Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anything here look suspect?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Anything here look suspect?

Unread postby markiitourerv » October 15th, 2009, 10:09 pm

Hey, thanks for looking.

My pc has been doing some weird things as of late, slow operation at times, pop ups all of a sudden,
internet keeps disconnecting, etc.

Ran AVG and it discovered a dozen odd trojan, just wondering what's left over.

Thanks again for taking the time to look, hope someone can help out.

Nigel.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:54 PM, on 10/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UVC Video Camera\UVCSti.exe
C:\Program Files\UVC Video Camera\EffectDir\UVCtray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVCSti] "C:\Program Files\UVC Video Camera\UVCSti.exe"
O4 - HKLM\..\Run: [RunUVC] "C:\Program Files\UVC Video Camera\EffectDir\UVCtray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [Clock knob fast okay] C:\Documents and Settings\All Users\Application Data\Idle Skip Clock Knob\Show Build.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Surf One] C:\DOCUME~1\user\APPLIC~1\LIVEOP~1\deadlies.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDFAC76C-4AF6-4009-AA3D-2B6CC7D51BA1}: NameServer = 203.2.193.67 202.135.30.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6049 bytes
markiitourerv
Active Member
 
Posts: 3
Joined: October 15th, 2009, 9:59 pm
Advertisement
Register to Remove

Re: Anything here look suspect?

Unread postby Blade81 » October 18th, 2009, 8:30 am

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Anything here look suspect?

Unread postby markiitourerv » October 21st, 2009, 4:53 am

Here are the logs from the DDS scan:

DDS (Ver_09-10-13.01) - NTFSx86
Run by user at 19:01:03.39 on Wed 10/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT 10.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UVC Video Camera\UVCSti.exe
C:\Program Files\UVC Video Camera\EffectDir\UVCtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Surf One] c:\docume~1\user\applic~1\liveop~1\deadlies.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UVCSti] "c:\program files\uvc video camera\UVCSti.exe"
mRun: [RunUVC] "c:\program files\uvc video camera\effectdir\UVCtray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Clock knob fast okay] c:\documents and settings\all users\application data\idle skip clock knob\Show Build.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-U ... E_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\xf3s0w1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.chariot.net.au/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-29 97928]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.SYS [2009-10-16 5120]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-29 231704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-4 14336]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2008-8-1 239616]
S0 DiagnosticScan;DiagnosticScan; [x]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2008-5-26 29152]

=============== Created Last 30 ================


==================== Find3M ====================

2009-09-12 00:48 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-05 07:33 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 18:06 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 18:06 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-29 18:06 17,408 -------- c:\windows\system32\corpol.dll
2009-08-26 18:30 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 19:31 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 01:43 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:50 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-03 16:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 16:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 16:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 17:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-08 17:00 6,616,576 a------- c:\program files\etax2009_1.msi
2008-08-16 14:32 33,792 a------- c:\program files\FFF-ReflexV2.exe
2008-08-15 22:58 0 a------- c:\program files\temp01
2008-07-11 15:18 8,263,648 a------- c:\program files\etax2008_1.exe
2008-05-24 18:27 1,324 a------- c:\program files\launch.ica
2008-05-24 13:52 15,477,248 a------- c:\program files\Citrix.msi
2004-07-26 04:16 1,117,491 a------- c:\program files\dvdshrink32setup.exe
2008-09-25 23:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 19:01:54.78 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2008 1:23:13 PM
System Uptime: 10/21/2009 5:26:00 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 085Ch
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 50.071 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 149 GiB total, 36.503 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP408: 7/23/2009 11:07:00 PM - System Checkpoint
RP409: 7/24/2009 11:18:36 PM - System Checkpoint
RP410: 7/26/2009 4:29:50 PM - System Checkpoint
RP411: 7/27/2009 5:05:37 PM - System Checkpoint
RP412: 7/28/2009 7:44:36 PM - System Checkpoint
RP413: 7/29/2009 11:26:51 PM - Software Distribution Service 3.0
RP414: 7/31/2009 9:53:00 PM - System Checkpoint
RP415: 7/31/2009 11:39:02 PM - Software Distribution Service 3.0
RP416: 8/2/2009 5:29:05 PM - System Checkpoint
RP417: 8/3/2009 5:47:09 PM - System Checkpoint
RP418: 8/4/2009 5:59:02 PM - System Checkpoint
RP419: 8/5/2009 10:43:11 PM - System Checkpoint
RP420: 8/7/2009 5:06:20 PM - System Checkpoint
RP421: 8/8/2009 5:53:02 PM - System Checkpoint
RP422: 8/9/2009 8:58:17 PM - System Checkpoint
RP423: 8/10/2009 9:35:13 PM - System Checkpoint
RP424: 8/12/2009 5:10:56 PM - System Checkpoint
RP425: 8/12/2009 11:16:58 PM - Software Distribution Service 3.0
RP426: 8/14/2009 9:48:14 PM - System Checkpoint
RP427: 8/16/2009 1:30:58 PM - System Checkpoint
RP428: 8/18/2009 8:14:11 PM - System Checkpoint
RP429: 8/19/2009 10:34:34 PM - System Checkpoint
RP430: 8/21/2009 8:47:08 PM - System Checkpoint
RP431: 8/23/2009 3:40:22 PM - System Checkpoint
RP432: 8/26/2009 7:22:42 PM - System Checkpoint
RP433: 8/26/2009 11:19:48 PM - Software Distribution Service 3.0
RP434: 8/28/2009 7:27:35 PM - System Checkpoint
RP435: 8/30/2009 12:45:04 PM - System Checkpoint
RP436: 8/31/2009 5:28:02 PM - System Checkpoint
RP437: 9/1/2009 7:34:28 PM - System Checkpoint
RP438: 9/2/2009 9:14:37 PM - System Checkpoint
RP439: 9/3/2009 9:53:55 PM - System Checkpoint
RP440: 9/4/2009 11:11:37 PM - System Checkpoint
RP441: 9/7/2009 6:01:28 PM - System Checkpoint
RP442: 9/8/2009 8:19:56 PM - Removed Vodafone Mobile Connect.
RP443: 9/8/2009 8:28:00 PM - Installed Vodafone Mobile Connect Lite.
RP444: 9/8/2009 9:09:35 PM - Removed Vodafone Mobile Connect Lite.
RP445: 9/8/2009 9:15:19 PM - Installed Vodafone Mobile Connect Lite.
RP446: 9/9/2009 9:56:49 PM - Software Distribution Service 3.0
RP447: 9/10/2009 10:11:47 PM - System Checkpoint
RP448: 9/12/2009 9:15:11 AM - System Checkpoint
RP449: 9/13/2009 10:39:57 AM - System Checkpoint
RP450: 9/14/2009 4:44:49 PM - System Checkpoint
RP451: 9/15/2009 7:15:49 PM - System Checkpoint
RP452: 9/17/2009 4:36:37 PM - System Checkpoint
RP453: 9/18/2009 7:01:38 PM - System Checkpoint
RP454: 9/19/2009 10:38:44 PM - System Checkpoint
RP455: 9/21/2009 5:11:22 PM - System Checkpoint
RP456: 9/23/2009 5:22:32 PM - System Checkpoint
RP457: 9/24/2009 7:47:58 PM - System Checkpoint
RP458: 9/25/2009 7:51:37 PM - System Checkpoint
RP459: 9/26/2009 2:54:59 PM - Software Distribution Service 3.0
RP460: 9/27/2009 5:47:20 PM - System Checkpoint
RP461: 9/28/2009 6:30:25 PM - System Checkpoint
RP462: 9/28/2009 8:56:18 PM - Installed DirectX
RP463: 9/30/2009 11:22:51 AM - System Checkpoint
RP464: 10/1/2009 6:16:57 PM - System Checkpoint
RP465: 10/2/2009 6:24:20 PM - System Checkpoint
RP466: 10/3/2009 11:37:33 PM - System Checkpoint
RP467: 10/5/2009 11:01:33 AM - System Checkpoint
RP468: 10/6/2009 6:18:15 PM - System Checkpoint
RP469: 10/7/2009 7:42:11 PM - System Checkpoint
RP470: 10/8/2009 8:35:29 PM - System Checkpoint
RP471: 10/10/2009 10:19:16 AM - System Checkpoint
RP472: 10/11/2009 1:44:08 PM - System Checkpoint
RP473: 10/12/2009 5:32:13 PM - System Checkpoint
RP474: 10/13/2009 6:04:28 PM - System Checkpoint
RP475: 10/14/2009 7:31:22 PM - System Checkpoint
RP476: 10/15/2009 12:03:46 AM - Software Distribution Service 3.0
RP477: 10/16/2009 2:30:03 PM - System Checkpoint
RP478: 10/17/2009 2:51:29 PM - System Checkpoint
RP479: 10/17/2009 9:16:04 PM - Restore Operation
RP480: 10/19/2009 4:39:01 PM - System Checkpoint
RP481: 10/20/2009 6:18:07 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
ACDSee for PENTAX 2.0
Action Replay Code Manager
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
AVG Free 8.0
Babysitting Mania
Big City Adventure San Francisco
Big Fish Games Client
Cake Mania
Canon MP Navigator 2.0
Canon MP500
Canon Utilities Easy-PhotoPrint
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD-LabelPrint
Citrix Presentation Server Client - Web Only
Critical Update for Windows Media Player 11 (KB959772)
Delicious 2 Deluxe
DNA
DVD Region+CSS Free 5.58
DVD Shrink 3.2
e-tax 2008
e-tax 2009
Easy-WebPrint
Fashion Boutique
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Extreme Graphics 2 Driver
Junk Mail filter update
Map Button (Windows Live Toolbar)
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.14)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My Pictures And Sounds 7.09
Nero 6 Ultra Edition
NINTENDO DS GAME BROWSER
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
orlogix RecordNow DX
PowerDVD
Sallys Salon
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skins
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy
System Requirements Lab
The Game Of LIFE PTS
TVUPlayer 2.3.7.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
UVC Video Camera
Vodafone Mobile Connect Lite
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XnView 1.93.4

==== Event Viewer Messages From Past Week ========

10/21/2009 7:00:02 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
10/21/2009 7:00:02 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
10/20/2009 8:34:08 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom2.
10/16/2009 9:31:43 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
10/15/2009 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
10/15/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
10/15/2009 8:00:02 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
10/15/2009 8:00:02 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
10/15/2009 12:02:51 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
10/15/2009 10:00:04 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
10/15/2009 10:00:04 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
10/14/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
10/14/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
10/14/2009 8:00:02 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
10/14/2009 8:00:02 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
10/14/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
10/14/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
10/14/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
10/14/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
10/14/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
10/14/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
10/14/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
10/14/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
10/14/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
10/14/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
10/14/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
10/14/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
10/14/2009 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
10/14/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
10/14/2009 11:00:02 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
10/14/2009 11:00:02 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
10/14/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
10/14/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
10/14/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
10/14/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
10/14/2009 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
10/14/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================
markiitourerv
Active Member
 
Posts: 3
Joined: October 15th, 2009, 9:59 pm

Re: Anything here look suspect?

Unread postby markiitourerv » October 21st, 2009, 6:26 am

And this is the scan from lopSD:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : 786B2 v1.11
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:50 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:149 Go (Free:36 Go)
F:\ (CD or DVD)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 10/21/2009|20:36 )

--------------------\\ Listing folders in APPLIC~1

[08/30/2008|03:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[06/07/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/20/2009|05:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[03/29/2009|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[08/15/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BigFishGamesCache
[05/24/2008|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/14/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[06/08/2009|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[07/18/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gogii
[06/07/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[10/21/2009|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Idle Skip Clock Knob
[12/12/2008|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IM
[12/12/2008|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IncrediMail
[05/24/2008|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/28/2008|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[08/30/2009|04:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[06/08/2009|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[05/23/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[02/11/2009|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[07/13/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sandlot Games
[04/19/2009|08:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[10/17/2009|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[05/24/2008|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SSScanAppDataDir
[05/24/2008|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SSScanWizard
[01/26/2009|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/04/2008|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TVU Networks
[09/08/2009|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Vodafone
[06/11/2008|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[07/19/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[07/13/2008|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Zylom

[04/14/2008|02:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/29/2009|06:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[10/17/2009|09:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Vodafone

[05/24/2008|12:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Bytemobile
[01/25/2009|04:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[01/29/2009|06:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/30/2008|03:25] C:\DOCUME~1\user\APPLIC~1\<DIR> ACD Systems
[06/07/2008|12:28] C:\DOCUME~1\user\APPLIC~1\<DIR> Adobe
[06/19/2008|08:16] C:\DOCUME~1\user\APPLIC~1\<DIR> Ahead
[07/20/2009|05:37] C:\DOCUME~1\user\APPLIC~1\<DIR> ATI
[06/07/2009|07:27] C:\DOCUME~1\user\APPLIC~1\<DIR> Canon
[05/31/2008|07:26] C:\DOCUME~1\user\APPLIC~1\<DIR> CyberLink
[07/16/2008|10:47] C:\DOCUME~1\user\APPLIC~1\<DIR> DNA
[06/07/2008|02:07] C:\DOCUME~1\user\APPLIC~1\<DIR> Google
[05/26/2008|11:46] C:\DOCUME~1\user\APPLIC~1\<DIR> Help
[05/24/2008|09:07] C:\DOCUME~1\user\APPLIC~1\<DIR> ICAClient
[04/14/2008|02:32] C:\DOCUME~1\user\APPLIC~1\<DIR> Identities
[05/24/2008|12:49] C:\DOCUME~1\user\APPLIC~1\<DIR> InstallShield
[04/30/2008|12:13] C:\DOCUME~1\user\APPLIC~1\<DIR> Macromedia
[07/08/2009|12:35] C:\DOCUME~1\user\APPLIC~1\<DIR> Microsoft
[01/29/2009|06:49] C:\DOCUME~1\user\APPLIC~1\<DIR> Mozilla
[10/17/2009|09:49] C:\DOCUME~1\user\APPLIC~1\<DIR> MSNInstaller
[09/27/2009|08:27] C:\DOCUME~1\user\APPLIC~1\<DIR> Office Genuine Advantage
[05/24/2008|02:16] C:\DOCUME~1\user\APPLIC~1\<DIR> ScanSoft
[10/17/2009|09:12] C:\DOCUME~1\user\APPLIC~1\<DIR> SnapTeam
[07/17/2008|07:32] C:\DOCUME~1\user\APPLIC~1\<DIR> Total Eclipse
[08/04/2008|07:56] C:\DOCUME~1\user\APPLIC~1\<DIR> TVU Networks
[10/17/2009|09:08] C:\DOCUME~1\user\APPLIC~1\<DIR> uTorrent
[09/08/2009|09:28] C:\DOCUME~1\user\APPLIC~1\<DIR> Vodafone
[07/20/2009|06:46] C:\DOCUME~1\user\APPLIC~1\<DIR> XnView

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/21/2009 05:26 PM][--a------] C:\WINDOWS\tasks\OGALogon.job
[10/20/2009 11:00 PM][--a------] C:\WINDOWS\tasks\At48.job
[10/20/2009 10:00 PM][--a------] C:\WINDOWS\tasks\At47.job
[10/20/2009 09:00 PM][--a------] C:\WINDOWS\tasks\At46.job
[10/21/2009 08:00 PM][--a------] C:\WINDOWS\tasks\At45.job
[10/21/2009 07:00 PM][--a------] C:\WINDOWS\tasks\At44.job
[10/21/2009 06:00 PM][--a------] C:\WINDOWS\tasks\At43.job
[10/20/2009 05:00 PM][--a------] C:\WINDOWS\tasks\At42.job
[10/18/2009 04:00 PM][--a------] C:\WINDOWS\tasks\At41.job
[10/18/2009 02:00 PM][--a------] C:\WINDOWS\tasks\At39.job
[10/18/2009 03:00 PM][--a------] C:\WINDOWS\tasks\At40.job
[10/18/2009 01:00 PM][--a------] C:\WINDOWS\tasks\At38.job
[10/18/2009 12:00 PM][--a------] C:\WINDOWS\tasks\At37.job
[10/18/2009 11:00 AM][--a------] C:\WINDOWS\tasks\At36.job
[10/18/2009 10:00 AM][--a------] C:\WINDOWS\tasks\At35.job
[10/18/2009 08:00 AM][--a------] C:\WINDOWS\tasks\At33.job
[10/18/2009 09:00 AM][--a------] C:\WINDOWS\tasks\At34.job
[02/17/2009 06:00 AM][--a------] C:\WINDOWS\tasks\At31.job
[10/21/2009 07:00 AM][--a------] C:\WINDOWS\tasks\At32.job
[02/17/2009 05:00 AM][--a------] C:\WINDOWS\tasks\At30.job
[10/04/2009 03:00 AM][--a------] C:\WINDOWS\tasks\At28.job
[02/17/2009 04:00 AM][--a------] C:\WINDOWS\tasks\At29.job
[10/05/2009 02:00 AM][--a------] C:\WINDOWS\tasks\At27.job
[10/11/2009 01:00 AM][--a------] C:\WINDOWS\tasks\At26.job
[10/11/2009 12:50 AM][--a------] C:\WINDOWS\tasks\At25.job
[10/20/2009 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[10/20/2009 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[10/20/2009 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[10/21/2009 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[10/21/2009 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[10/21/2009 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[10/18/2009 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[10/20/2009 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[10/18/2009 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[10/18/2009 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[10/18/2009 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[10/18/2009 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[10/18/2009 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[10/18/2009 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[10/18/2009 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[10/18/2009 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[10/21/2009 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[02/17/2009 06:00 AM][--a------] C:\WINDOWS\tasks\At7.job
[02/17/2009 05:00 AM][--a------] C:\WINDOWS\tasks\At6.job
[02/17/2009 04:00 AM][--a------] C:\WINDOWS\tasks\At5.job
[10/04/2009 03:00 AM][--a------] C:\WINDOWS\tasks\At4.job
[10/05/2009 02:00 AM][--a------] C:\WINDOWS\tasks\At3.job
[10/11/2009 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[10/11/2009 12:19 AM][--a------] C:\WINDOWS\tasks\At1.job
[10/21/2009 05:26 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 10:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/30/2008|03:22] C:\Program Files\<DIR> ACD Systems
[07/12/2008|12:06] C:\Program Files\<DIR> Adobe
[06/18/2008|08:06] C:\Program Files\<DIR> Ahead
[05/24/2008|02:15] C:\Program Files\<DIR> ArcSoft
[07/20/2009|05:32] C:\Program Files\<DIR> ATI Technologies
[04/29/2008|11:52] C:\Program Files\<DIR> AVG
[07/19/2008|01:48] C:\Program Files\<DIR> Babysitting Mania
[08/15/2008|10:58] C:\Program Files\<DIR> bfgclient
[06/28/2008|07:00] C:\Program Files\<DIR> Big City Adventure San Francisco
[10/17/2009|09:12] C:\Program Files\<DIR> BulletProofSoft.com
[08/19/2008|07:44] C:\Program Files\<DIR> Cake Mania
[05/24/2008|02:09] C:\Program Files\<DIR> Canon
[08/30/2009|04:01] C:\Program Files\<DIR> Circle Developemet
[05/24/2008|09:02] C:\Program Files\<DIR> Citrix
[07/20/2009|05:28] C:\Program Files\<DIR> Common Files
[04/14/2008|02:17] C:\Program Files\<DIR> ComPlus Applications
[04/14/2008|03:04] C:\Program Files\<DIR> CyberLink
[05/12/2009|09:15] C:\Program Files\<DIR> Datel
[07/15/2008|09:47] C:\Program Files\<DIR> Delicious 2 Deluxe
[07/21/2009|06:31] C:\Program Files\<DIR> DVD Region+CSS Free
[05/31/2008|05:36] C:\Program Files\<DIR> DVD Shrink
[03/21/2009|01:37] C:\Program Files\<DIR> Fashion Boutique
[01/29/2009|05:58] C:\Program Files\<DIR> Google
[07/20/2009|05:29] C:\Program Files\<DIR> InstallShield Installation Information
[10/17/2009|09:05] C:\Program Files\<DIR> Internet Explorer
[09/25/2008|11:08] C:\Program Files\<DIR> Messenger
[02/22/2009|07:09] C:\Program Files\<DIR> Microsoft
[04/14/2008|02:44] C:\Program Files\<DIR> Microsoft ActiveSync
[04/14/2008|02:21] C:\Program Files\<DIR> microsoft frontpage
[04/14/2008|02:44] C:\Program Files\<DIR> Microsoft Office
[10/17/2009|09:12] C:\Program Files\<DIR> Microsoft Office Outlook Connector
[10/17/2009|09:09] C:\Program Files\<DIR> Microsoft Silverlight
[07/19/2008|12:07] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[01/29/2009|08:57] C:\Program Files\<DIR> Microsoft Sync Framework
[04/14/2008|02:44] C:\Program Files\<DIR> Microsoft Visual Studio
[06/11/2008|01:19] C:\Program Files\<DIR> Microsoft Works
[04/14/2008|02:44] C:\Program Files\<DIR> Microsoft.NET
[09/25/2008|11:04] C:\Program Files\<DIR> Movie Maker
[10/21/2009|06:44] C:\Program Files\<DIR> Mozilla Firefox
[02/17/2009|12:30] C:\Program Files\<DIR> MSBuild
[10/17/2009|09:49] C:\Program Files\<DIR> MSN
[04/14/2008|02:17] C:\Program Files\<DIR> MSN Gaming Zone
[05/12/2009|09:15] C:\Program Files\<DIR> MSXML 4.0
[09/25/2008|11:00] C:\Program Files\<DIR> NetMeeting
[04/14/2008|02:17] C:\Program Files\<DIR> Online Services
[05/31/2008|05:30] C:\Program Files\<DIR> orlogix
[08/13/2009|12:19] C:\Program Files\<DIR> Outlook Express
[02/17/2009|12:30] C:\Program Files\<DIR> Reference Assemblies
[06/28/2008|06:59] C:\Program Files\<DIR> ReflexiveArcade
[01/26/2009|01:16] C:\Program Files\<DIR> Registry Mechanic
[05/26/2008|11:49] C:\Program Files\<DIR> SAGEM
[07/18/2008|09:42] C:\Program Files\<DIR> Sallys Salon
[05/24/2008|02:16] C:\Program Files\<DIR> ScanSoft
[10/17/2009|09:07] C:\Program Files\<DIR> Spybot - Search & Destroy
[05/23/2008|11:24] C:\Program Files\<DIR> SystemRequirementsLab
[01/26/2009|01:16] C:\Program Files\<DIR> The Game Of LIFE PTS
[01/29/2009|05:50] C:\Program Files\<DIR> Trend Micro
[08/04/2008|07:57] C:\Program Files\<DIR> TVUPlayer
[04/14/2008|02:32] C:\Program Files\<DIR> Uninstall Information
[11/23/2008|11:32] C:\Program Files\<DIR> uTorrent
[07/08/2009|10:36] C:\Program Files\<DIR> UVC Video Camera
[05/24/2008|12:46] C:\Program Files\<DIR> Vodafone
[10/17/2009|09:12] C:\Program Files\<DIR> Windows Live
[07/19/2008|11:56] C:\Program Files\<DIR> Windows Live Favorites
[01/29/2009|08:53] C:\Program Files\<DIR> Windows Live SkyDrive
[01/29/2009|08:58] C:\Program Files\<DIR> Windows Live Toolbar
[01/27/2009|11:39] C:\Program Files\<DIR> Windows Media Connect 2
[01/27/2009|11:41] C:\Program Files\<DIR> Windows Media Player
[09/25/2008|11:00] C:\Program Files\<DIR> Windows NT
[04/14/2008|02:19] C:\Program Files\<DIR> WindowsUpdate
[06/10/2008|07:01] C:\Program Files\<DIR> WinRAR
[04/14/2008|02:21] C:\Program Files\<DIR> xerox
[07/20/2009|06:45] C:\Program Files\<DIR> XnView

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/30/2008|03:22] C:\Program Files\Common Files\<DIR> ACD Systems
[06/07/2008|12:22] C:\Program Files\Common Files\<DIR> Adobe
[06/18/2008|08:06] C:\Program Files\Common Files\<DIR> Ahead
[07/20/2009|05:28] C:\Program Files\Common Files\<DIR> ATI Technologies
[04/14/2008|02:44] C:\Program Files\Common Files\<DIR> DESIGNER
[07/20/2009|05:29] C:\Program Files\Common Files\<DIR> InstallShield
[04/14/2008|02:45] C:\Program Files\Common Files\<DIR> L&H
[02/22/2009|07:06] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/14/2008|02:18] C:\Program Files\Common Files\<DIR> MSSoap
[04/14/2008|10:37] C:\Program Files\Common Files\<DIR> ODBC
[05/24/2008|02:16] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[04/14/2008|02:18] C:\Program Files\Common Files\<DIR> Services
[04/14/2008|10:37] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/28/2009|09:58] C:\Program Files\Common Files\<DIR> System
[01/29/2009|08:35] C:\Program Files\Common Files\<DIR> Windows Live
[07/19/2008|11:47] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 39 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 20:37:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\user\Application Data\uTorrent\Reflexive Universal Unwrapper Crack Keygen v3.0.torrent
C:\DOCUME~1\user\Recent\Reflexive Universal Unwrapper Crack Keygen v3.0.lnk
C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\DVD Region+CSS Free\DVDRegion+CSSFree_512_CERBER_tPORt_crack.exe


[F:96][D:417]-> C:\DOCUME~1\user\LOCALS~1\Temp
[F:52][D:0]-> C:\DOCUME~1\user\Cookies
[F:646][D:18]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 10/21/2009|20:26 - Option : [4]
2 - "C:\Lop SD\LopR_2.txt" - Wed 10/21/2009|20:38 - Option : [1]

--------------------\\ Scan completed at 20:38:20
markiitourerv
Active Member
 
Posts: 3
Joined: October 15th, 2009, 9:59 pm

Re: Anything here look suspect?

Unread postby Blade81 » October 21st, 2009, 11:00 am

Hi

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

uTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs.

Also, there're some crack related things found in your system. If you want us to continue helping you then delete these files/folders too:
C:\Documents and Settings\user\Application Data\uTorrent <-folder
C:\Documents and Settings\user\Recent\Reflexive Universal Unwrapper Crack Keygen v3.0.lnk <-file
C:\Documents and Settings\All Users\Start Menu\Programs\DVD Region+CSS Free\DVDRegion+CSSFree_512_CERBER_tPORt_crack.exe <-file

When done, re-run DDS and post attach.txt report.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Anything here look suspect?

Unread postby NonSuch » October 25th, 2009, 4:24 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware