:02 --------- d-----w C:\Program Files\AskTBar
2008-07-01 13:57 --------- d-----w C:\Program Files\directx
2008-07-01 13:56 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-07-01 13:56 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\FotoWire
2008-07-01 13:55 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-07-01 13:46 --------- d-----w C:\Program Files\Canon
2008-07-01 13:43 --------- d--h--w C:\Program Files\CanonBJ
2008-07-01 13:43 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-01 13:36 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
2008-07-01 13:36 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-07-01 13:35 --------- d-----w C:\Program Files\Opdicom
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A2Menu"="C:\Program Files\Aston2 Menu\A2Menu.exe" [2008-02-05 19:04 307200]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-03-21 13:12 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-28 19:59 16384]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"ClipMate6"="C:\PROGRA~1\CLIPMA~1\ClipMt61.exe" [2003-05-08 18:31 2731164]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 11:55 1347584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 17:53 88024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-30 16:34 949376]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 20:10 652624]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 20:50 1603152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 14:59 45056]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.exe" [2003-02-25 20:27 77887]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 04:43 53248]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56 188416]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SDFix"="C:\Documents and Settings\J. Murray\Desktop\SDFix\RunThis.bat" [2008-08-24 04:48 752040]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00 65536]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 15:47 16859648 C:\WINDOWS\RTHDCPL.exe][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
""="del" [X][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 10:23 430080]C:\Documents and Settings\J. Murray\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.exe [2002-08-09 17:36:20 299008]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-07-20 10:49:34 25214]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2008-07-01 17:18:03 3446096]
Harmony Monitor.lnk - C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-01-20 11:47:34 81920]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-08-28 19:59:25 169472]
Start OpdiTracker.lnk - C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe [2005-01-06 07:04:14 208896][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bkqfr2rqrhp.sys]
@="\??\C:\WINDOWS\system32\drivers\bkqfr2rqrhp.sys"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=R2 bkqfr2rqrhp.sys;bkqfr2rqrhp.sys;C:\WINDOWS\system32\drivers\bkqfr2rqrhp.sys [2008-08-29 10:10]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 13:00]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 20:12]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 13:00]
.
- - - - ORPHANS REMOVED - - - -URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
HKCU-Run-DW6 - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\J. Murray\Application Data\Mozilla\Firefox\Profiles\floh0d63.default\
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 10:11:15
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
r Running Proce
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ClipMate6\ClipMt61.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-29 10:13:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 15:13:06Pre-Run: 127,196,413,952 bytes free
Post-Run: 127,114,149,888 bytes free293 --- E O F --- 2008-08-26 12:30:09
Jim
0
Please download Malwarebytes' Anti-Malware from one of these sites:
Be sure to follow the directions in step 6 after the scan has finished running.
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
0
Malwarebytes' Anti-Malware 1.25
Database version: 1098
Windows 5.1.2600 Service Pack 28:47:33 AM 8/30/2008
mbam-log-08-30-2008 (08-47-33).txtScan type: Quick Scan
Objects scanned: 45840
Time elapsed: 3 minute(s), 7 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 1Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.Folders Infected:
C:\WINDOWS\system32\276177 (Trojan.BHO) -> Quarantined and deleted successfully.Files Infected:
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Quarantined and deleted successfully.Jim
0
Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\WINDOWS\system32\drivers\bkqfr2rqrhp.sysDriver::
TDSSSERV
bkqfr2rqrhp.sys
C:\temp.tmpFolder::
C:\temp
C:\temp.tmp
C:\Program Files\AWS
C:\Documents and Settings\J. Murray\Application Data\WeatherBug
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bkqfr2rqrhp.sys]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".Post a new Combofix log.
0
Sorry, you lost me on this one. Neither Malware or Combofix logs have X's or any text that resembles that in your last post.
Jim
0
We are making a Combofix script file in notepad and transfering it to your desktop.:
1. First highlight the area between the X's in my response #15 (do not copy the x's or it will not work) > click edit> click copy.
2. Go to start> run> type notepad then press enter.
3. Make sure your cursor is at the top right corner of the notepad page> click edit> click paste.
4.While still in notepad go to "File" on the top bar and choose" Save As" (a second edit box called "save as" will open in notepad), Change the "Save As Type" to "All Files", by clicking the blue drop down arrow on the far right of the "save as Type" box and selecting "all files".
5.Next type CFScript.txt in the "file Name" box.
6.Next click blue drop down arrow to the far right of the "save in" box and select desktop then click "save" at the bottom right of the page.You should now have a file named CFScript.txt on you desktop.
Then we take the mouse and drag the "SFCcript.txt" file onto the red Combofix symbol and let go of it. Combofix will run the script.
Then post a new Combofix log so we can see that the changes were made.
0
Sorry, there are no X's in the Combofix log I have. There are only }'s. I understand what you want but I don't know what text to copy.
Jim
0
This text between the X's im my response #15.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\WINDOWS\system32\drivers\bkqfr2rqrhp.sysDriver::
TDSSSERV
bkqfr2rqrhp.sys
C:\temp.tmpFolder::
C:\temp
C:\temp.tmp
C:\Program Files\AWS
C:\Documents and Settings\J. Murray\Application Data\WeatherBugRegistry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bkqfr2rqrhp.sys]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
0
ComboFix 08-08-30.03 - J. Murray 2008-08-31 19:12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1665 [GMT -5:00]
Running from: C:\Garbage\ComboFix.exe
Command switches used :: C:\Documents and Settings\J. Murray\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com\ud.sol
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\J. Murray\Application Data\WeatherBug
C:\Program Files\AWS
C:\Program Files\AWS\WeatherBug\download.txt
C:\Program Files\AWS\WeatherBug\lfbmp10N.dll
C:\Program Files\AWS\WeatherBug\Lfcmp10n.dll
C:\Program Files\AWS\WeatherBug\lfimg10N.dll
C:\Program Files\AWS\WeatherBug\Local\1px.gif
C:\Program Files\AWS\WeatherBug\Local\alert_failed.html
C:\Program Files\AWS\WeatherBug\Local\Background60.jpg
C:\Program Files\AWS\WeatherBug\Local\bot_default.html
C:\Program Files\AWS\WeatherBug\Local\bot_failed2.html
C:\Program Files\AWS\WeatherBug\Local\Bot_loading.gif
C:\Program Files\AWS\WeatherBug\Local\bot_loading.html
C:\Program Files\AWS\WeatherBug\Local\center_failed.html
C:\Program Files\AWS\WeatherBug\Local\center_loading.html
C:\Program Files\AWS\WeatherBug\Local\def_bot.gif
C:\Program Files\AWS\WeatherBug\Local\LeftNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\skinmask60.bmp
C:\Program Files\AWS\WeatherBug\Local\TopNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\vssver.scc
C:\Program Files\AWS\WeatherBug\Local\WBug_Loading.gif
C:\Program Files\AWS\WeatherBug\Local\weather_window_loading.gif
C:\Program Files\AWS\WeatherBug\Local\WxBug.gif
C:\Program Files\AWS\WeatherBug\Local\wxbug.wav
C:\Program Files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
C:\Program Files\AWS\WeatherBug\Local\WxWindow_failed.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_loading.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
C:\Program Files\AWS\WeatherBug\Local\xpchirpedu.bmp
C:\Program Files\AWS\WeatherBug\LTDIS10N.dll
C:\Program Files\AWS\WeatherBug\ltfil10N.DLL
C:\Program Files\AWS\WeatherBug\ltkrn10N.dll
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AWS\WeatherBug\wxdist.dll
C:\Program Files\AWS\WeatherBug\wxlocm.dll
C:\Program Files\AWS\WeatherBug\wxpref.dll
C:\Program Files\AWS\WeatherBug\wxreg.dll
C:\Program Files\AWS\WeatherBug\wxutil.dll
C:\Program Files\AWS\WeatherBug\wxweb.dll
C:\temp
C:\temp.tmp\
C:\temp\debug.txt
C:\temp\IadHide3.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_BKQFR2RQRHP.SYS
-------\Service_bkqfr2rqrhp.sys
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.Jim
0
Looks like you had some success, can you post all of the Combofix log, we are missing the main part of the log that allows us to see what was deleted.
0
ComboFix 08-08-30.03 - J. Murray 2008-08-31 19:12:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1665 [GMT -5:00]
Running from: C:\Garbage\ComboFix.exe
Command switches used :: C:\Documents and Settings\J. Murray\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\#SharedObjects\T3ZC4NPF\interclick.com\ud.sol
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\J. Murray\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\J. Murray\Application Data\WeatherBug
C:\Program Files\AWS
C:\Program Files\AWS\WeatherBug\download.txt
C:\Program Files\AWS\WeatherBug\lfbmp10N.dll
C:\Program Files\AWS\WeatherBug\Lfcmp10n.dll
C:\Program Files\AWS\WeatherBug\lfimg10N.dll
C:\Program Files\AWS\WeatherBug\Local\1px.gif
C:\Program Files\AWS\WeatherBug\Local\alert_failed.html
C:\Program Files\AWS\WeatherBug\Local\Background60.jpg
C:\Program Files\AWS\WeatherBug\Local\bot_default.html
C:\Program Files\AWS\WeatherBug\Local\bot_failed2.html
C:\Program Files\AWS\WeatherBug\Local\Bot_loading.gif
C:\Program Files\AWS\WeatherBug\Local\bot_loading.html
C:\Program Files\AWS\WeatherBug\Local\center_failed.html
C:\Program Files\AWS\WeatherBug\Local\center_loading.html
C:\Program Files\AWS\WeatherBug\Local\def_bot.gif
C:\Program Files\AWS\WeatherBug\Local\LeftNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\skinmask60.bmp
C:\Program Files\AWS\WeatherBug\Local\TopNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\vssver.scc
C:\Program Files\AWS\WeatherBug\Local\WBug_Loading.gif
C:\Program Files\AWS\WeatherBug\Local\weather_window_loading.gif
C:\Program Files\AWS\WeatherBug\Local\WxBug.gif
C:\Program Files\AWS\WeatherBug\Local\wxbug.wav
C:\Program Files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
C:\Program Files\AWS\WeatherBug\Local\WxWindow_failed.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_loading.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
C:\Program Files\AWS\WeatherBug\Local\xpchirpedu.bmp
C:\Program Files\AWS\WeatherBug\LTDIS10N.dll
C:\Program Files\AWS\WeatherBug\ltfil10N.DLL
C:\Program Files\AWS\WeatherBug\ltkrn10N.dll
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AWS\WeatherBug\wxdist.dll
C:\Program Files\AWS\WeatherBug\wxlocm.dll
C:\Program Files\AWS\WeatherBug\wxpref.dll
C:\Program Files\AWS\WeatherBug\wxreg.dll
C:\Program Files\AWS\WeatherBug\wxutil.dll
C:\Program Files\AWS\WeatherBug\wxweb.dll
C:\temp
C:\temp.tmp\
C:\temp\debug.txt
C:\temp\IadHide3.dll.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_BKQFR2RQRHP.SYS
-------\Service_bkqfr2rqrhp.sys
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.2008-08-31 13:40 . 2008-08-31 13:42 <DIR> d-------- C:\BIG_CITY_BLUES
2008-08-30 19:55 . 2002-12-10 05:51 179,712 --a------ C:\WINDOWS\system32\drivers\LVSVF.dll
2008-08-30 19:54 . 2002-12-10 05:55 278,528 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-08-30 19:54 . 2002-12-10 05:53 236,121 --a------ C:\WINDOWS\system32\drivers\CamDrL21.sys
2008-08-30 19:54 . 2002-12-10 05:55 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-08-30 19:54 . 2002-12-10 05:55 114,688 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-08-30 19:54 . 2002-12-10 05:57 69,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2008-08-30 19:54 . 2002-12-10 05:51 12,112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-08-30 19:54 . 2002-12-10 05:43 11,653 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-08-30 19:53 . 2008-08-30 19:53 <DIR> d-------- C:\SXS
2008-08-30 08:41 . 2008-08-30 08:41 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\Malwarebytes
2008-08-30 08:41 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 08:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-30 08:40 . 2008-08-30 08:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 08:40 . 2008-08-30 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 16:48 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-29 16:47 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-08-28 18:59 . 2008-08-28 18:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-28 18:55 . 2008-08-24 05:08 <DIR> d-------- C:\SDFix
2008-08-27 18:54 . 2008-08-27 18:54 3 --a------ C:\temp.tmp
2008-08-27 16:09 . 2008-08-27 16:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 16:09 . 2008-08-27 16:09 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\PC Tools
2008-08-27 16:09 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-27 16:09 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-27 16:09 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-27 16:09 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-27 07:58 . 2008-08-31 13:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-26 20:14 . 2008-08-26 20:14 3,414 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-26 18:05 . 2008-08-26 18:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 08:35 . 2008-08-26 08:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-25 23:35 . 2008-08-28 19:21 <DIR> d-------- C:\Program Files\Applications
2008-08-25 21:19 . 2002-12-10 05:54 127,022 --a------ C:\WINDOWS\system32\LVComS.exe
2008-08-25 21:19 . 2002-12-10 05:54 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2008-08-25 13:04 . 2008-08-31 13:38 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-25 13:04 . 2008-08-25 13:04 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\ImgBurn
2008-08-25 13:04 . 2008-08-25 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-24 20:11 . 2008-08-24 20:11 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\Leadertech
2008-08-24 20:09 . 2008-08-25 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-07 09:01 . 2008-08-07 09:02 <DIR> d-------- C:\Documents and Settings\J. Murray\Application Data\GrabIt
2008-08-06 11:55 . 2008-08-06 11:55 <DIR> d-------- C:\WINDOWS\system32\Atheros_L2
2008-08-06 09:46 . 2008-08-06 09:46 <DIR> d-------- C:\Program Files\Driver Magician
2008-08-06 09:14 . 2008-08-06 09:18 <DIR> d---s---- C:\Documents and Settings\Administrator.CYBERMAX
2008-08-05 17:34 . 2008-08-25 19:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-04 09:29 . 2008-08-06 09:18 <DIR> d-------- C:\Program Files\Collectorz.com.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 00:01 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-31 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-31 14:56 --------- d-----w C:\Program Files\GetRight
2008-08-31 00:53 --------- d-----w C:\Program Files\Logitech
2008-08-29 15:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 01:26 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-29 00:43 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-26 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-26 00:35 --------- d-----w C:\Program Files\Common Files\logishrd
2008-08-25 13:04 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\skypePM
2008-08-12 23:19 --------- d-----w C:\Program Files\QuickPar
2008-08-06 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 01:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-01 02:12 2,560 ----a-w C:\WINDOWS\_MSRSTRT.exe
2008-07-31 20:09 --------- d-----w C:\Program Files\Stardock
2008-07-30 00:57 --------- d-----w C:\Program Files\Amorous Professor Cherry
2008-07-29 16:14 --------- d-----w C:\Program Files\GameShadow
2008-07-26 17:55 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\AdobeUM
2008-07-26 14:29 --------- d-----w C:\Program Files\The Adventure Company
2008-07-26 12:44 85,302 ----a-w C:\WINDOWS\system32\drivers\LVFeL002.cfg
2008-07-26 12:44 69,592 ----a-w C:\WINDOWS\system32\drivers\LVFaL000.cfg
2008-07-26 12:44 227,172 ----a-w C:\WINDOWS\system32\drivers\LVFeL000.cfg
2008-07-26 12:44 146,680 ----a-w C:\WINDOWS\system32\drivers\LVFeL001.cfg
2008-07-25 19:32 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Simply Super Software
2008-07-25 15:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-24 02:04 --------- d-----w C:\Program Files\filehippo.com
2008-07-23 08:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-22 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-22 00:32 --------- d-----w C:\Program Files\MSBuild
2008-07-22 00:30 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-20 15:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 15:25 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-20 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 22:47 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-19 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-18 22:48 --------- d-----w C:\Program Files\Quicken
2008-07-18 22:48 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-07-18 22:48 --------- d-----w C:\Program Files\Common Files\Intuit
2008-07-18 22:48 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Intuit
2008-07-18 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-07-18 01:19 --------- d-----w C:\Program Files\DVD Decrypter
2008-07-17 19:47 --------- d-----w C:\Program Files\Fellowes
2008-07-17 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fellowes
2008-07-17 19:34 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Acoustica
2008-07-17 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-17 19:13 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-16 00:50 --------- d-----w C:\Program Files\VideoReDoTVSuite
2008-07-16 00:50 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\VideoReDo-TVSuite
2008-07-15 22:51 --------- d-----w C:\Program Files\Agent
2008-07-15 11:28 --------- d-----w C:\Program Files\Google
2008-07-14 21:55 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\GARMIN
2008-07-13 19:38 --------- d-----w C:\Program Files\Palm
2008-07-09 21:00 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Corel
2008-07-09 20:51 --------- d-----w C:\Program Files\WordPerfect Office 11
2008-07-09 20:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-09 20:51 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-07-09 20:50 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-09 17:57 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-08 22:47 73,216 ----a-w C:\WINDOWS\ST6UNST.exe
2008-07-08 22:47 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-07 21:14 --------- d-----w C:\Program Files\EndItAll
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 19:28 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\XTrackCad
2008-07-03 19:27 --------- d-----w C:\Program Files\XTrkCAD4
2008-07-03 18:28 --------- d-----r C:\Program Files\Aston2 Menu
2008-07-03 14:03 --------- d-----w C:\Program Files\Raxco
2008-07-03 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-03 13:52 --------- d-----w C:\Program Files\Vista Drive Icon
2008-07-02 22:57 --------- d-----w C:\Program Files\Kyodai Mahjongg
2008-07-02 18:51 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5984.exe
2008-07-02 18:51 14,290 ----a-w C:\Program Files\settings.dat
2008-07-02 18:51 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-07-02 18:51 --------- d-----w C:\Program Files\PDFCreator
2008-07-02 16:51 --------- d-----w C:\Program Files\VS Revo Group
2008-07-02 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-07-02 15:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-02 02:18 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\ACD Systems
2008-07-02 02:13 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-02 02:13 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-02 02:13 --------- d-----w C:\Program Files\ACD Systems
2008-07-02 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-02 02:06 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-07-01 22:46 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Media Player Classic
2008-07-01 22:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-01 21:59 --------- d-----w C:\Program Files\ClipMate6
2008-07-01 21:59 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Thornsoft Development
2008-07-01 16:13 --------- d-----w C:\Program Files\Eset
2008-07-01 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-01 14:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-01 14:27 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\Ahead
2008-07-01 14:25 --------- d-----w C:\Program Files\Nero
2008-07-01 14:24 --------- d-----w C:\Program Files\Ahead
2008-07-01 14:02 --------- d-----w C:\Program Files\AskTBar
2008-07-01 13:57 --------- d-----w C:\Program Files\directx
2008-07-01 13:56 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-07-01 13:56 --------- d-----w C:\Documents and Settings\J. Murray\Application Data\FotoWire
2008-07-01 13:55 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-07-01 13:46 --------- d-----w C:\Program Files\Canon
2008-07-01 13:43 --------- d--h--w C:\Program Files\CanonBJ
.((((((((((((((((((((((((((((( snapshot@2008-08-29_10.12.40.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-29 01:00:37 8,854 ----a-r C:\WINDOWS\Installer\{26AA53D5-1307-48F9-A80F-A4D25F5849D4}\MainApp.exe
+ 2008-08-31 00:54:03 8,854 ----a-r C:\WINDOWS\Installer\{26AA53D5-1307-48F9-A80F-A4D25F5849D4}\MainApp.exe
+ 2004-08-04 04:10:08 53,248 -c--a-w C:\WINDOWS\system32\dllcache\1394bus.sys
+ 2001-08-17 19:06:48 11,264 -c--a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
+ 2001-08-17 19:55:58 689,216 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
+ 2001-08-17 17:48:32 148,352 -c--a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
+ 2004-08-04 04:00:04 12,288 -c--a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
+ 2004-08-04 04:10:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\61883.sys
+ 2001-08-17 19:55:58 38,400 -c--a-w C:\WINDOWS\system32\dllcache\8514a.dll
+ 2001-08-18 03:36:10 98,304 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2001-08-18 03:36:10 462,848 -c--a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
+ 2001-08-17 18:52:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
+ 2004-08-04 03:32:22 231,552 -c--a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
+ 2001-08-17 17:20:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
+ 2001-08-17 17:20:16 297,728 -c--a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
+ 2004-08-04 03:32:32 84,480 -c--a-w C:\WINDOWS\system32\dllcache\ac97via.sys
+ 2001-08-18 03:36:10 61,440 -c--a-w C:\WINDOWS\system32\dllcache\acerscad.dll
+ 2004-08-03 22:07:38 187,776 -c--a-w C:\WINDOWS\system32\dllcache\acpi.sys
+ 2001-08-23 12:00:00 11,648 -c--a-w C:\WINDOWS\system32\dllcache\acpiec.sys
+ 2001-08-17 18:53:02 7,424 -c--a-w C:\WINDOWS\system32\dllcache\adicvls.sys
+ 2001-08-17 17:11:18 20,160 -c--a-w C:\WINDOWS\system32\dllcache\adm8511.sys
+ 2001-08-17 17:19:10 584,448 -c--a-w C:\WINDOWS\system32\dllcache\adm8810.sys
+ 2001-08-17 17:19:14 553,984 -c--a-w C:\WINDOWS\system32\dllcache\adm8820.sys
+ 2001-08-17 17:19:14 747,392 -c--a-w C:\WINDOWS\system32\dllcache\adm8830.sys
- 2004-08-03 23:56:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\admexs.dll
+ 2004-08-04 05:56:42 29,696 -c--a-w C:\WINDOWS\system32\dllcache\admexs.dll
+ 2004-08-04 05:56:42 20,540 -c--a-w C:\WINDOWS\system32\dllcache\admin.dll
+ 2004-08-04 05:56:48 16,439 -c--a-w C:\WINDOWS\system32\dllcache\admin.exe
+ 2004-08-04 03:32:24 10,880 -c--a-w C:\WINDOWS\system32\dllcache\admjoy.sys
- 2004-08-03 23:56:42 43,520 -c--a-w C:\WINDOWS\system32\dllcache\admwprox.dll
+ 2004-08-04 05:56:42 43,520 -c--a-w C:\WINDOWS\system32\dllcache\admwprox.dll
+ 2001-08-17 17:11:16 46,112 -c--a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
+ 2001-08-17 19:07:32 101,888 -c--a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
- 2004-08-03 23:56:42 290,816 -c--a-w C:\WINDOWS\system32\dllcache\adsiis51.dll
+ 2004-08-04 05:56:42 290,816 -c--a-w C:\WINDOWS\system32\dllcache\adsiis51.dll
+ 2004-08-04 05:56:42 4,255 -c--a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
+ 2004-08-04 05:56:42 3,967 -c--a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
+ 2004-08-04 05:56:42 3,615 -c--a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
+ 2004-08-04 05:56:42 3,647 -c--a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
+ 2004-08-04 05:56:42 3,135 -c--a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
+ 2004-08-04 05:56:42 3,711 -c--a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
+ 2004-08-04 05:56:42 3,775 -c--a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
+ 2005-05-28 00:14:30 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2004-08-04 04:07:42 42,368 -c--a-w C:\WINDOWS\system32\dllcache\agp440.sys
+ 2004-08-04 04:07:44 44,928 -c--a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
+ 2001-08-17 18:52:02 12,800 -c--a-w C:\WINDOWS\system32\dllcache\aha154x.sys
+ 2001-08-17 19:07:36 55,168 -c--a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
+ 2001-08-17 19:07:38 56,960 -c--a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
+ 2001-08-17 17:11:18 27,678 -c--a-w C:\WINDOWS\system32\dllcache\ali5261.sys
+ 2001-08-17 18:49:02 26,624 -c--a-w C:\WINDOWS\system32\dllcache\alifir.sys
+ 2001-08-17 18:51:56 5,248 -c--a-w C:\WINDOWS\system32\dllcache\aliide.sys
+ 2004-08-04 04:07:42 42,752 -c--a-w C:\WINDOWS\system32\dllcache\alim1541.sys
+ 2001-08-17 17:11:20 16,969 -c--a-w C:\WINDOWS\system32\dllcache\amb8002.sys
+ 2004-08-04 04:07:44 43,008 -c--a-w C:\WINDOWS\system32\dllcache\amdagp.sys
+ 2007-03-21 10:18:09 36,992 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2007-03-21 10:18:09 37,376 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2001-08-17 18:52:04 12,032 -c--a-w C:\WINDOWS\system32\dllcache\amsint.sys
+ 2004-08-04 03:31:20 36,224 -c--a-w C:\WINDOWS\system32\dllcache\an983.sys
+ 2001-08-17 18:47:22 6,272 -c--a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
- 2004-08-03 23:56:42 108,544 -c--a-w C:\WINDOWS\system32\dllcache\appconf.dll
+ 2004-08-04 05:56:42 108,544 -c--a-w C:\WINDOWS\system32\dllcache\appconf.dll
- 2004-08-03 23:56:42 331,264 -c--a-w C:\WINDOWS\system32\dllcache\aqueue.dll
+ 2004-08-04 05:56:42 331,264 -c--a-w C:\WINDOWS\system32\dllcache\aqueue.dll
+ 2007-03-21 10:18:09 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2001-08-17 18:52:00 26,496 -c--a-w C:\WINDOWS\system32\dllcache\asc.sys
+ 2001-08-17 18:52:04 22,400 -c--a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
+ 2001-08-17 18:51:58 14,848 -c--a-w C:\WINDOWS\system32\dllcache\asc3550.sys
- 2004-08-03 23:56:42 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll
+ 2004-08-04 05:56:42 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll
+ 2001-08-17 17:12:34 97,354 -c--a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
+ 2004-08-04 05:56:42 20,540 -c--a-w C:\WINDOWS\system32\dllcache\author.dll
+ 2004-08-04 05:56:48 16,439 -c--a-w C:\WINDOWS\system32\dllcache\author.exe
+ 2004-08-04 05:56:48 188,480 -c--a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
- 2004-08-03 23:56:42 46,592 -c--a-w C:\WINDOWS\system32\dllcache\coadmin.dll
+ 2004-08-04 05:56:42 46,592 -c--a-w C:\WINDOWS\system32\dllcache\coadmin.dll
+ 2004-08-04 05:56:44 184,435 -c--a-w C:\WINDOWS\system32\dllcache\fp4amsft.dll
+ 2004-08-04 05:56:44 82,035 -c--a-w C:\WINDOWS\system32\dllcache\fp4anscp.dll
+ 2004-08-04 05:56:44 147,513 -c--a-w C:\WINDOWS\system32\dllcache\fp4apws.dll
+ 2004-08-04 05:56:44 49,210 -c--a-w C:\WINDOWS\system32\dllcache\fp4areg.dll
+ 2004-08-04 05:56:44 102,509 -c--a-w C:\WINDOWS\system32\dllcache\fp4atxt.dll
+ 2004-08-04 05:56:44 41,020 -c--a-w C:\WINDOWS\system32\dllcache\fp4avnb.dll
+ 2004-08-04 05:56:44 32,826 -c--a-w C:\WINDOWS\system32\dllcache\fp4avss.dll
+ 2004-08-04 05:56:44 49,212 -c--a-w C:\WINDOWS\system32\dllcache\fp4awebs.dll
+ 2004-08-04 05:56:44 876,653 -c--a-w C:\WINDOWS\system32\dllcache\fp4awel.dll
+ 2004-08-04 05:56:50 15,120 -c--a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
+ 2004-08-04 05:56:50 109,840 -c--a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
+ 2004-08-04 05:56:50 188,494 -c--a-w C:\WINDOWS\system32\dllcache\fpcount.exe
+ 2004-08-04 05:56:44 20,541 -c--a-w C:\WINDOWS\system32\dllcache\fpexedll.dll
+ 2004-08-04 05:56:44 598,071 -c--a-w C:\WINDOWS\system32\dllcache\fpmmc.dll
+ 2004-08-04 05:56:08 208,896 -c--a-w C:\WINDOWS\system32\dllcache\fpmmcsat.dll
+ 2004-08-04 05:56:50 20,538 -c--a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
- 2004-08-03 23:56:44 68,608 -c--a-w C:\WINDOWS\system32\dllcache\iisext51.dll
+ 2004-08-04 05:56:44 68,608 -c--a-w C:\WINDOWS\system32\dllcache\iisext51.dll
- 2004-08-03 23:56:44 64,512 -c--a-w C:\WINDOWS\system32\dllcache\iismap.dll
+ 2004-08-04 05:56:44 64,512 -c--a-w C:\WINDOWS\system32\dllcache\iismap.dll
- 2004-08-03 23:56:52 30,720 -c--a-w C:\WINDOWS\system32\dllcache\iisrstas.exe
+ 2004-08-04 05:56:52 30,720 -c--a-w C:\WINDOWS\system32\dllcache\iisrstas.exe
- 2004-08-03 23:56:44 133,632 -c--a-w C:\WINDOWS\system32\dllcache\iisrtl.dll
+ 2004-08-04 05:56:44 133,632 -c--a-w C:\WINDOWS\system32\dllcache\iisrtl.dll
+ 2004-08-04 05:56:44 36,921 -c--a-w C:\WINDOWS\system32\dllcache\imeshare.dll
- 2004-08-03 23:56:44 829,440 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.dll
+ 2004-08-04 05:56:44 829,440 -c--a-w C:\WINDOWS\system32\dllcache\inetmgr.dll
- 2004-08-03 23:56:44 13,312 -c--a-w C:\WINDOWS\system32\dllcache\infoadmn.dll
+ 2004-08-04 05:56:44 13,312 -c--a-w C:\WINDOWS\system32\dllcache\infoadmn.dll
- 2004-08-03 23:56:44 68,608 -c--a-w C:\WINDOWS\system32\dllcache\isatq.dll
+ 2004-08-04 05:56:44 68,608 -c--a-w C:\WINDOWS\system32\dllcache\isatq.dll
+ 2004-08-04 05:56:46 20,536 -c--a-w C:\WINDOWS\system32\dllcache\shtml.dll
+ 2004-08-04 05:56:58 16,437 -c--a-w C:\WINDOWS\system32\dllcache\shtml.exe
- 2004-08-03 23:56:46 189,440 -c--a-w C:\WINDOWS\system32\dllcache\smtpadm.dll
+ 2004-08-04 05:56:46 189,440 -c--a-w C:\WINDOWS\system32\dllcache\smtpadm.dll
- 2004-08-03 23:56:46 2,134,528 -c--a-w C:\WINDOWS\system32\dllcache\smtpsnap.dll
+ 2004-08-04 05:56:46 2,134,528 -c--a-w C:\WINDOWS\system32\dllcache\smtpsnap.dll
- 2004-08-03 23:56:46 8,192 -c--a-w C:\WINDOWS\system32\dllcache\staxmem.dll
+ 2004-08-04 05:56:46 8,192 -c--a-w C:\WINDOWS\system32\dllcache\staxmem.dll
+ 2004-08-04 05:56:58 32,827 -c--a-w C:\WINDOWS\system32\dllcache\tcptest.exe
+ 2004-08-04 05:56:36 16,384 -c--a-w C:\WINDOWS\system32\dllcache\tcptsat.dll
- 2008-08-29 14:36:55 71,512 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-29 23:40:07 71,512 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-29 14:36:55 441,954 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-29 23:40:08 441,954 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A2Menu"="C:\Program Files\Aston2 Menu\A2Menu.exe" [2008-02-05 19:04 307200]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-03-21 13:12 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-08-30 19:53 16384]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"ClipMate6"="C:\PROGRA~1\CLIPMA~1\ClipMt61.exe" [2003-05-08 18:31 2731164][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 17:53 88024]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-30 16:34 949376]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 20:10 652624]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 20:50 1603152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 14:59 45056]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.exe" [2003-02-25 20:27 77887]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 04:43 53248]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56 188416]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SDFix"="C:\Documents and Settings\J. Murray\Desktop\SDFix\RunThis.bat" [2008-08-24 04:48 752040]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00 65536]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 15:47 16859648 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 10:23 430080]
"IE7-11"="advpack.dll" [2008-06-23 11:01 124928 C:\WINDOWS\system32\advpack.dll]C:\Documents and Settings\J. Murray\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.exe [2002-08-09 17:36:20 299008]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-07-20 10:49:34 25214]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2008-07-01 17:18:03 3446096]
Harmony Monitor.lnk - C:\Program Files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-01-20 11:47:34 81920]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-08-30 19:53:26 169472]
Start OpdiTracker.lnk - C:\Program Files\Opdicom\OpdiTracker\OptT3STA.exe [2005-01-06 07:04:14 208896][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-04-16 13:00]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-10-17 20:12]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-04-16 13:00]
.
Contents of the 'Scheduled Tasks' folder2008-08-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0290CDF-FC62-4D23-BF6C-1956E1B61641}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-02-10 23:18]
.**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 19:15:54
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
r Running Proce
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ClipMate6\ClipMt61.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-31 19:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 00:17:46
ComboFix2.txt 2008-08-29 15:13:10Pre-Run: 121,647,611,904 bytes free
Post-Run: 121,666,854,912 bytes free441 --- E O F --- 2008-08-26 12:30:09
Jim
0
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Are you having any other problems and how is the computer operating?
0
Thanks for all your help in restoring my system. It is running fast and stable with a couple of issues left. I get the error "Windows-Drive not ready" randomly and also I can not re install my Logitech 4000 Web Camera.It stopped working about the same time all the other trouble started. I get the error "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)". The camera works fine on my other computer and the USB port I have connected it to also works (thumb drive works fine there). I have deleted and installed the camera software and drivers several times with with results.
Jim
0
On the "Windows-Drive not ready" either a disc is in a drive , or a disc needs to be in a drive long enough for a scan to be made. Or an antivirus or antispyware program is set to scan all drives instead of just the C: drive and is trying to scan a dvd or cd drive (may need to uncheck all but C: drive in the av or antispware program.
Read the on the cames error code 19:
0
Thanks again for all your help. Except as noted the system is back to normal. I have to go out of town for about a week but will post results for these latest fixes when I return. Again, thanks for the help.
Jim
0
I'm finally back home. Geezzzzzz, I hate to travel. Anyway, my system is running great and is very fast. The camera is working again and the only issue I have is when I shut down I receive an error "Windows-Drive Not Ready. Check Drive A". There is no drive A. I have checked my Anti-Virus and Spyware settings and can fine nothing that refers to scanning upon shutdown. If thats the worse thin happening I guess I can live with it. Very confusing.
Again, thanks for all your help.
Jim
Jim
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
