Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AVE.EXE is a pain in my side

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AVE.EXE is a pain in my side

Unread postby FoxLycan » April 27th, 2010, 1:46 am

first time on here, this site may be my savior, if i do anything wrong i'm sorry and i can always learn lol

not sure where it came from, i'm guessing limewire (installed and unistalled the same day..), it was a minor inconvenience at first but now it's really started to mess things up, keeps closing my browser while flooding me with "Windows Security System" virus alerts, and the other day i couldn't open up anything, would take me to the 'open with' tab, not sure why that stopped doing that but i can open stuff now (for now at least), this has been driving me mad and i got too many files on here to backup and restore, my norton hasn't picked up anything at all, i really hope i can find help here and i will be buying that program that can stop this 'rogue' once i start working, this is not my first time having this happen, 3rd time in 2 months actually


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:27 AM, on 4/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Eric\AppData\Local\ave.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {01443D17-503A-4537-94CD-3C372FEF15Ff} - C:\Windows\System32\ctl3dv232.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config -REBOOT
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Eric\AppData\Local\Temp\8B41.tmp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\Windows\System32\dot3msm32.dll,C:\Windows\System32\DevicePairingProxy32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8703 bytes


___________________________________________________________________________________________
µTorrent
2007 Microsoft Office system
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Amazon Links
AppCore
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ccCommon
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Component Framework
Diablo II
DVD MovieFactory for TOSHIBA
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 18
Java(TM) 6 Update 6
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Magic ISO Maker v5.5 (build 0274)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
Pando Media Booster
Picasa 2
Project64 1.6
QuickBooks Financial Center
Rappelz
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Resident Evil 4 1.10
RuneScape
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007

(KB973709)
Security Update for Windows Media Encoder (KB954156)
Shattered Galaxy
SPBBC 32bit
Starcraft
Symantec Real Time Storage Protection Component
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
WildTangent Games
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update


(forgot to mention this, hopefully i'm doing this right)
i dont know if this is from the same problem but the same time i downloaded limewire my search engine has messed up and will take me to yellowpages or other sites instead, usually works after i go back and search again (can take a few tries before it finally grabs the page i was trying to get)
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am
Advertisement
Register to Remove

Re: AVE.EXE is a pain in my side

Unread postby MWR 3 day Mod » April 30th, 2010, 1:54 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: AVE.EXE is a pain in my side

Unread postby Blade81 » April 30th, 2010, 10:13 am

Hi,

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

uTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Programs and Features. Please do so.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


---

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: AVE.EXE is a pain in my side

Unread postby FoxLycan » April 30th, 2010, 4:58 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric at 16:47:37.89 on Fri 04/30/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.807 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton AntiVirus *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\Norton\NUA.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eric\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {01443d17-503a-4537-94cd-3c372fef15ff} - c:\windows\system32\ctl3dv232.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RTHDBPL] c:\users\eric\appdata\local\temp\8B41.tmp
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [NortonUpdateAgent] c:\programdata\norton\NUA.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TP CfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-

C0AE12157777} -T:Config -REBOOT
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\dot3msm32.dll,c:\windows\system32\DevicePairingProxy32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\eric\appdata\roaming\mozilla\firefox\profiles\udec7mta.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

\components\FFExternalAlert.dll
FF - component: c:\users\eric\appdata\roaming\mozilla\firefox\profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100422.001\IDSvix86.sys [2010-4-23 286768]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-2-15 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-9 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2010-2-15 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-15 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2010-2-15 954368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-04-30 20:14:27 280064 ----a-w- c:\programdata\ctl3d3232.dll
2010-04-30 18:14:23 280064 ----a-w- c:\programdata\crtdll32.dll
2010-04-30 16:14:21 280064 ----a-w- c:\programdata\comsvcs32.dll
2010-04-30 01:44:50 280576 ----a-w- c:\programdata\f3ahvoas32.dll
2010-04-30 01:30:13 0 d-----w- c:\programdata\WindowsSearch
2010-04-30 01:20:22 0 d-----w- c:\program files\Interplay
2010-04-30 00:45:09 280576 ----a-w- c:\programdata\dbnetlib32.dll
2010-04-29 13:46:12 280576 ----a-w- c:\programdata\DevicePairingProxy3232.dll
2010-04-29 02:45:42 280576 ----a-w- c:\programdata\eappgnui32.dll
2010-04-29 00:45:41 280576 ----a-w- c:\programdata\dxva232.dll
2010-04-28 22:45:45 280576 ----a-w- c:\programdata\els32.dll
2010-04-28 19:45:43 280576 ----a-w- c:\programdata\EAPQEC32.dll
2010-04-28 16:45:46 280576 ----a-w- c:\programdata\EncDec32.dll
2010-04-28 11:21:08 280576 ----a-w- c:\programdata\cngaudit32.dll
2010-04-28 10:20:57 280576 ----a-w- c:\programdata\dpwsockx32.dll
2010-04-28 09:21:03 280576 ----a-w- c:\programdata\CIRCoInst32.dll
2010-04-28 08:20:58 280576 ----a-w- c:\programdata\drmv2clt32.dll
2010-04-28 05:19:52 280576 ----a-w- c:\programdata\docprop32.dll
2010-04-28 02:01:16 280576 ----a-w- c:\programdata\capicom32.dll
2010-04-28 01:01:06 280576 ----a-w- c:\programdata\azroleui32.dll
2010-04-28 00:01:18 280576 ----a-w- c:\programdata\cdd32.dll
2010-04-27 21:01:02 280576 ----a-w- c:\programdata\AuthFWWizFwk32.dll
2010-04-27 07:12:10 280576 ----a-w- c:\programdata\cfgmgr3232.dll
2010-04-27 05:27:44 0 d-----w- c:\program files\Trend Micro
2010-04-27 05:12:06 280576 ----a-w- c:\programdata\catsrv32.dll
2010-04-26 20:12:18 280576 ----a-w- c:\programdata\cofiredm32.dll
2010-04-26 07:06:17 280576 ----a-w- c:\programdata\CHxReadingStringIME32.dll
2010-04-26 06:59:48 280576 ----a-w- c:\programdata\gpedit32.dll
2010-04-26 03:16:18 280576 ----a-w- c:\programdata\comrepl32.dll
2010-04-26 03:16:12 280576 ----a-w- c:\programdata\cmstplua32.dll
2010-04-25 20:18:30 280576 ----a-w- c:\programdata\d3dx1032.dll
2010-04-25 17:18:29 280576 ----a-w- c:\programdata\d3dim32.dll
2010-04-25 16:18:35 280576 ----a-w- c:\programdata\davclnt32.dll
2010-04-25 15:18:21 280576 ----a-w- c:\programdata\cryptsvc32.dll
2010-04-25 08:50:32 280576 ----a-w- c:\programdata\dssenh32.dll
2010-04-25 05:50:33 280576 ----a-w- c:\programdata\dtsh32.dll
2010-04-25 01:50:34 280576 ----a-w- c:\programdata\dwmredir32.dll
2010-04-25 00:50:29 280576 ----a-w- c:\programdata\ds16gt32.dll
2010-04-24 23:50:50 280576 ----a-w- c:\programdata\FMAPO32.dll
2010-04-24 20:50:30 280576 ----a-w- c:\programdata\dsdmo32.dll
2010-04-24 10:29:11 280576 ----a-w- c:\programdata\csellang32.dll
2010-04-24 08:29:13 280576 ----a-w- c:\programdata\C_G1803032.dll
2010-04-24 07:29:03 280576 ----a-w- c:\programdata\comdlg3232.dll
2010-04-24 06:29:02 280576 ----a-w- c:\programdata\COLORCNV32.dll
2010-04-24 05:29:04 280576 ----a-w- c:\programdata\CompatUI3232.dll
2010-04-24 05:02:08 280576 ----a-w- c:\programdata\bidispl32.dll
2010-04-24 03:02:13 280576 ----a-w- c:\programdata\browseui32.dll
2010-04-24 02:02:11 280576 ----a-w- c:\programdata\brcoinst32.dll
2010-04-24 01:02:18 280576 ----a-w- c:\programdata\certenc32.dll
2010-04-23 23:02:09 280576 ----a-w- c:\programdata\bitsprx232.dll
2010-04-23 22:02:06 280576 ----a-w- c:\programdata\basesrv32.dll
2010-04-23 15:19:49 280576 ----a-w- c:\programdata\dmocx32.dll
2010-04-23 14:19:40 280576 ----a-w- c:\programdata\dfrgifps32.dll
2010-04-23 13:19:37 280576 ----a-w- c:\programdata\deploytk32.dll
2010-04-23 12:09:48 280576 ----a-w- c:\programdata\deskperf32.dll
2010-04-23 06:19:31 280576 ----a-w- c:\programdata\d3dx9_2732.dll
2010-04-23 04:28:21 967 ----a-w- c:\windows\ScUnin.pif
2010-04-23 04:28:21 94208 ----a-w- c:\windows\ScUnin.exe
2010-04-23 04:28:21 12894 ----a-w- c:\windows\scunin.dat
2010-04-23 03:44:26 280576 ----a-w- c:\programdata\dnsapi32.dll
2010-04-23 01:44:31 280576 ----a-w- c:\programdata\dpnaddr3232.dll
2010-04-22 23:44:29 280576 ----a-w- c:\programdata\dot3msm3232.dll
2010-04-22 22:44:30 280576 ----a-w- c:\programdata\dplayx32.dll
2010-04-22 20:44:28 280576 ----a-w- c:\programdata\dot3dlg32.dll
2010-04-22 17:44:21 280576 ----a-w- c:\programdata\dispex32.dll
2010-04-22 16:44:17 280576 ----a-w- c:\programdata\dhcpcsvc32.dll
2010-04-22 15:44:20 280576 ----a-w- c:\programdata\dinput832.dll
2010-04-22 14:44:19 280576 ----a-w- c:\programdata\dimsjob32.dll
2010-04-22 14:37:58 0 d-----w- c:\program files\Starcraft
2010-04-22 13:41:28 280576 ----a-w- c:\programdata\dmsynth32.dll
2010-04-22 12:41:26 280576 ----a-w- c:\programdata\dmime32.dll
2010-04-22 11:41:25 280576 ----a-w- c:\programdata\dmdskmgr32.dll
2010-04-22 09:41:10 280576 ----a-w- c:\programdata\d3dx9_3132.dll
2010-04-22 05:41:19 280576 ----a-w- c:\programdata\dfsrres32.dll
2010-04-22 04:41:05 280576 ----a-w- c:\programdata\d3d8thk32.dll
2010-04-22 03:40:58 280576 ----a-w- c:\programdata\feclient32.dll
2010-04-22 02:41:08 280576 ----a-w- c:\programdata\d3dx9_2432.dll
2010-04-22 01:41:03 280576 ----a-w- c:\programdata\d3d10level932.dll
2010-04-22 00:41:11 280576 ----a-w- c:\programdata\d3dx9_3432.dll
2010-04-21 23:41:14 280576 ----a-w- c:\programdata\DDEML32.dll
2010-04-21 22:48:33 280576 ----a-w- c:\programdata\dsprop32.dll
2010-04-21 21:40:57 280576 ----a-w- c:\programdata\fdWCN32.dll
2010-04-21 20:41:04 280576 ----a-w- c:\programdata\d3d10_1core32.dll
2010-04-21 19:40:59 280576 ----a-w- c:\programdata\FirewallAPI32.dll
2010-04-21 18:40:56 280576 ----a-w- c:\programdata\fdProxy32.dll
2010-04-21 16:40:53 280576 ----a-w- c:\programdata\evr32.dll
2010-04-21 15:47:41 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-21 15:21:18 0 d-----w- c:\program files\LucasArts
2010-04-21 15:11:17 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-04-21 15:11:16 0 d-----w- c:\program files\MagicDisc
2010-04-21 14:40:54 280576 ----a-w- c:\programdata\Faultrep32.dll
2010-04-21 05:57:45 240640 ----a-w- c:\programdata\framedyn32.dll
2010-04-20 06:17:10 240640 ----a-w- c:\programdata\cmipnpinstall32.dll
2010-04-20 05:17:04 240640 ----a-w- c:\programdata\certprop32.dll
2010-04-20 04:17:08 240640 ----a-w- c:\programdata\cliconfg32.dll
2010-04-20 00:37:12 240640 ----a-w- c:\programdata\d3dx9_2532.dll
2010-04-19 21:36:50 240640 ----a-w- c:\programdata\eapp3hst32.dll
2010-04-19 19:37:08 240640 ----a-w- c:\programdata\d3d1132.dll
2010-04-19 18:37:03 240640 ----a-w- c:\programdata\csrsrv32.dll
2010-04-19 16:36:40 240640 ----a-w- c:\programdata\dpnhupnp32.dll
2010-04-19 05:42:54 240640 ----a-w- c:\programdata\FDResPub32.dll
2010-04-19 04:42:51 240640 ----a-w- c:\programdata\ExplorerFrame32.dll
2010-04-19 03:42:50 240640 ----a-w- c:\programdata\esentprf32.dll
2010-04-19 02:42:48 240640 ----a-w- c:\programdata\emdmgmt32.dll
2010-04-19 01:42:46 240640 ----a-w- c:\programdata\eapsvc32.dll
2010-04-19 00:42:47 240640 ----a-w- c:\programdata\EhStorPwdMgr32.dll
2010-04-18 23:42:43 240640 ----a-w- c:\programdata\dxtmsft32.dll
2010-04-18 22:42:42 240640 ----a-w- c:\programdata\DWrite32.dll
2010-04-18 21:42:39 240640 ----a-w- c:\programdata\dsquery32.dll
2010-04-18 20:42:40 240640 ----a-w- c:\programdata\dsuiext32.dll
2010-04-18 19:42:45 240640 ----a-w- c:\programdata\eapphost32.dll
2010-04-18 18:43:08 240640 ----a-w- c:\programdata\d3dx9_3232.dll
2010-04-18 17:42:38 240640 ----a-w- c:\programdata\dskquota32.dll
2010-04-18 15:42:41 240640 ----a-w- c:\programdata\duser32.dll
2010-04-14 08:14:46 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 08:14:46 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 08:14:42 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:14:41 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:14:41 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 08:13:06 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:13:06 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:13:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:12:45 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:12:45 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:50:40 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:07:28 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:07:12 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 16:01:27 0 d-----w- c:\programdata\Sun
2010-04-10 16:01:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-09 17:43:51 0 d-sh--w- c:\programdata\SysWoW32
2010-04-09 17:43:36 203776 --sh--w- c:\programdata\unrar.exe
2010-04-09 17:43:36 0 d-----w- c:\programdata\1545610332
2010-04-09 17:43:27 0 d-sh--w- C:\System Volume Data
2010-04-08 22:46:24 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-04-08 21:23:55 17181 ----a-w- c:\windows\DIIUnin.dat
2010-04-08 21:23:52 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-08 21:23:52 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-08 21:12:07 0 d-----w- c:\program files\Diablo II
2010-04-08 08:30:16 0 d-----w- c:\program files\Capcom
2010-04-08 07:59:53 0 d-----w- c:\program files\MagicISO
2010-04-08 06:19:23 123904 ----a-w- c:\windows\system32\C_IS202232.dll
2010-04-08 06:19:22 212480 ----a-w- c:\windows\system32\ctl3dv232.dll
2010-04-08 06:19:11 212480 ----a-w- c:\windows\system32\colbact32.dll
2010-04-08 06:14:18 212480 ----a-w- c:\windows\system32\CompatUI32.dll
2010-04-08 06:13:39 142848 ----a-w- c:\windows\system32\DevicePairingProxy32.dll
2010-04-08 06:11:18 123904 ----a-w- c:\windows\system32\cnvfat32.dll
2010-04-08 06:11:17 212480 ----a-w- c:\windows\system32\cmutil32.dll
2010-04-08 06:11:02 0 d-sh--w- c:\users\eric\appdata\roaming\SystemProc
2010-04-08 06:10:58 212480 ----a-w- c:\windows\system32\dpnaddr32.dll
2010-04-08 06:10:56 142848 ----a-w- c:\windows\system32\dot3msm32.dll
2010-04-08 06:04:52 0 d-----w- c:\programdata\Apple
2010-04-08 05:56:39 0 d-----w- c:\users\eric\appdata\roaming\LimeWire
2010-04-06 01:58:45 0 d-----w- c:\program files\Project64 1.6
2010-04-05 17:07:53 0 d-----w- c:\programdata\Yahoo!
2010-04-05 16:45:30 0 d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2010-04-21 15:44:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-21 15:44:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-21 15:11:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-01 00:18:17 69 ----a-w- c:\users\eric\jagex_runescape_preferences2.dat
2010-03-31 23:33:23 41 ----a-w- c:\users\eric\jagex_runescape_preferences.dat
2010-03-25 01:56:09 0 ----a-w- c:\users\eric\jagex__preferences3.dat
2010-03-02 08:00:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-15 18:06:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-15 17:37:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-02-15 16:23:32 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-15 16:23:29 315392 ----a-w- c:\windows\HideWin.exe
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:50:54.23 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/15/2010 11:06:01 AM
System Uptime: 4/30/2010 9:54:07 AM (7 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU

| 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 47.257 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP186: 4/22/2010 10:49:30 AM - Removed Star Wars®: Knights of

the Old Republic (TM)
RP187: 4/23/2010 10:10:56 AM - Scheduled Checkpoint
RP188: 4/24/2010 4:22:37 AM - Scheduled Checkpoint
RP189: 4/25/2010 12:54:13 PM - Scheduled Checkpoint
RP190: 4/26/2010 3:26:41 PM - Scheduled Checkpoint
RP191: 4/28/2010 3:00:32 AM - Windows Update
RP192: 4/28/2010 3:01:12 AM - Scheduled Checkpoint
RP193: 4/29/2010 2:28:36 AM - Scheduled Checkpoint
RP194: 4/30/2010 1:05:16 PM - Scheduled Checkpoint

==== Installed Programs ======================

2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Amazon Links
AppCore
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ccCommon
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Component Framework
Diablo II
DVD MovieFactory for TOSHIBA
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 6
LiveUpdate (Symantec Corporation)
Magic ISO Maker v5.5 (build 0274)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
Pando Media Booster
Picasa 2
Project64 1.6
QuickBooks Financial Center
Rappelz
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Resident Evil 4 1.10
RuneScape
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007

(KB973709)
Security Update for Windows Media Encoder (KB954156)
Shattered Galaxy
SPBBC 32bit
Starcraft
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
WildTangent Games
Windows Media Encoder 9 Series
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

4/30/2010 3:09:07 AM, Error: cdrom [11] - The driver detected a

controller error on \Device\CdRom0.
4/30/2010 3:07:56 AM, Error: EventLog [6008] - The previous

system shutdown at 3:05:22 AM on 4/30/2010 was unexpected.
4/30/2010 1:03:29 PM, Error: bowser [8003] - The master browser

has received a server announcement from the computer GAMING that

believes that it is the master browser for the domain on

transport NetBT_Tcpip_{654EE3F1-E749-4199-AC31-30BD4D426C6. The

master browser is stopping or an election is being forced.
4/27/2010 10:27:02 AM, Error: Service Control Manager [7011] -

A timeout (30000 milliseconds) was reached while waiting for a

transaction response from the Netman service.
4/25/2010 7:34:19 PM, Error: EventLog [6008] - The previous

system shutdown at 7:32:50 PM on 4/25/2010 was unexpected.
4/25/2010 7:32:50 PM, Error: EventLog [6008] - The previous

system shutdown at 7:31:05 PM on 4/25/2010 was unexpected.
4/23/2010 9:19:11 AM, Error: Service Control Manager [7011] - A

timeout (30000 milliseconds) was reached while waiting for a

transaction response from the PlugPlay service.

==== End Of File ===========================
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am

Re: AVE.EXE is a pain in my side

Unread postby FoxLycan » April 30th, 2010, 5:09 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-30 17:09:00
Windows 6.0.6002 Service Pack 2
Running: vwnguj48.exe; Driver: C:\Users\Eric\AppData\Local\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

SSDT 87628500 ZwAlertResumeThread
SSDT 876285E0 ZwAlertThread
SSDT 87626650 ZwAllocateVirtualMemory
SSDT 8758C838 ZwAlpcConnectPort
SSDT 87628250 ZwCreateMutant
SSDT 87626788 ZwCreateThread
SSDT 87627CF0 ZwDebugActiveProcess
SSDT 8758C9A0 ZwFreeVirtualMemory
SSDT 87628340 ZwImpersonateAnonymousToken
SSDT 87628420 ZwImpersonateThread
SSDT 87628F38 ZwMapViewOfSection
SSDT 87627F90 ZwOpenEvent
SSDT 87625050 ZwOpenProcessToken
SSDT 87627DD0 ZwOpenSection
SSDT 87628A98 ZwOpenThreadToken
SSDT 876220E0 ZwResumeThread
SSDT 876289D8 ZwSetContextThread
SSDT 87628D88 ZwSetInformationProcess
SSDT 876288E8 ZwSetInformationThread
SSDT 87627EB0 ZwSuspendProcess
SSDT 87628728 ZwSuspendThread
SSDT 87621050 ZwTerminateProcess
SSDT 87628808 ZwTerminateThread
SSDT 87628E78 ZwUnmapViewOfSection
SSDT 8758CA90 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81CC3880 8 Bytes [00, 85, 62, 87, E0, 85, 62, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81CC3894 4 Bytes [50, 66, 62, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 81CC38A0 4 Bytes [38, C8, 58, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81CC3958 4 Bytes [50, 82, 62, 87]
.text ntkrnlpa.exe!KeSetEvent + 221 81CC3984 4 Bytes [88, 67, 62, 87]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87955480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87996900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] ntdll.dll!LdrLoadDll 774A9390 5 Bytes JMP 003013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!closesocket 775C330C 5 Bytes JMP 002E2DF2 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!WSASocketW 775C34EB 7 Bytes JMP 002E2D19 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!connect 775C40D9 5 Bytes JMP 002E2D7C C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!getaddrinfo 775C418A 5 Bytes JMP 002E2E68 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!bind 775C652F 5 Bytes JMP 002E2CA3 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!WSAConnect 775CD7B0 2 Bytes JMP 002E2DB1 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!WSAConnect + 3 775CD7B3 2 Bytes [D1, 88]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!WSAAsyncGetHostByName 775D5FB9 5 Bytes JMP 002E2EB6 C:\Windows\System32\dot3msm32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4560] WS2_32.dll!gethostbyname 775D62D4 5 Bytes JMP 002E2E1C C:\Windows\System32\dot3msm32.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am

Re: AVE.EXE is a pain in my side

Unread postby FoxLycan » April 30th, 2010, 5:24 pm

about a day ago my pc restarted itself and my norton caught a trojan but i couldn't remove it until everything was closed, all my programs were closed but in my taskbar i had a program that i didn't notice before, was something about graphics (i didn't catch the full name) but when i closed it norton snatched the trojan and now my browser doesn't auto shutdown anymore, i still get windows explorer crashes (which i just logoff my user and relog and it's back) i still get the windows defender thing pop up, and when it does my norton says something about a suspicious dloader.
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am

Re: AVE.EXE is a pain in my side

Unread postby Blade81 » May 1st, 2010, 6:36 am

Hi,

Please turn word wrap off in notepad to make next logs appear in more readable format without gaps between the entries.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: AVE.EXE is a pain in my side

Unread postby FoxLycan » May 1st, 2010, 8:22 am

ComboFix 10-04-30.03 - Eric 05/01/2010 7:51.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1157 [GMT -4:00]
Running from: c:\users\Eric\Downloads\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Norton AntiVirus *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2921020103-4012920673-1293734090-500
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\programdata\AuthFWWizFwk32.dll
c:\programdata\azroleui32.dll
c:\programdata\basesrv32.dll
c:\programdata\bidispl32.dll
c:\programdata\bitsprx232.dll
c:\programdata\brcoinst32.dll
c:\programdata\browseui32.dll
c:\programdata\C_G1803032.dll
c:\programdata\capicom32.dll
c:\programdata\catsrv32.dll
c:\programdata\cdd32.dll
c:\programdata\certenc32.dll
c:\programdata\cfgmgr3232.dll
c:\programdata\CHxReadingStringIME32.dll
c:\programdata\CIRCoInst32.dll
c:\programdata\cmstplua32.dll
c:\programdata\cngaudit32.dll
c:\programdata\cofiredm32.dll
c:\programdata\COLORCNV32.dll
c:\programdata\comdlg3232.dll
c:\programdata\CompatUI3232.dll
c:\programdata\comrepl32.dll
c:\programdata\cryptsvc32.dll
c:\programdata\csellang32.dll
c:\programdata\d3d10_1core32.dll
c:\programdata\d3d10level932.dll
c:\programdata\d3d8thk32.dll
c:\programdata\d3dim32.dll
c:\programdata\d3dx1032.dll
c:\programdata\d3dx9_2432.dll
c:\programdata\d3dx9_2732.dll
c:\programdata\d3dx9_3132.dll
c:\programdata\d3dx9_3432.dll
c:\programdata\davclnt32.dll
c:\programdata\dbnetlib32.dll
c:\programdata\DDEML32.dll
c:\programdata\deploytk32.dll
c:\programdata\deskperf32.dll
c:\programdata\DevicePairingProxy3232.dll
c:\programdata\dfrgifps32.dll
c:\programdata\dfsrres32.dll
c:\programdata\dhcpcsvc32.dll
c:\programdata\dimsjob32.dll
c:\programdata\dinput832.dll
c:\programdata\dispex32.dll
c:\programdata\dmdskmgr32.dll
c:\programdata\dmime32.dll
c:\programdata\dmocx32.dll
c:\programdata\dmsynth32.dll
c:\programdata\dnsapi32.dll
c:\programdata\docprop32.dll
c:\programdata\dot3dlg32.dll
c:\programdata\dot3msm3232.dll
c:\programdata\dplayx32.dll
c:\programdata\dpnaddr3232.dll
c:\programdata\dpwsockx32.dll
c:\programdata\drmv2clt32.dll
c:\programdata\ds16gt32.dll
c:\programdata\dsdmo32.dll
c:\programdata\dsprop32.dll
c:\programdata\dssenh32.dll
c:\programdata\dtsh32.dll
c:\programdata\dwmredir32.dll
c:\programdata\dxva232.dll
c:\programdata\eappgnui32.dll
c:\programdata\EAPQEC32.dll
c:\programdata\els32.dll
c:\programdata\EncDec32.dll
c:\programdata\evr32.dll
c:\programdata\f3ahvoas32.dll
c:\programdata\Faultrep32.dll
c:\programdata\fdProxy32.dll
c:\programdata\fdWCN32.dll
c:\programdata\feclient32.dll
c:\programdata\FirewallAPI32.dll
c:\programdata\FMAPO32.dll
c:\programdata\gpedit32.dll
c:\users\Eric\AppData\Roaming\0200000091997cba872C.manifest
c:\users\Eric\AppData\Roaming\0200000091997cba872O.manifest
c:\users\Eric\AppData\Roaming\0200000091997cba872P.manifest
c:\users\Eric\AppData\Roaming\0200000091997cba872S.manifest
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{ac0a3a96-4ccf-4797-a047-ffbca8981bed}
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{ac0a3a96-4ccf-4797-a047-ffbca8981bed}\chrome.manifest
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{ac0a3a96-4ccf-4797-a047-ffbca8981bed}\chrome\xulcache.jar
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{ac0a3a96-4ccf-4797-a047-ffbca8981bed}\defaults\preferences\xulcache.js
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{ac0a3a96-4ccf-4797-a047-ffbca8981bed}\install.rdf
c:\users\Eric\AppData\Roaming\SystemProc
c:\users\Eric\AppData\Roaming\SystemProc\lsass.exe
c:\windows\system32\CNVFAT32.DLL
c:\windows\system32\colbact32.dll
c:\windows\system32\COMPATUI32.DLL
c:\windows\system32\ctl3dv232.dll
c:\windows\system32\dot3msm32.dll
c:\windows\system32\DPNADDR32.DLL

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-05-01 12:00 . 2010-05-01 12:02 -------- d-----w- c:\users\Eric\AppData\Local\temp
2010-05-01 12:00 . 2010-05-01 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 11:50 . 2010-05-01 11:50 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-04-30 23:22 . 2010-04-30 23:22 -------- d-----w- c:\users\Eric\New Folder
2010-04-30 01:30 . 2010-04-30 01:30 -------- d-----w- c:\programdata\WindowsSearch
2010-04-30 01:20 . 2010-05-01 08:04 -------- d-----w- c:\program files\Interplay
2010-04-28 07:23 . 2010-04-28 07:23 680 ----a-w- c:\users\Eric\AppData\Local\d3d9caps.dat
2010-04-27 05:27 . 2010-04-27 05:27 -------- d-----w- c:\program files\Trend Micro
2010-04-27 01:12 . 2010-04-27 01:12 112976 ----a-w- c:\users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 04:28 . 2010-04-23 04:28 967 ----a-w- c:\windows\ScUnin.pif
2010-04-23 04:28 . 2010-04-23 04:28 94208 ----a-w- c:\windows\ScUnin.exe
2010-04-23 04:28 . 2010-04-23 04:28 12894 ----a-w- c:\windows\scunin.dat
2010-04-22 14:37 . 2010-04-23 05:41 -------- d-----w- c:\program files\Starcraft
2010-04-21 15:47 . 2010-04-21 19:45 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-21 15:21 . 2010-04-22 14:52 -------- d-----w- c:\program files\LucasArts
2010-04-21 15:11 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-04-21 15:11 . 2010-04-21 15:12 -------- d-----w- c:\program files\MagicDisc
2010-04-20 13:09 . 2010-04-20 13:19 -------- d-----w- c:\users\Eric\AppData\Local\Microsoft Games
2010-04-14 08:14 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:14 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 08:14 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:13 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:13 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:13 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:50 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:07 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:07 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 16:01 . 2010-04-10 16:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-09 17:43 . 2010-05-01 05:22 -------- d-sh--w- c:\programdata\SysWoW32
2010-04-09 17:43 . 2010-05-01 05:22 -------- d-----w- c:\programdata\1545610332
2010-04-09 17:43 . 2010-04-09 17:43 -------- d-----w- C:\System Volume Data
2010-04-08 22:46 . 2010-04-08 22:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-08 21:23 . 2010-04-08 21:23 17181 ----a-w- c:\windows\DIIUnin.dat
2010-04-08 21:23 . 2010-04-08 21:23 94208 ----a-w- c:\windows\DIIUnin.exe
2010-04-08 21:23 . 2010-04-08 21:23 2829 ----a-w- c:\windows\DIIUnin.pif
2010-04-08 21:12 . 2010-04-21 05:06 -------- d-----w- c:\program files\Diablo II
2010-04-08 08:30 . 2010-04-08 08:30 -------- d-----w- c:\program files\Capcom
2010-04-08 07:59 . 2010-04-08 08:15 -------- d-----w- c:\program files\MagicISO
2010-04-08 06:19 . 2010-04-08 06:19 123904 ----a-w- c:\windows\system32\C_IS202232.dll
2010-04-08 06:13 . 2010-04-08 06:13 142848 ----a-w- c:\windows\system32\DevicePairingProxy32.dll
2010-04-08 06:11 . 2010-04-08 06:11 -------- d-----w- c:\users\Eric\AppData\Local\Apple Computer
2010-04-08 06:11 . 2010-04-08 06:11 212480 ----a-w- c:\windows\system32\cmutil32.dll
2010-04-08 06:05 . 2010-04-08 06:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-08 06:05 . 2010-04-08 06:05 -------- d-----w- c:\users\Eric\AppData\Local\Apple
2010-04-08 06:04 . 2010-04-08 06:04 -------- d-----w- c:\program files\Apple Software Update
2010-04-08 06:04 . 2010-04-08 06:04 -------- d-----w- c:\programdata\Apple
2010-04-08 05:56 . 2010-04-08 14:26 -------- d-----w- c:\users\Eric\AppData\Roaming\LimeWire
2010-04-06 01:58 . 2010-04-06 01:58 -------- d-----w- c:\program files\Project64 1.6
2010-04-05 17:09 . 2010-04-08 06:22 -------- d-----w- c:\users\Eric\AppData\Local\Yahoo
2010-04-05 17:08 . 2010-04-05 17:09 -------- d-----w- c:\users\Eric\AppData\Roaming\Yahoo!
2010-04-05 17:07 . 2010-04-05 17:08 -------- d-----w- c:\programdata\Yahoo!
2010-04-05 16:45 . 2010-04-08 21:41 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 04:59 . 2010-05-01 04:59 280064 ----a-w- c:\programdata\EhStorAuthn32.dll
2010-05-01 04:59 . 2010-05-01 04:59 280064 ----a-w- c:\programdata\EhStorAuthn32.dll
2010-04-30 21:14 . 2010-04-30 21:14 280064 ----a-w- c:\programdata\d2d132.dll
2010-04-30 21:14 . 2010-04-30 21:14 280064 ----a-w- c:\programdata\d2d132.dll
2010-04-30 20:14 . 2010-04-30 20:14 280064 ----a-w- c:\programdata\ctl3d3232.dll
2010-04-30 20:14 . 2010-04-30 20:14 280064 ----a-w- c:\programdata\ctl3d3232.dll
2010-04-30 18:14 . 2010-04-30 18:14 280064 ----a-w- c:\programdata\crtdll32.dll
2010-04-30 18:14 . 2010-04-30 18:14 280064 ----a-w- c:\programdata\crtdll32.dll
2010-04-30 16:14 . 2010-04-30 16:14 280064 ----a-w- c:\programdata\comsvcs32.dll
2010-04-30 16:14 . 2010-04-30 16:14 280064 ----a-w- c:\programdata\comsvcs32.dll
2010-04-27 17:09 . 2010-04-27 17:09 1077248 --sha-w- c:\users\Eric\AppData\Roaming\9C69.tmp
2010-04-25 05:50 . 2010-04-25 05:50 1077248 --sha-w- c:\users\Eric\AppData\Roaming\2938.tmp
2010-04-25 01:28 . 2010-04-25 01:28 769024 --sha-w- c:\users\Eric\AppData\Roaming\B4ED.tmp
2010-04-24 00:19 . 2010-04-24 00:19 769024 --sha-w- c:\users\Eric\AppData\Roaming\8299.tmp
2010-04-22 14:52 . 2008-09-30 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-21 08:58 . 2010-04-21 08:58 0 ----a-w- c:\users\Eric\AppData\Roaming\A0CD.tmp
2010-04-21 08:58 . 2010-04-21 08:58 0 ----a-w- c:\users\Eric\AppData\Roaming\4E88.tmp
2010-04-21 05:57 . 2010-04-21 05:57 240640 ----a-w- c:\programdata\framedyn32.dll
2010-04-21 05:57 . 2010-04-21 05:57 240640 ----a-w- c:\programdata\framedyn32.dll
2010-04-21 05:26 . 2008-09-30 17:56 -------- d-----w- c:\program files\Toshiba
2010-04-20 06:17 . 2010-04-20 06:17 240640 ----a-w- c:\programdata\cmipnpinstall32.dll
2010-04-20 06:17 . 2010-04-20 06:17 240640 ----a-w- c:\programdata\cmipnpinstall32.dll
2010-04-20 05:17 . 2010-04-20 05:17 240640 ----a-w- c:\programdata\certprop32.dll
2010-04-20 05:17 . 2010-04-20 05:17 240640 ----a-w- c:\programdata\certprop32.dll
2010-04-20 04:17 . 2010-04-20 04:17 240640 ----a-w- c:\programdata\cliconfg32.dll
2010-04-20 04:17 . 2010-04-20 04:17 240640 ----a-w- c:\programdata\cliconfg32.dll
2010-04-20 00:37 . 2010-04-20 00:37 240640 ----a-w- c:\programdata\d3dx9_2532.dll
2010-04-20 00:37 . 2010-04-20 00:37 240640 ----a-w- c:\programdata\d3dx9_2532.dll
2010-04-19 23:00 . 2010-04-19 23:00 769024 --sha-w- c:\users\Eric\AppData\Roaming\47E7.tmp
2010-04-19 21:36 . 2010-04-19 21:36 240640 ----a-w- c:\programdata\eapp3hst32.dll
2010-04-19 21:36 . 2010-04-19 21:36 240640 ----a-w- c:\programdata\eapp3hst32.dll
2010-04-19 19:37 . 2010-04-19 19:37 240640 ----a-w- c:\programdata\d3d1132.dll
2010-04-19 19:37 . 2010-04-19 19:37 240640 ----a-w- c:\programdata\d3d1132.dll
2010-04-19 18:37 . 2010-04-19 18:37 240640 ----a-w- c:\programdata\csrsrv32.dll
2010-04-19 18:37 . 2010-04-19 18:37 240640 ----a-w- c:\programdata\csrsrv32.dll
2010-04-19 16:36 . 2010-04-19 16:36 240640 ----a-w- c:\programdata\dpnhupnp32.dll
2010-04-19 16:36 . 2010-04-19 16:36 240640 ----a-w- c:\programdata\dpnhupnp32.dll
2010-04-19 05:42 . 2010-04-19 05:42 240640 ----a-w- c:\programdata\FDResPub32.dll
2010-04-19 05:42 . 2010-04-19 05:42 240640 ----a-w- c:\programdata\FDResPub32.dll
2010-04-19 04:42 . 2010-04-19 04:42 240640 ----a-w- c:\programdata\ExplorerFrame32.dll
2010-04-19 04:42 . 2010-04-19 04:42 240640 ----a-w- c:\programdata\ExplorerFrame32.dll
2010-04-19 03:42 . 2010-04-19 03:42 240640 ----a-w- c:\programdata\esentprf32.dll
2010-04-19 03:42 . 2010-04-19 03:42 240640 ----a-w- c:\programdata\esentprf32.dll
2010-04-19 02:42 . 2010-04-19 02:42 240640 ----a-w- c:\programdata\emdmgmt32.dll
2010-04-19 02:42 . 2010-04-19 02:42 240640 ----a-w- c:\programdata\emdmgmt32.dll
2010-04-19 01:42 . 2010-04-19 01:42 240640 ----a-w- c:\programdata\eapsvc32.dll
2010-04-19 01:42 . 2010-04-19 01:42 240640 ----a-w- c:\programdata\eapsvc32.dll
2010-04-19 01:02 . 2010-04-19 01:02 769024 --sha-w- c:\users\Eric\AppData\Roaming\D80A.tmp
2010-04-19 00:42 . 2010-04-19 00:42 240640 ----a-w- c:\programdata\EhStorPwdMgr32.dll
2010-04-19 00:42 . 2010-04-19 00:42 240640 ----a-w- c:\programdata\EhStorPwdMgr32.dll
2010-04-18 23:42 . 2010-04-18 23:42 240640 ----a-w- c:\programdata\dxtmsft32.dll
2010-04-18 23:42 . 2010-04-18 23:42 240640 ----a-w- c:\programdata\dxtmsft32.dll
2010-04-18 22:42 . 2010-04-18 22:42 240640 ----a-w- c:\programdata\DWrite32.dll
2010-04-18 22:42 . 2010-04-18 22:42 240640 ----a-w- c:\programdata\DWrite32.dll
2010-04-18 21:42 . 2010-04-18 21:42 240640 ----a-w- c:\programdata\dsquery32.dll
2010-04-18 21:42 . 2010-04-18 21:42 240640 ----a-w- c:\programdata\dsquery32.dll
2010-04-18 20:42 . 2010-04-18 20:42 240640 ----a-w- c:\programdata\dsuiext32.dll
2010-04-18 20:42 . 2010-04-18 20:42 240640 ----a-w- c:\programdata\dsuiext32.dll
2010-04-18 19:42 . 2010-04-18 19:42 240640 ----a-w- c:\programdata\eapphost32.dll
2010-04-18 19:42 . 2010-04-18 19:42 240640 ----a-w- c:\programdata\eapphost32.dll
2010-04-18 18:43 . 2010-04-18 18:43 240640 ----a-w- c:\programdata\d3dx9_3232.dll
2010-04-18 18:43 . 2010-04-18 18:43 240640 ----a-w- c:\programdata\d3dx9_3232.dll
2010-04-18 17:42 . 2010-04-18 17:42 240640 ----a-w- c:\programdata\dskquota32.dll
2010-04-18 17:42 . 2010-04-18 17:42 240640 ----a-w- c:\programdata\dskquota32.dll
2010-04-18 15:42 . 2010-04-18 15:42 240640 ----a-w- c:\programdata\duser32.dll
2010-04-18 15:42 . 2010-04-18 15:42 240640 ----a-w- c:\programdata\duser32.dll
2010-04-17 22:14 . 2010-04-17 22:14 769024 --sha-w- c:\users\Eric\AppData\Roaming\9712.tmp
2010-04-16 23:55 . 2010-04-16 23:55 769024 --sha-w- c:\users\Eric\AppData\Roaming\BA79.tmp
2010-04-15 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 15:43 . 2010-02-15 16:11 -------- d-----w- c:\programdata\Microsoft Help
2010-04-12 17:39 . 2010-02-15 16:08 1808752 ----a-w- c:\programdata\Norton\NUA.exe
2010-04-11 14:58 . 2008-09-30 19:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-11 01:47 . 2010-04-11 01:47 769024 --sha-w- c:\users\Eric\AppData\Roaming\FE7D.tmp
2010-04-10 16:01 . 2008-09-30 19:28 -------- d-----w- c:\program files\Common Files\Java
2010-04-10 16:00 . 2008-09-30 19:28 -------- d-----w- c:\program files\Java
2010-04-10 05:47 . 2010-04-10 05:46 769024 --sha-w- c:\users\Eric\AppData\Roaming\49CC.tmp
2010-04-10 05:05 . 2010-04-10 05:05 769024 --sha-w- c:\users\Eric\AppData\Roaming\4826.tmp
2010-04-10 04:43 . 2010-02-15 22:10 -------- d-----w- c:\programdata\PMB Files
2010-04-10 04:43 . 2008-09-30 19:34 -------- d-----w- c:\program files\Picasa2
2010-04-10 04:43 . 2010-02-15 16:14 -------- d-----w- c:\program files\Microsoft Works
2010-04-09 17:43 . 2010-04-09 17:43 203776 --sh--w- c:\programdata\unrar.exe
2010-04-09 17:43 . 2010-04-09 17:43 203776 --sh--w- c:\programdata\unrar.exe
2010-04-09 17:43 . 2010-04-09 17:43 769024 --sha-w- c:\users\Eric\AppData\Roaming\724C.tmp
2010-04-09 17:43 . 2010-04-09 17:43 826880 --sha-w- c:\users\Eric\AppData\Roaming\CE2F.tmp
2010-04-06 01:58 . 2010-04-06 01:58 8854 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-04-06 01:58 . 2010-04-06 01:58 40960 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-04-06 01:58 . 2010-04-06 01:58 40960 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-04-01 00:18 . 2010-03-20 05:43 69 ----a-w- c:\users\Eric\jagex_runescape_preferences2.dat
2010-03-31 23:33 . 2010-03-20 05:42 41 ----a-w- c:\users\Eric\jagex_runescape_preferences.dat
2010-03-29 13:59 . 2010-03-31 23:06 52224 ----a-w- c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-03-29 13:59 . 2010-03-31 23:06 101376 ----a-w- c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-03-25 01:56 . 2010-03-25 01:56 0 ----a-w- c:\users\Eric\jagex__preferences3.dat
2010-03-20 05:40 . 2010-03-20 05:40 -------- d-----w- c:\program files\Jagex Games Studio
2010-03-12 23:24 . 2010-03-12 23:24 -------- d-----w- c:\programdata\Age of Empires 3
2010-03-12 22:09 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2010-02-23 06:39 . 2010-03-31 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 12:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 12:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 12:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-15 18:12 . 2010-02-15 18:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEC8F.tmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-15 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-15 2937528]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2010-04-12 1808752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-15 30192]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"TP CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCuw.exe" [2008-01-31 611712]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,22,ac,f3,67,ae,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-15 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-12-16 3453712]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100422.001\IDSvix86.sys [2010-02-11 286768]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-01-18 102448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:41]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:41]

2010-04-27 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Eric.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\udec7mta.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01443D17-503A-4537-94CD-3C372FEF15Ff} - c:\windows\System32\ctl3dv232.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 08:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-05-01 08:08:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-01 12:08

Pre-Run: 46,309,625,856 bytes free
Post-Run: 46,892,351,488 bytes free

- - End Of File - - 947595436EF4311DD7D79EBCB8429405
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am

Re: AVE.EXE is a pain in my side

Unread postby FoxLycan » May 1st, 2010, 8:24 am

i unchecked word wrap, man this program scared me, after it rebooted and did it's log, everything i tried to open would pop up a registry missing error, couldn't open firefox or IE, but after i restarted again it worked fine, well that's alot of files deleted lol, i'm shocked
FoxLycan
Active Member
 
Posts: 7
Joined: April 27th, 2010, 1:38 am

Re: AVE.EXE is a pain in my side

Unread postby Blade81 » May 1st, 2010, 9:06 am

Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform a quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file in your next reply.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
FileLook::
c:\users\Eric\AppData\Roaming\2938.tmp
c:\users\Eric\AppData\Roaming\B4ED.tmp



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3 AND separate update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed enable the Java add-ons in IE7. Do that using manage add-ons from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: AVE.EXE is a pain in my side

Unread postby Blade81 » May 4th, 2010, 10:05 am

Hi,

Do you still need help?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: AVE.EXE is a pain in my side

Unread postby Blade81 » May 7th, 2010, 5:45 pm

Due to inactivity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware