Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Online scanner problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Online scanner problems

Unread postby Katana » November 2nd, 2008, 4:35 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    C:\WINDOWS\Internet Logs\xDB2D.tmp
    C:\WINDOWS\Internet Logs\xDB2C.tmp
    C:\WINDOWS\Internet Logs\xDB2B.tmp
    C:\WINDOWS\Internet Logs\xDB29.tmp
    C:\WINDOWS\Internet Logs\xDB2A.tmp
    C:\WINDOWS\Internet Logs\xDB27.tmp
    C:\WINDOWS\Internet Logs\xDB28.tmp
    C:\WINDOWS\Internet Logs\xDB25.tmp
    C:\WINDOWS\Internet Logs\xDB26.tmp
    C:\WINDOWS\Internet Logs\xDB24.tmp
    C:\WINDOWS\Internet Logs\xDB23.tmp
    C:\WINDOWS\Internet Logs\xDB21.tmp
    C:\WINDOWS\Internet Logs\xDB22.tmp
    C:\WINDOWS\Internet Logs\xDB20.tmp
    C:\WINDOWS\Internet Logs\xDB1E.tmp
    C:\WINDOWS\Internet Logs\xDB1F.tmp
    C:\WINDOWS\Internet Logs\xDB2.tmp
    C:\WINDOWS\Internet Logs\xDB3.tmp
    C:\WINDOWS\Internet Logs\xDB1.tmp
    C:\WINDOWS\Internet Logs\xDB1C.tmp
    C:\WINDOWS\Internet Logs\xDB1D.tmp
    C:\WINDOWS\Internet Logs\xDB1B.tmp
    C:\WINDOWS\Internet Logs\xDB1A.tmp
    C:\WINDOWS\Internet Logs\xDB18.tmp
    C:\WINDOWS\Internet Logs\xDB19.tmp
    C:\WINDOWS\Internet Logs\xDB17.tmp
    C:\WINDOWS\Internet Logs\xDB15.tmp
    C:\WINDOWS\Internet Logs\xDB16.tmp
    C:\WINDOWS\Internet Logs\xDB14.tmp
    C:\WINDOWS\Internet Logs\xDB13.tmp
    C:\WINDOWS\Internet Logs\xDB12.tmp
    C:\WINDOWS\Internet Logs\xDB10.tmp
    C:\WINDOWS\Internet Logs\xDB11.tmp
    C:\WINDOWS\Internet Logs\xDBF.tmp
    C:\WINDOWS\Internet Logs\xDBE.tmp
    C:\WINDOWS\Internet Logs\xDBD.tmp
    C:\WINDOWS\Internet Logs\xDBB.tmp
    C:\WINDOWS\Internet Logs\xDBC.tmp
    C:\WINDOWS\Internet Logs\xDBA.tmp
    C:\WINDOWS\Internet Logs\xDB9.tmp
    C:\WINDOWS\Internet Logs\xDB8.tmp
    C:\WINDOWS\Internet Logs\xDB7.tmp
    C:\WINDOWS\Internet Logs\xDB5.tmp
    C:\WINDOWS\Internet Logs\xDB6.tmp
    C:\WINDOWS\Internet Logs\xDB4.tmp
    Folder::
    Driver::
    SPYPRV
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "22986:TCP"=-
    "22986:UDP"=-
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: Online scanner problems

Unread postby koolkevdj » November 2nd, 2008, 5:06 pm

hi,i did what you asked ,the blue box came up but nothing happened.....
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby Katana » November 2nd, 2008, 5:18 pm

Did you make sure all your security programs were disabled ?
please try it again, and if it still doesn't work then just double click combofix.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Online scanner problems

Unread postby koolkevdj » November 2nd, 2008, 6:28 pm

hi i got it to work and here is the log:
ComboFix 08-11-01.06 - kevin miller 2008-11-02 21:33:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1268 [GMT 0:00]
Running from: C:\Documents and Settings\kevin miller\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kevin miller\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB22.tmp
C:\WINDOWS\Internet Logs\xDB23.tmp
C:\WINDOWS\Internet Logs\xDB24.tmp
C:\WINDOWS\Internet Logs\xDB25.tmp
C:\WINDOWS\Internet Logs\xDB26.tmp
C:\WINDOWS\Internet Logs\xDB27.tmp
C:\WINDOWS\Internet Logs\xDB28.tmp
C:\WINDOWS\Internet Logs\xDB29.tmp
C:\WINDOWS\Internet Logs\xDB2A.tmp
C:\WINDOWS\Internet Logs\xDB2B.tmp
C:\WINDOWS\Internet Logs\xDB2C.tmp
C:\WINDOWS\Internet Logs\xDB2D.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
.
The following files were disabled during the run:
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\Internet Logs\xDB17.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB22.tmp
C:\WINDOWS\Internet Logs\xDB23.tmp
C:\WINDOWS\Internet Logs\xDB24.tmp
C:\WINDOWS\Internet Logs\xDB25.tmp
C:\WINDOWS\Internet Logs\xDB26.tmp
C:\WINDOWS\Internet Logs\xDB27.tmp
C:\WINDOWS\Internet Logs\xDB28.tmp
C:\WINDOWS\Internet Logs\xDB29.tmp
C:\WINDOWS\Internet Logs\xDB2A.tmp
C:\WINDOWS\Internet Logs\xDB2B.tmp
C:\WINDOWS\Internet Logs\xDB2C.tmp
C:\WINDOWS\Internet Logs\xDB2D.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\Internet Logs\xDB4.tmp
C:\WINDOWS\Internet Logs\xDB5.tmp
C:\WINDOWS\Internet Logs\xDB6.tmp
C:\WINDOWS\Internet Logs\xDB7.tmp
C:\WINDOWS\Internet Logs\xDB8.tmp
C:\WINDOWS\Internet Logs\xDB9.tmp
C:\WINDOWS\Internet Logs\xDBA.tmp
C:\WINDOWS\Internet Logs\xDBB.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SPYPRV


((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 11:31 . 2008-11-02 20:23 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-10-31 05:23 . 2008-10-31 05:23 0 --ah----- C:\Documents and Settings\kevin miller\Application Data\.D1A1CB5220543E20.sys
2008-10-31 05:21 . 2008-10-31 05:21 0 --ah----- C:\Documents and Settings\kevin miller\Application Data\.D1A1CB5220543E1F.sys
2008-10-31 03:32 . 2008-11-02 22:11 0 --a------ C:\WINDOWS\sbacknt.bin
2008-10-30 15:40 . 2008-04-14 00:12 169,984 --a------ C:\WINDOWS\system32\msconfig.exe
2008-10-30 08:02 . 2008-10-30 08:02 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-10-29 17:41 . 2008-10-29 17:41 <DIR> d-------- C:\Program Files\Panda Security
2008-10-29 17:41 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-29 12:48 . 2008-10-29 12:49 <DIR> d-------- C:\rsit
2008-10-28 08:46 . 2006-12-02 15:32 167,936 --a------ C:\WINDOWS\system32\Engine3D021206.dll
2008-10-27 22:55 . 2008-10-27 22:55 <DIR> d-------- C:\cubase
2008-10-27 08:05 . 2008-10-27 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-27 08:04 . 2008-10-27 08:04 <DIR> d-------- C:\Program Files\QuickTime
2008-10-26 13:36 . 2008-10-26 13:36 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-26 13:06 . 2008-10-26 13:06 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Summitsoft
2008-10-26 08:31 . 2008-10-26 08:31 601 --a------ C:\WINDOWS\NetOps10.doc
2008-10-26 08:27 . 2008-10-26 08:27 12 --a------ C:\WINDOWS\NetOps04.doc
2008-10-24 19:52 . 2008-10-24 19:52 <DIR> d-------- C:\Program Files\Uninstall
2008-10-24 07:48 . 2008-10-24 07:48 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-10-23 22:34 . 2008-10-23 22:34 <DIR> d-------- C:\Program Files\AESTESIS
2008-10-23 18:49 . 2008-10-23 18:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-23 18:49 . 2008-10-23 18:49 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\NuVJ
2008-10-23 16:17 . 2008-10-23 16:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-23 16:17 . 2008-10-23 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-22 10:00 . 2008-10-22 10:00 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-22 10:00 . 2008-10-22 10:00 2,162 --a------ C:\WINDOWS\system32\tmmute.ini
2008-10-21 03:07 . 2008-10-21 03:07 <DIR> d-------- C:\WINDOWS\Sun
2008-10-20 09:54 . 2008-11-01 10:40 <DIR> d-------- C:\Downloads
2008-10-20 07:02 . 2008-10-20 07:02 <DIR> d-------- C:\Program Files\Neuromixer
2008-10-20 07:02 . 2008-10-20 07:02 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Cycling '74
2008-10-17 18:56 . 2008-10-19 11:33 <DIR> d-------- C:\Program Files\REAPER
2008-10-17 18:56 . 2008-10-19 11:30 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\REAPER
2008-10-17 17:50 . 2008-10-26 13:36 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-16 17:50 . 2008-10-16 17:50 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-10-16 16:59 . 2008-10-23 18:50 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-10-16 16:59 . 2008-10-16 16:59 <DIR> d-------- C:\Program Files\Media Player Classic
2008-10-16 16:59 . 2002-12-20 11:40 675,328 --a------ C:\WINDOWS\system32\ir50_32.qtx
2008-10-16 16:59 . 2004-10-27 12:01 360,504 --a------ C:\WINDOWS\system32\QTPlugin.ocx
2008-10-16 16:59 . 2004-01-12 16:57 86,016 --a------ C:\WINDOWS\system32\QuickTime.ax
2008-10-15 15:16 . 2008-08-14 09:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:16 . 2008-08-14 09:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 15:16 . 2008-09-15 12:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 15:16 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 19:40 . 2008-10-14 19:40 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\DAEMON Tools Pro
2008-10-14 18:31 . 2008-10-14 18:31 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-14 15:27 . 2008-10-14 15:27 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-10-13 16:56 . 2008-10-13 17:02 <DIR> d-------- C:\Program Files\BitComet
2008-10-13 12:20 . 2008-10-13 12:20 <DIR> d-------- C:\Program Files\Note
2008-10-12 13:38 . 2005-11-03 16:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-10-12 10:51 . 2008-10-12 13:48 <DIR> d-------- C:\nuendo
2008-10-07 19:32 . 2008-10-09 08:24 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Gearbox Software
2008-10-07 18:59 . 2008-10-07 18:59 <DIR> d-------- C:\Program Files\Ubisoft
2008-10-07 18:44 . 2008-10-07 18:44 <DIR> d-------- C:\Program Files\OpenAL
2008-10-07 18:44 . 2008-10-07 18:44 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-10-07 18:44 . 2008-10-07 18:44 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-10-07 10:19 . 2008-10-07 10:19 48 --a------ C:\WINDOWS\ProductKeyExplorer.INI
2008-10-07 08:15 . 2008-10-07 08:18 <DIR> d-------- C:\Program Files\SWiSHstudio
2008-10-07 08:03 . 2008-10-07 08:03 <DIR> d-------- C:\Program Files\KoolMoves
2008-10-07 07:46 . 2008-06-10 20:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-07 07:46 . 2008-06-02 14:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-07 07:46 . 2008-06-02 14:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-07 07:46 . 2008-06-02 14:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-07 07:45 . 2008-10-23 20:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-07 07:45 . 2008-10-07 07:45 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\PC Tools
2008-10-07 07:34 . 2008-10-07 07:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-10-06 19:25 . 2008-10-06 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BlackBean
2008-10-06 19:07 . 2008-10-06 19:07 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\BlackBean
2008-10-06 17:34 . 2008-10-06 17:34 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\SuperEasy Software
2008-10-05 20:55 . 2008-10-05 20:55 673,546 --a------ C:\WINDOWS\unins001.exe
2008-10-05 20:55 . 2003-09-22 16:10 61,440 --a------ C:\WINDOWS\system32\marblaxp.dll
2008-10-05 20:55 . 2003-09-22 16:10 53,248 --a------ C:\WINDOWS\system32\drivers\maplevmd000.exe
2008-10-05 20:55 . 2003-09-22 16:09 49,152 --a------ C:\WINDOWS\system32\mapleapi.dll
2008-10-05 20:55 . 2003-09-22 16:10 31,624 --a------ C:\WINDOWS\system32\mapledxp.dll
2008-10-05 20:55 . 2004-04-05 09:44 24,720 --a------ C:\WINDOWS\system32\drivers\mapledxp.sys
2008-10-05 20:55 . 2008-10-05 20:55 7,460 --a------ C:\WINDOWS\unins001.dat
2008-10-05 16:56 . 2008-10-05 16:59 <DIR> d-------- C:\Program Files\MixMeister Fusion + Video
2008-10-05 14:15 . 2008-10-05 14:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-05 14:13 . 2008-10-05 14:39 1,570 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-05 12:00 . 2008-10-05 12:00 <DIR> d-------- C:\Documents and Settings\kevin miller\Application Data\Leadertech
2008-10-05 11:45 . 2008-10-14 20:13 <DIR> d-------- C:\Program Files\Wondershare
2008-10-05 11:45 . 2007-08-30 15:55 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-10-05 11:44 . 2008-10-05 11:44 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-10-05 11:23 . 2008-10-05 11:23 <DIR> d-------- C:\Program Files\Nufsoft
2008-10-05 10:09 . 2008-10-05 10:09 <DIR> dr-hs---- C:\sys
2008-10-04 12:00 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-10-02 19:42 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-10-02 19:42 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-10-02 19:42 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-10-02 19:41 . 2008-10-12 13:38 <DIR> d-------- C:\Program Files\Syncrosoft
2008-10-02 19:41 . 2005-11-08 10:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 20:28 634,368 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-11-02 20:28 2,767,872 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-11-02 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-02 20:01 --------- d-----w C:\Program Files\Arturia
2008-11-02 09:13 --------- d-----w C:\Program Files\VstPlugins
2008-11-01 10:47 --------- d-----w C:\Program Files\Unlocker
2008-10-31 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-31 03:32 152,904 ----a-w C:\WINDOWS\system32\vghd.scr
2008-10-31 03:32 --------- d-----w C:\Program Files\vghd
2008-10-30 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-29 22:32 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\EBookSys
2008-10-29 21:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-29 20:30 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\NetMedia Providers
2008-10-29 18:45 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\AVGTOOLBAR
2008-10-29 16:13 98,440 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-28 21:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 21:22 90,632 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-28 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-28 08:03 --------- d-----w C:\Program Files\Sony
2008-10-28 08:02 --------- d-----w C:\Program Files\Sony Setup
2008-10-27 08:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-27 08:18 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Vso
2008-10-27 08:06 --------- d-----w C:\Program Files\iTunes
2008-10-27 08:05 --------- d-----w C:\Program Files\iPod
2008-10-27 08:04 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 17:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-26 17:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-26 17:47 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\SUPERAntiSpyware.com
2008-10-26 13:27 --------- d-----w C:\Program Files\Java
2008-10-25 16:27 147,456 ----a-w C:\WINDOWS\AVUNTOOL.EXE
2008-10-25 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 16:38 --------- d-----w C:\Program Files\Sugar Bytes
2008-10-23 22:39 24,640 ----a-w C:\Program Files\Common Files\security
2008-10-23 18:54 --------- d-----w C:\Program Files\Bonjour
2008-10-23 13:29 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\PACE Anti-Piracy
2008-10-23 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-10-23 13:28 --------- d-----w C:\Program Files\iZotope
2008-10-22 16:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:00 --------- d-----w C:\Program Files\Trend Micro
2008-10-17 12:47 --------- d-----w C:\Program Files\Cakewalk
2008-10-17 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-10-16 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 16:53 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-10-15 21:09 --------- d-----w C:\Program Files\Spectrasonics
2008-10-14 15:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 11:30 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Apple Computer
2008-10-12 10:43 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Steinberg
2008-10-12 10:33 --------- d-----w C:\Program Files\Steinberg
2008-10-10 19:09 --------- d-----w C:\Program Files\MixMeister Fusion
2008-10-10 08:12 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-10-09 13:25 1,221,008 ----a-w C:\WINDOWS\system32\zpeng25.dll
2008-10-04 15:51 --------- d-----w C:\Program Files\Picasa2
2008-10-04 09:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-01 21:10 --------- d-----w C:\Program Files\MSBuild
2008-10-01 19:41 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Nero
2008-10-01 19:38 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-01 19:35 --------- d-----w C:\Program Files\Nero
2008-10-01 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-10-01 19:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-01 16:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-10-01 16:42 --------- d-----w C:\Program Files\Webroot
2008-10-01 16:42 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Webroot
2008-10-01 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-01 16:41 164 ----a-w C:\install.dat
2008-09-30 15:18 --------- d-----w C:\Program Files\Lexicon
2008-09-30 11:41 --------- d-----w C:\Program Files\KeyToSound
2008-09-30 05:57 --------- d-----w C:\Program Files\Image-Line
2008-09-29 15:10 --------- d-----w C:\Program Files\Windows Resource Kits
2008-09-29 14:57 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-09-29 14:57 --------- d-----w C:\Program Files\MSECACHE
2008-09-29 09:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 07:06 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-27 07:06 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-09-27 07:06 --------- d-----w C:\Program Files\AVG
2008-09-26 00:37 456,433 ----a-w C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
2008-09-26 00:37 --------- d-----w C:\Program Files\Natura Sound Therapy
2008-09-25 12:17 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\GrandVJ
2008-09-24 16:32 --------- d-----w C:\Program Files\ArKaos GrandVJ 1.0 FC1
2008-09-22 16:36 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Koblo
2008-09-22 16:34 --------- d-----w C:\Program Files\Koblo
2008-09-21 22:31 --------- d-----w C:\Program Files\Flash Menu Factory
2008-09-21 14:37 --------- d-----w C:\Program Files\123 Flash Menu
2008-09-20 03:45 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Sony
2008-09-20 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-09-20 03:05 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Sony Setup
2008-09-18 10:51 --------- d-----w C:\Program Files\CDXTRACT4
2008-09-18 06:43 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\Publish Providers
2008-09-15 18:52 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-09-15 18:42 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\FabFilter
2008-09-15 15:59 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-09-15 14:10 --------- d-----w C:\Program Files\InterLok
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 10:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-15 09:32 --------- d-----w C:\Documents and Settings\kevin miller\Application Data\VSRevoGroup
2008-09-14 09:13 --------- d-----w C:\Program Files\MP3Gain
2008-09-14 09:12 --------- d-----w C:\Program Files\Awave Studio
2008-09-14 04:47 2,755 ----a-w C:\Documents and Settings\kevin miller\Application Data\SAS7_000.DAT
2008-09-13 23:36 --------- d-----w C:\Program Files\onOne Software
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_15.06.01.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-02 22:08:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b9c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-28 1235736]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"PCdefense "="C:\Program Files\Laplink\PCdefense\PCDefense.exe" [2006-08-31 1585152]
"TGX2_VFD"="C:\WINDOWS\system32\TGVFDMsgservice.exe" [2004-11-06 233472]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"DefragTaskBar"="C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-10-19 2782352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\kevin miller\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe [2008-08-15 357712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FreelineSchedule.lnk - C:\Freeline\FreelineSchedule.exe [2005-08-13 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=AntiLogger.dll, acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"midi7"= mapledxp.dll
"midi4"= KORGUMDD.DRV

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FreelineSchedule.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FreelineSchedule.lnk
backup=C:\WINDOWS\pss\FreelineSchedule.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RaConfig2500.lnk]
backup=C:\WINDOWS\pss\RaConfig2500.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^ Registration.lnk]
backup=C:\WINDOWS\pss\ Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
backup=C:\WINDOWS\pss\Registration Brothers In Arms.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Shareaza Turbo Accelerator.lnk]
backup=C:\WINDOWS\pss\Shareaza Turbo Accelerator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^kevin miller^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaPPcl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopMaestro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\'Ashampoo AntiSpyWare 2 Guard']
--a------ 2008-09-08 10:09 2349912 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 21:43 640376 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 01:25 37232 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 06:58 611712 C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 05:46 378224 C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard]
--a------ 2008-09-08 10:09 2349912 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-25 18:52 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CD-Ejector]
--a------ 2005-06-11 23:49 147456 C:\Documents and Settings\kevin miller\My Documents\CD-Ejector\CD-Ejector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-13 17:10 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2005-03-08 04:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 00:12 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 00:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 08:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--a------ 2004-08-05 18:28 1335386 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 07:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 20:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 15:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-03 02:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 12:36 14854144 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
--a------ 2008-03-05 18:12 526848 C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-ra------ 2003-08-28 04:20 94208 C:\WINDOWS\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2008-08-09 15:04 5418864 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-26 13:36 136600 C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-10-08 09:50 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 23:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wwSecSvc"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AshampooDefragService"=2 (0x2)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"ALG"=3 (0x3)
"AgereModemAudio"=2 (0x2)
"Adobe Version Cue CS4"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"AASW2_Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"KernelFaultCheck"=
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"MSConfig"=C:\Documents and Settings\kevin miller\My Documents\msconfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-27 12936]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-29 98440]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-28 90632]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2005-05-31 11970]
R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 24720]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-09-08 749400]
R2 adfs;adfs;C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-28 874776]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 DfuUsb;DfuUsb;C:\WINDOWS\system32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2005-05-31 130112]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2005-05-31 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-05-31 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-05-31 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-05-31 27984]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2004-07-12 12544]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 TGX263;TriGem X2 Device Driver;C:\WINDOWS\system32\Drivers\TGX263.sys [2004-11-04 16384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-13 29744]
S3 LLRKD;LLRKD;C:\WINDOWS\system32\drivers\LLRKD.sys [2006-08-31 16579]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\WINDOWS\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-25 6656]
S3 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-10-22 15504]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\279.tmp [ ]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2005-11-03 16896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5653300-69b7-11dd-a189-00142a5d2135}]
\Shell\AutoRun\command - H:\Launch.exe

*Newly Created Service* - SPYPRV
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-02 C:\WINDOWS\Tasks\Laplink PCdefense.job
- C:\Program Files\Laplink\PCdefense\XoftSpy.exe [2006-06-19 06:35]

2008-11-02 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 15:04]

2008-10-24 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
- C:\","D:\","E:\","F:\" []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 22:12:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\279.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\detoured.dll
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-11-02 22:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-02 22:25:57
ComboFix2.txt 2008-11-02 15:24:57
ComboFix3.txt 2008-10-29 10:18:37

Pre-Run: 101,477,744,640 bytes free
Post-Run: 101,454,602,240 bytes free

701 --- E O F --- 2008-10-29 08:55:09
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby Katana » November 2nd, 2008, 6:38 pm

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.


That looks fine now, any other problems ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Online scanner problems

Unread postby koolkevdj » November 3rd, 2008, 7:56 am

hi,well everything seems ok,however while im at it i did a scan with a squared and it detected a trojan called trojan.win.vb!ik,i got rid of that,what i find amazing is that all the other antispy ware programs did not detect it so im gonna run everything i have to make sure my pc is 100% clean....
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby Katana » November 3rd, 2008, 8:13 am

Different programs detect different infections, sometimes they can be false positives, and sometimes they can be leftovers that are harmless.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Online scanner problems

Unread postby koolkevdj » November 3rd, 2008, 8:23 am

hi,ok well lets hope this is the last of it now,and thx for help again,i will be more carefull in the future .....
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby koolkevdj » November 4th, 2008, 10:12 am

hi,looks like i spoke to soon,ok my pc was totally clean after all the scans we did,this morning i was on the pc doing some work,i turned it off for 2 hours and when i turned it on everything was changed ie: the desktop theme,all the devices listed in device manager dissapeared,the internet connection was gone, i managed to boot into safe mode to open up msconfig and i checked all the services and everyone has been stopped now i know there is no virus as i scanned the whole pc once with avg pro and with kaspersky,i also scanned with a squared,i have not downloaded anything so i know its nothing from the net,i renabled all the microsoft services and restated the pc,windows booted up ok so what the hell is going on here...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:19, on 04/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Laplink\PCdefense\PCDefense.exe
C:\WINDOWS\system32\TGVFDMsgservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [PCdefense ] C:\Program Files\Laplink\PCdefense\PCDefense.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FreelineSchedule.lnk = C:\Freeline\FreelineSchedule.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.laplink.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll (file missing)
O20 - AppInit_DLLs: AntiLogger.dll, acaptuser32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9554 bytes
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby Katana » November 4th, 2008, 11:27 am

There is no malware that would be causing your problem.
It sounds like a software problem, either something is conflicting or there is system corruption.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.
Give them the following link, so they can see the logs if needed
Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=35757
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Online scanner problems

Unread postby koolkevdj » November 5th, 2008, 5:08 am

hi again,im really sorry to bother you but i did a scan from the links you gave about my pc i did a scan and there is no errors with my software or hard disc,however i seem to have come full circle and now i cant download anything from ie7 or firefox i get a message saying the object is blocked,or the website declined to show this page with an 404 error i think its called,i did a scan with panda and nothing,i did a scan with avg and nothing,also when i try to edit start up programs with msconfig i also get a message saying i do not have the rights to edit with msconfig,im sure there is something in the pc which is causing all this mess but so far nothing has been found,i assume it must be the registry that is corrupt...............please can you help once more many thanks kevin
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby koolkevdj » November 5th, 2008, 5:16 am

oh and by the way am i right in thinking that combofix installed windows recovery consol and if so could i repair windows using it as i dont really want to reformat the pc but if its what i have to do then so be it,the pc seems to be running ok but its the small problems that i cant figure out.
koolkevdj
Regular Member
 
Posts: 44
Joined: September 9th, 2008, 8:32 am

Re: Online scanner problems

Unread postby Katana » November 5th, 2008, 6:02 am

Recovery Console is just so you can access your machine if it doesn't boot properly.

i did a scan and there is no errors with my software or hard disc

The links I gave will not detect software corruption or hard disc errors, they only detect infected files.

It sounds like you may need to perform a repair install or even a reformat, but as I said in my last post you need to contact a tech forum as your problem is not malware now.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Online scanner problems

Unread postby Gary R » November 8th, 2008, 10:31 am

koolkevdj, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware