Jump to content

Cespenar

Members
  • Content Count

    84
  • Joined

  • Last visited

About Cespenar

  • Rank
    Member
  • Birthday 06/05/1946

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Australia. Dubbo. NSW.

Previous Fields

  • System Specifications:
    ASUS Crosshair v1.0 AMD5200+ AM2 watercooled 4Gig OCZ DDR2 PC26400 XFX 8800GTX watercooled WD 320G 7200 Sata2 300 16MB Cache Caviar SE 16 HDD Samsung SH-S182D DVD RW optical D-Link DWL-G510 W/less lan DViCo Fusion HDTV tuner card Zalman ZM600-HP PSU
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=8M0ENW4N7MQS6ZBU
  • Teams:
    Nothing Selected
  1. Hi,My wife wants me to get rid of my really great Viewsonic P95f+ (That is the bad part) I have been looking at all the dozens of LCD's in each brand and it is confusing. BUT.... I did find one bit of useful information. Read on... The 16:9 is the native movie and new game native size. The 16:10 makes for distortion as the monitor has to stretch the picture to make it fit, or something. And this makes the pic somewhat distorted. I have looked at the Acer X233HB and it only has a 5ms response, but it has a 40,000 ACM, or, ASCR, so which is the best for games? I dont know yet! Salespersons tell different stories. Get a 16:9 monitor, but ask more questions about the other attributes first. I hope some folks on this forum will give both of us more info to help us make a final choice. Cheers mate!
  2. Hi Juliet, Jacee gave me the answer to the name of the test. It is "Shields Up". And it is there that I was told my system is rather stealthy, except for the fact that if some site pings my IP address, my system will answer it. So it is something in my system that needs turning off.
  3. Hi Juliet, No, the website said that they pinged my system to see if my system answered. My system answered the ping, proving that a malware ping could find my computer. I should be able to turn it off ..... somehow. Well, thanks again for your help. Now, over to u2u help ....
  4. Okay, the folders are gone. So are any references to ComboFix. One of your suggestions led me to a site to test the security of my internet connection. It said to turn off the Answering Ping, but I don't know how. I also forgot the name of the site, but it was very good. Thanks for all you have done. Regards from Michael, aka Cespenar.
  5. Hi Juliet, When I tried to run "ComboFix /u the computer said it couldn't find ComboFix, and did I type it etc etc. I tried "C:\ComboFix /u" and ComboFix started to run with the blue window, then a little box popped up to say "ComboFix has been uninstalled" The only remaining thing is "C:\ComboFix\nircmd * 29kb * MS-DOS Application * 31/8/2000 8.00 am" I reinstalled it, but it keeps happening. It occurred to me that this may be what is intended with the "/u" switch. Is that correct? I was able to do a ComboFix scan, so I decided to save it in case this is another problem. Let me know! I'm now going to run the ATF-Cleaner. Regards from Mick.
  6. Coputer seems good. I tried to delete all the Temp file in windows folder, but two files wont let me as it says they are in use. Here is the HJT logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:22 AM, on 28/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\FRAPS\FRAPS.EXE C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\richcomm\PowerManagerLite\PMLService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O4 - Global Startup: nvtemplogger.lnk = E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - (no file) O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PMLService - richcomm - C:\Program Files\richcomm\PowerManagerLite\PMLService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 6852 bytes
  7. Sorry about that. I knew the first post was Combofix so I edited it, but for some reason something funny was happening. No logic there! Okay, here goes: That didn't work Juliet. When I pressed "Select all' then "Copy" a desktop printscreen appeared in the file called C:\lopR.txt. The Something funny happening again. Try again: Yep! Here it is. Finally! --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 5200+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Michael Cannon ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Not Activated) Firewall : ActiveArmor Firewall 1.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:19 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:141 Go (Free:91 Go) E:\ (Local Disk) - NTFS - Total:136 Go (Free:117 Go) F:\ (CD or DVD) G:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Fri 27/02/2009|22:49 ) --------------------\\ Listing folders in APPLIC~1 [17/05/2008|03:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft [17/05/2008|02:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla [09/02/2009|09:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> {55A29068-F2CE-456C-9148-C869879E2357} [05/01/2009|09:34] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> {F61B5A0B-822D-4173-BFD0-A948FC431FEB} [28/11/2007|09:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Ahead [31/10/2007|10:24] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Apple [12/05/2008|04:47] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Apple Computer [04/02/2009|05:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> avg8 [27/02/2009|11:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Bitmeter2 [13/09/2008|07:54] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> DAEMON Tools Pro [13/12/2008|09:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Fallout3 [31/10/2008|08:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Google [24/02/2009|10:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Google Updater [04/12/2007|08:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft [30/10/2007|12:10] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> MSScanAppDataDir [21/09/2008|01:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NCH Swift Sound [28/07/2008|02:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PC Drivers HeadQuarters [13/01/2009|11:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PCPitstop [27/02/2009|09:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TEMP [09/02/2009|09:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TuneUp Software [26/06/2008|09:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> UDL [29/01/2008|09:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Windows Genuine Advantage [07/07/2007|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [21/02/2007|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead [29/07/2007|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [29/07/2007|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [11/04/2007|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7 [21/02/2007|04:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft [31/03/2007|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [21/02/2007|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA [31/03/2007|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles [04/05/2007|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia [27/05/2007|01:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> UDL [21/02/2007|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [21/02/2007|12:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [21/02/2007|04:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7 [21/02/2007|01:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [20/12/2008|05:15] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft [14/06/2008|06:29] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Adobe [20/05/2008|03:55] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> AdobeUM [13/03/2008|06:40] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Ahead [29/10/2007|01:33] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Apple Computer [09/07/2008|11:28] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Auslogics [28/07/2008|03:58] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> AVGTOOLBAR [21/02/2009|11:12] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Bitmeter2 [13/09/2008|07:55] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> DAEMON Tools Pro [03/08/2008|08:34] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> EPSON [18/05/2008|02:34] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Google [19/01/2008|10:31] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Help [12/09/2007|11:04] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Identities [20/02/2009|11:07] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> LimeWire [13/09/2007|09:35] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Macromedia [13/03/2008|06:46] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Media Player Classic [20/02/2009|06:20] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Microsoft [28/08/2008|11:55] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Mozilla [17/12/2008|06:41] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> NCH Swift Sound [20/12/2008|05:45] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> PC Tools [14/12/2007|03:01] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Real [15/11/2007|09:26] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Sun [09/02/2009|09:19] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> TuneUp Software [21/01/2008|02:24] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> Uniblue [12/09/2007|06:15] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> WinRAR [14/09/2008|06:10] C:\DOCUME~1\MICHAE~1\APPLIC~1\<DIR> XRay Engine [21/02/2007|01:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [20/12/2008|05:15] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [27/02/2009 10:00 PM][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job [27/02/2009 05:45 PM][--a------] C:\WINDOWS\tasks\Google Software Updater.job [09/02/2009 09:29 AM][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job [27/02/2009 11:42 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [29/08/2002 11:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [27/07/2008|02:22] C:\Program Files\<DIR> ACW [21/02/2007|09:42] C:\Program Files\<DIR> Adobe [23/12/2008|06:19] C:\Program Files\<DIR> AGEIA Technologies [28/11/2007|09:53] C:\Program Files\<DIR> Ahead [09/10/2008|11:47] C:\Program Files\<DIR> Analog Devices [21/02/2007|05:52] C:\Program Files\<DIR> ANI [31/10/2007|10:24] C:\Program Files\<DIR> Apple Software Update [28/07/2008|06:46] C:\Program Files\<DIR> ASUS [22/07/2008|01:30] C:\Program Files\<DIR> AVG [07/05/2007|10:25] C:\Program Files\<DIR> Canon [20/12/2008|06:07] C:\Program Files\<DIR> CCleaner [11/02/2009|01:01] C:\Program Files\<DIR> Codebox [27/02/2009|11:41] C:\Program Files\<DIR> Common Files [21/02/2007|12:50] C:\Program Files\<DIR> ComPlus Applications [07/08/2008|10:42] C:\Program Files\<DIR> DAEMON Tools [13/09/2008|07:55] C:\Program Files\<DIR> DAEMON Tools Pro [27/03/2008|02:34] C:\Program Files\<DIR> DIFX [09/04/2007|08:03] C:\Program Files\<DIR> DivX [21/02/2007|05:52] C:\Program Files\<DIR> D-Link [26/02/2009|10:25] C:\Program Files\<DIR> EPSON [27/01/2009|03:48] C:\Program Files\<DIR> Futuremark [31/10/2008|08:42] C:\Program Files\<DIR> Google [27/01/2009|01:10] C:\Program Files\<DIR> InstallShield Installation Information [14/02/2009|10:43] C:\Program Files\<DIR> Internet Explorer [26/02/2009|01:32] C:\Program Files\<DIR> Java [21/02/2007|07:49] C:\Program Files\<DIR> Media Player Classic [31/03/2007|01:31] C:\Program Files\<DIR> Microsoft ActiveSync [21/02/2007|12:52] C:\Program Files\<DIR> microsoft frontpage [31/03/2007|01:31] C:\Program Files\<DIR> Microsoft Office [31/03/2007|01:31] C:\Program Files\<DIR> Microsoft Visual Studio [31/03/2007|01:31] C:\Program Files\<DIR> Microsoft.NET [05/12/2007|09:41] C:\Program Files\<DIR> Movie Maker [13/12/2008|09:39] C:\Program Files\<DIR> MSBuild [21/02/2007|12:50] C:\Program Files\<DIR> MSN Gaming Zone [23/02/2007|04:45] C:\Program Files\<DIR> MSXML 4.0 [17/12/2008|10:13] C:\Program Files\<DIR> MSXML 6.0 [12/09/2007|11:36] C:\Program Files\<DIR> NetMeeting [08/07/2008|09:53] C:\Program Files\<DIR> OpenAL [21/09/2007|11:34] C:\Program Files\<DIR> Outlook Express [09/02/2009|01:10] C:\Program Files\<DIR> PCPitstop [12/05/2008|04:47] C:\Program Files\<DIR> QuickTime [13/12/2008|09:38] C:\Program Files\<DIR> Reference Assemblies [31/05/2007|10:30] C:\Program Files\<DIR> richcomm [14/01/2009|11:57] C:\Program Files\<DIR> RivaTuner v2.06 [20/12/2008|05:57] C:\Program Files\<DIR> Spyware Doctor [20/12/2008|04:56] C:\Program Files\<DIR> Trend Micro [09/02/2009|09:19] C:\Program Files\<DIR> TuneUp Utilities 2009 [21/02/2007|01:09] C:\Program Files\<DIR> Uninstall Information [21/07/2007|11:55] C:\Program Files\<DIR> Unregistry [15/04/2008|05:16] C:\Program Files\<DIR> Windows Media Player [12/09/2007|11:36] C:\Program Files\<DIR> Windows NT [21/02/2007|12:50] C:\Program Files\<DIR> WindowsUpdate [12/09/2007|06:15] C:\Program Files\<DIR> WinRAR [21/02/2007|12:52] C:\Program Files\<DIR> xerox [15/01/2009|12:41] C:\Program Files\<DIR> XP Codec Pack --------------------\\ Listing Folders in C:\Program Files\Common Files [21/02/2007|09:42] C:\Program Files\Common Files\<DIR> Adobe [21/02/2007|06:05] C:\Program Files\Common Files\<DIR> Ahead [11/04/2007|02:28] C:\Program Files\Common Files\<DIR> Canon [31/03/2007|01:31] C:\Program Files\Common Files\<DIR> DESIGNER [27/01/2009|01:10] C:\Program Files\Common Files\<DIR> Futuremark Shared [27/05/2007|01:47] C:\Program Files\Common Files\<DIR> InstallShield [31/03/2007|03:24] C:\Program Files\Common Files\<DIR> Java [31/03/2007|01:32] C:\Program Files\Common Files\<DIR> L&H [28/10/2007|03:09] C:\Program Files\Common Files\<DIR> Microsoft Shared [21/02/2007|12:50] C:\Program Files\Common Files\<DIR> MSSoap [21/02/2007|06:08] C:\Program Files\Common Files\<DIR> Nero [22/02/2007|12:44] C:\Program Files\Common Files\<DIR> ODBC [14/12/2007|03:01] C:\Program Files\Common Files\<DIR> Real [22/02/2007|12:44] C:\Program Files\Common Files\<DIR> SpeechEngines [21/09/2007|11:34] C:\Program Files\Common Files\<DIR> System [23/12/2008|06:19] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 41 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 22:50:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:3][D:1]-> C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp [F:10][D:0]-> C:\DOCUME~1\MICHAE~1\Cookies [F:121][D:4]-> C:\DOCUME~1\MICHAE~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 27/02/2009|22:50 - Option : [1] --------------------\\ Scan completed at 22:50:41 OOPS! forgot the new HJT log. will do that and post seperately.
  8. Thanks, Juliet, The computer seems to be okay and is functioning reasonably quickly. The only things are: 1) some of the desktop icons present themselves as that basic window look, 2) two tracking cookies always seem to be found. One is Tribalfusion and the other is Doubleclick. If I remember rightly, they show up on AVG whenever I do a scan, or when AVG does it's auto scan. I always remove them but they keep re-appearing. Should I ignore them? The AVG database doesn't have them listed. Here is the Lop log: ComboFix 09-02-26.01 - Michael Cannon 2009-02-27 11:40:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3007 [GMT 11:00] Running from: c:\documents and settings\Michael Cannon\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Cannon\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) FW: ActiveArmor Firewall *enabled* * Created a new restore point FILE :: c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\61E4407Cd01 c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\D58B8429d01 c:\windows\System32\appdrvrem01.exe d:\s.t.a.l.k.e.r. - clear skies\bin\protect.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\61E4407Cd01 c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\D58B8429d01 c:\windows\System32\appdrvrem01.exe d:\s.t.a.l.k.e.r. - clear skies\bin\protect.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_APPDRVREM01 -------\Service_appdrvrem01 ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-26 13:32 . 2009-02-26 13:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-26 13:11 . 2009-02-26 13:32 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-26 11:14 . 2009-02-26 11:14 13,646 --a------ c:\windows\system32\wpa.bak 2009-02-11 13:01 . 2009-02-11 13:01 <DIR> d-------- c:\program files\Codebox 2009-02-11 13:01 . 2009-02-21 11:12 <DIR> d-------- c:\documents and settings\Michael Cannon\Application Data\Bitmeter2 2009-02-11 13:01 . 2009-02-27 11:43 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Bitmeter2 2009-02-09 21:25 . 2009-02-21 12:50 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-09 21:25 . 2009-02-09 21:25 1,409 --a------ c:\windows\QTFont.for 2009-02-09 13:21 . 2009-02-09 13:21 <DIR> d-------- c:\windows\nview 2009-02-09 13:21 . 2009-02-27 11:42 203,188 --a------ c:\windows\system32\nvapps.xml 2009-02-09 13:21 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu 2009-02-09 09:19 . 2009-02-09 09:19 <DIR> d-------- c:\documents and settings\Michael Cannon\Application Data\TuneUp Software 2009-02-09 09:19 . 2009-02-09 09:19 603,904 --a------ c:\windows\system32\TUProgSt.exe 2009-02-09 09:19 . 2009-02-09 09:19 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-02-09 09:19 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll 2009-02-09 09:18 . 2009-02-09 09:19 <DIR> d-------- c:\program files\TuneUp Utilities 2009 2009-02-09 09:18 . 2009-02-09 09:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software 2009-02-09 09:14 . 2009-02-09 09:14 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-01-27 15:49 . 1999-11-02 11:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2009-01-27 15:49 . 2004-06-22 16:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2009-01-27 15:49 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2009-01-27 15:48 . 2009-01-27 15:48 <DIR> d-------- c:\program files\Futuremark 2009-01-27 15:47 . 2009-01-27 15:47 27,865 --a------ c:\windows\Ascd_tmp.ini 2009-01-27 13:10 . 2009-01-27 13:10 <DIR> d-------- c:\program files\Common Files\Futuremark Shared 2009-01-27 13:10 . 2008-09-17 15:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 22:31 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-02-26 02:32 --------- d-----w c:\program files\Java 2009-02-25 23:25 --------- d-----w c:\program files\EPSON 2009-02-23 23:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2009-02-20 12:07 --------- d-----w c:\documents and settings\Michael Cannon\Application Data\LimeWire 2009-02-09 02:10 --------- d-----w c:\program files\PCPitstop 2009-02-04 06:21 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-04 06:21 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-04 06:10 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2009-01-27 02:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 01:41 --------- d-----w c:\program files\XP Codec Pack 2009-01-14 00:57 --------- d-----w c:\program files\RivaTuner v2.06 2009-01-13 00:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop 2009-01-05 10:34 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{F61B5A0B-822D-4173-BFD0-A948FC431FEB} 2004-07-21 23:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB 2004-07-19 11:58 1,156,363 ----a-w c:\program files\BDANT.cab 2004-07-19 11:53 976,020 ----a-w c:\program files\BDAXP.cab 2004-07-16 03:30 3,858 ----a-w c:\program files\directx redist.txt 2004-07-09 03:17 13,265,040 ----a-w c:\program files\dxnt.cab 2004-07-08 22:13 703,080 ----a-w c:\program files\BDA.cab 2004-07-08 22:13 15,493,481 ----a-w c:\program files\DirectX.cab 2004-07-08 17:08 472,576 ----a-w c:\program files\dxsetup.exe 2004-07-08 17:08 2,242,560 ----a-w c:\program files\dsetup32.dll 2004-07-08 16:03 62,976 ----a-w c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((( [email protected]_11.16.18.67 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 09:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-02-21 14:23:35 135,168 ----a-w c:\windows\system32\java.exe + 2009-02-26 02:32:37 144,792 ----a-w c:\windows\system32\java.exe - 2008-02-21 14:23:39 135,168 ----a-w c:\windows\system32\javaw.exe + 2009-02-26 02:32:37 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-02-21 15:33:32 139,264 ----a-w c:\windows\system32\javaws.exe + 2009-02-26 02:32:37 148,888 ----a-w c:\windows\system32\javaws.exe + 2009-02-27 00:42:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_414.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fraps"="c:\fraps\FRAPS.EXE" [2004-09-10 655360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-07 136136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 148888] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2009-01-04 1462272] nvtemplogger.lnk - e:\downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe [2007-02-23 318756] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-04 17:21 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^Michael Cannon^Start Menu^Programs^Startup^Ubisoft register.lnk] path=c:\documents and settings\Michael Cannon\Start Menu\Programs\Startup\Ubisoft register.lnk backup=c:\windows\pss\Ubisoft register.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Cannon^Start Menu^Programs^Startup^WordWeb.lnk] path=c:\documents and settings\Michael Cannon\Start Menu\Programs\Startup\WordWeb.lnk backup=c:\windows\pss\WordWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder] c:\program files\PCPitstop\Optimize2\Reminder.exeBAK [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] --a------ 2006-11-14 15:25 363008 c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3900 Series] --a------ 2006-02-21 15:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBEP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FusionRemote] --a------ 2007-12-21 14:28 2670592 e:\fusionhdtv\Remote\FusionRC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FusionTrayAgent] --a------ 2007-08-16 16:37 1708544 e:\fusionhdtv\FusionHdtvTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTrayBAK] --a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-10-19 21:16 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXBAK] --a------ 2006-05-18 14:26 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-18 14:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NtmsSvc"=3 (0x3) "WmdmPmSN"=3 (0x3) "TapiSrv"=3 (0x3) "Schedule"=2 (0x2) "RasAuto"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "d:\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\Programs\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Titan Quest Immortal Throne\\Tqit.exe"= R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-11-27 2915944] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-22 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-22 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-22 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-22 298264] R2 PMLService;PMLService;c:\program files\richcomm\PowerManagerLite\PMLService.exe -service --> c:\program files\richcomm\PowerManagerLite\PMLService.exe -service [?] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-09 603904] R3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird2.sys [2007-12-18 403712] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-04-07 4224] S3 ALSysIO;ALSysIO;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\ALSysIO.sys [?] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-11-15 14336] S3 cpuz130;cpuz130;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-20 356920] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-02-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-02-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 18:15] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 11:43:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1400) c:\windows\system32\nvappfilter.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\netdde.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\nvsvc32.exe c:\program files\richcomm\PowerManagerLite\PMLService.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-27 11:44:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-27 00:44:29 ComboFix2.txt 2009-02-26 00:16:47 Pre-Run: 4,065,144,832 bytes free Post-Run: 4,048,793,600 bytes free 244 --- E O F --- 2009-02-25 11:12:27
  9. I have TPG broadband, so I was still online. I still had ComboFix.exe on my desktop, so I dragged the notepad onto it and here is the log: ComboFix 09-02-26.01 - Michael Cannon 2009-02-27 11:40:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3007 [GMT 11:00] Running from: c:\documents and settings\Michael Cannon\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Cannon\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) FW: ActiveArmor Firewall *enabled* * Created a new restore point FILE :: c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\61E4407Cd01 c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\D58B8429d01 c:\windows\System32\appdrvrem01.exe d:\s.t.a.l.k.e.r. - clear skies\bin\protect.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\61E4407Cd01 c:\documents and settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\D58B8429d01 c:\windows\System32\appdrvrem01.exe d:\s.t.a.l.k.e.r. - clear skies\bin\protect.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_APPDRVREM01 -------\Service_appdrvrem01 ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-26 13:32 . 2009-02-26 13:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-26 13:11 . 2009-02-26 13:32 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-26 11:14 . 2009-02-26 11:14 13,646 --a------ c:\windows\system32\wpa.bak 2009-02-11 13:01 . 2009-02-11 13:01 <DIR> d-------- c:\program files\Codebox 2009-02-11 13:01 . 2009-02-21 11:12 <DIR> d-------- c:\documents and settings\Michael Cannon\Application Data\Bitmeter2 2009-02-11 13:01 . 2009-02-27 11:43 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Bitmeter2 2009-02-09 21:25 . 2009-02-21 12:50 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-09 21:25 . 2009-02-09 21:25 1,409 --a------ c:\windows\QTFont.for 2009-02-09 13:21 . 2009-02-09 13:21 <DIR> d-------- c:\windows\nview 2009-02-09 13:21 . 2009-02-27 11:42 203,188 --a------ c:\windows\system32\nvapps.xml 2009-02-09 13:21 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu 2009-02-09 09:19 . 2009-02-09 09:19 <DIR> d-------- c:\documents and settings\Michael Cannon\Application Data\TuneUp Software 2009-02-09 09:19 . 2009-02-09 09:19 603,904 --a------ c:\windows\system32\TUProgSt.exe 2009-02-09 09:19 . 2009-02-09 09:19 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2009-02-09 09:19 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll 2009-02-09 09:18 . 2009-02-09 09:19 <DIR> d-------- c:\program files\TuneUp Utilities 2009 2009-02-09 09:18 . 2009-02-09 09:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TuneUp Software 2009-02-09 09:14 . 2009-02-09 09:14 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-01-27 15:49 . 1999-11-02 11:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2009-01-27 15:49 . 2004-06-22 16:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2009-01-27 15:49 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2009-01-27 15:48 . 2009-01-27 15:48 <DIR> d-------- c:\program files\Futuremark 2009-01-27 15:47 . 2009-01-27 15:47 27,865 --a------ c:\windows\Ascd_tmp.ini 2009-01-27 13:10 . 2009-01-27 13:10 <DIR> d-------- c:\program files\Common Files\Futuremark Shared 2009-01-27 13:10 . 2008-09-17 15:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 22:31 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-02-26 02:32 --------- d-----w c:\program files\Java 2009-02-25 23:25 --------- d-----w c:\program files\EPSON 2009-02-23 23:27 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2009-02-20 12:07 --------- d-----w c:\documents and settings\Michael Cannon\Application Data\LimeWire 2009-02-09 02:10 --------- d-----w c:\program files\PCPitstop 2009-02-04 06:21 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-04 06:21 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-04 06:10 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2009-01-27 02:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 01:41 --------- d-----w c:\program files\XP Codec Pack 2009-01-14 00:57 --------- d-----w c:\program files\RivaTuner v2.06 2009-01-13 00:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop 2009-01-05 10:34 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{F61B5A0B-822D-4173-BFD0-A948FC431FEB} 2004-07-21 23:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB 2004-07-19 11:58 1,156,363 ----a-w c:\program files\BDANT.cab 2004-07-19 11:53 976,020 ----a-w c:\program files\BDAXP.cab 2004-07-16 03:30 3,858 ----a-w c:\program files\directx redist.txt 2004-07-09 03:17 13,265,040 ----a-w c:\program files\dxnt.cab 2004-07-08 22:13 703,080 ----a-w c:\program files\BDA.cab 2004-07-08 22:13 15,493,481 ----a-w c:\program files\DirectX.cab 2004-07-08 17:08 472,576 ----a-w c:\program files\dxsetup.exe 2004-07-08 17:08 2,242,560 ----a-w c:\program files\dsetup32.dll 2004-07-08 16:03 62,976 ----a-w c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((( [email protected]_11.16.18.67 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 09:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE - 2008-02-21 14:23:35 135,168 ----a-w c:\windows\system32\java.exe + 2009-02-26 02:32:37 144,792 ----a-w c:\windows\system32\java.exe - 2008-02-21 14:23:39 135,168 ----a-w c:\windows\system32\javaw.exe + 2009-02-26 02:32:37 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-02-21 15:33:32 139,264 ----a-w c:\windows\system32\javaws.exe + 2009-02-26 02:32:37 148,888 ----a-w c:\windows\system32\javaws.exe + 2009-02-27 00:42:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_414.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Fraps"="c:\fraps\FRAPS.EXE" [2004-09-10 655360] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-07 136136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 148888] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2009-01-04 1462272] nvtemplogger.lnk - e:\downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe [2007-02-23 318756] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-04 17:21 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^Michael Cannon^Start Menu^Programs^Startup^Ubisoft register.lnk] path=c:\documents and settings\Michael Cannon\Start Menu\Programs\Startup\Ubisoft register.lnk backup=c:\windows\pss\Ubisoft register.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Michael Cannon^Start Menu^Programs^Startup^WordWeb.lnk] path=c:\documents and settings\Michael Cannon\Start Menu\Programs\Startup\WordWeb.lnk backup=c:\windows\pss\WordWeb.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder] c:\program files\PCPitstop\Optimize2\Reminder.exeBAK [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] --a------ 2006-11-14 15:25 363008 c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3900 Series] --a------ 2006-02-21 15:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBEP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FusionRemote] --a------ 2007-12-21 14:28 2670592 e:\fusionhdtv\Remote\FusionRC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FusionTrayAgent] --a------ 2007-08-16 16:37 1708544 e:\fusionhdtv\FusionHdtvTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] --a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTrayBAK] --a------ 2008-08-25 12:36 1168264 c:\program files\Spyware Doctor\pctsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-10-19 21:16 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXBAK] --a------ 2006-05-18 14:26 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-18 14:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NtmsSvc"=3 (0x3) "WmdmPmSN"=3 (0x3) "TapiSrv"=3 (0x3) "Schedule"=2 (0x2) "RasAuto"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "d:\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\Programs\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Titan Quest Immortal Throne\\Tqit.exe"= R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-11-27 2915944] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-22 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-22 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-22 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-22 298264] R2 PMLService;PMLService;c:\program files\richcomm\PowerManagerLite\PMLService.exe -service --> c:\program files\richcomm\PowerManagerLite\PMLService.exe -service [?] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-02-09 603904] R3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird2.sys [2007-12-18 403712] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-04-07 4224] S3 ALSysIO;ALSysIO;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\ALSysIO.sys [?] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-11-15 14336] S3 cpuz130;cpuz130;\??\c:\docume~1\MICHAE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\MICHAE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-20 356920] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-02-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36] 2009-02-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 18:15] 2009-02-08 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 11:43:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1400) c:\windows\system32\nvappfilter.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\netdde.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\nvsvc32.exe c:\program files\richcomm\PowerManagerLite\PMLService.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-02-27 11:44:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-27 00:44:29 ComboFix2.txt 2009-02-26 00:16:47 Pre-Run: 4,065,144,832 bytes free Post-Run: 4,048,793,600 bytes free 244 --- E O F --- 2009-02-25 11:12:27
  10. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. I made the file "CFScript.txt" and tried to drag and drop into the cat icon. I get the black circle that is crossed, telling me that I can't drag it onto the PCPitstop window. I tried it all twice, right from the beginning. I tried dragging the file name from your own screenshot to the cat and it didn't work either. I'm sure I followed you instructions okay. I copied the complete quote. The only thing not in notepad was the word "Quote" at the top. Please advise, Juliet.
  11. No, I don't recognise that file! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, February 26, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, February 26, 2009 04:25:22 Records in database: 1846055 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics: Files scanned: 100527 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 01:10:36 File name / Threat name / Threats count C:\Documents and Settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\61E4407Cd01 Infected: not-a-virus:AdTool.Win32.MyWebSearch.cb 1 C:\Documents and Settings\Michael Cannon\Local Settings\Application Data\Mozilla\Firefox\Profiles\8rivcd3h.default\Cache(2)\D58B8429d01 Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 D:\S.T.A.L.K.E.R. - Clear Skies\bin\protect.exe Infected: Packed.Win32.Black.a 1 The selected area was scanned. The S.T.A.L.K.E.R. is part of the game setup, I think.
  12. Hi Juliet, new HJT log attached: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:32 AM, on 26/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\richcomm\PowerManagerLite\PMLService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools Pro\DTProAgent.exe E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe E:\Programs\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O4 - Global Startup: nvtemplogger.lnk = E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - (no file) O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PMLService - richcomm - C:\Program Files\richcomm\PowerManagerLite\PMLService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 6807 bytes
  13. By mikcannon at 2009-02-23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:26 PM, on 25/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\FRAPS\FRAPS.EXE C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Codebox\BitMeter\BitMeter2.exe E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\richcomm\PowerManagerLite\PMLService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe E:\Programs\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE' O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe O4 - Global Startup: nvtemplogger.lnk = E:\Downloads\Guru3D\NVtemplogger\Guru3D.com\setup\NvTempLogger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - (no file) O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PMLService - richcomm - C:\Program Files\richcomm\PowerManagerLite\PMLService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 7140 bytes -------------------- The picture is what RootkitRevealer found. So I got worried. Jaycee advised I upload the log, so I thought the pic might help with diagnostics. Thanks Jaycee.
×
×
  • Create New...