Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

AVE.exe keeps returning, cpu 100%, freezing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 2nd, 2010, 1:26 pm

ComboFix 10-04-30.03 - me 04/30/2010 20:06:26.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.581 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\me\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point

FILE ::
"c:\documents and settings\me\Start Menu\Programs\Startup\monnid32.exe"
"c:\windows\pss\monnid32.exeStartup"
"c:\windows\system32\atnfig.dll"
"C:\WINDOWS\system32\mojekeva.dll"

file zipped: c:\documents and settings\me\Application Data\cqfyto.dat
file zipped: c:\windows\Aliyobesitef.dat
file zipped: c:\windows\Lqosiwawanub.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\me\Application Data\cqfyto.dat
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome.manifest
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome\content\_cfg.js
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome\content\overlay.xul
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\install.rdf
C:\Program Files\WindowsUpdate
c:\windows\Aliyobesitef.dat
c:\windows\Lqosiwawanub.bin

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-04-26 18:27:35 . 2008-04-14 07:14:48 153344 -c--a-w- C:\WINDOWS\system32\dllcache\dmio.sys
2010-04-26 18:27:35 . 2008-04-14 07:14:48 153344 ----a-w- C:\WINDOWS\system32\drivers\dmio.sys
2010-04-23 01:56:03 . 2009-06-07 23:16:12 819200 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2010-04-23 01:56:02 . 2010-04-23 01:56:03 -------- d-----w- C:\Program Files\Xvid
2010-04-23 01:56:02 . 2009-06-07 23:24:04 180224 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2010-04-21 01:02:56 . 2010-05-01 03:12:01 -------- d-----w- C:\WINDOWS\Internet Logs
2010-04-21 00:41:00 . 2010-04-21 00:41:00 -------- d-----w- C:\Program Files\Trend Micro
2010-04-20 03:42:12 . 2010-04-20 03:42:12 -------- d-s---w- C:\Documents and Settings\NetworkService\UserData
2010-04-18 07:51:54 . 2010-04-18 07:51:54 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-18 07:51:54 . 2010-04-18 07:51:54 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2010-04-17 23:18:41 . 2010-04-17 23:18:41 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2010-04-16 18:43:03 . 2010-04-17 23:18:22 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-16 09:11:22 . 2010-04-16 09:11:22 52224 ----a-w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-16 09:11:19 . 2010-04-30 18:22:31 117760 ----a-w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-16 09:10:46 . 2010-04-16 09:10:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 09:10:18 . 2010-04-16 09:10:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-04-16 09:10:18 . 2010-04-16 09:10:18 -------- d-----w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2010-04-15 01:37:05 . 2010-04-15 01:44:23 -------- d-----w- C:\HOPE2
2010-04-15 01:34:06 . 2010-03-30 07:46:30 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-15 01:34:03 . 2010-04-19 17:31:15 -------- d-----w- C:\Program Files\HOPE
2010-04-15 01:34:03 . 2010-03-30 07:45:52 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-12 01:24:35 . 2010-04-12 01:24:36 -------- d-----w- C:\Program Files\Winamp Detect
2010-04-10 19:44:16 . 2010-04-10 19:44:17 -------- d-----w- C:\Program Files\Apple Software Update
2010-04-09 08:27:01 . 2010-04-09 10:32:20 -------- d-----w- C:\WINDOWS\system32\wbem\Repository.001
2010-04-09 08:25:59 . 2008-04-14 12:42:36 73796 ------w- C:\WINDOWS\system32\slserv.exe
2010-04-09 08:23:23 . 2008-04-14 12:41:52 33792 -c----w- C:\WINDOWS\system32\dllcache\custsat.dll
2010-04-07 22:12:03 . 2010-04-07 22:12:03 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-04-07 22:11:59 . 2010-04-07 22:11:59 84480 ----a-w- C:\Documents and Settings\me\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-07 22:11:59 . 2010-04-07 22:11:59 -------- d-----w- C:\Documents and Settings\me\Application Data\SystemRequirementsLab
2010-04-07 20:26:59 . 2010-04-07 20:26:59 503808 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcp71.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:59 499712 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\jmc.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 61440 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-sse.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 348160 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcr71.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 12800 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-d3d.dll
2010-04-07 20:21:22 . 2010-04-07 20:20:34 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2010-04-07 18:41:35 . 2010-04-07 18:41:35 -------- d-----w- C:\VundoFix Backups
2010-04-06 20:13:15 . 2006-07-15 00:03:20 139264 ----a-w- C:\WINDOWS\system32\igfxres.dll
2010-04-06 19:58:59 . 2001-08-18 05:36:30 9216 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_rwnh.dll
2010-04-06 19:57:51 . 2002-08-29 12:00:00 10096640 -c--a-w- C:\WINDOWS\system32\dllcache\hwxcht.dll
2010-04-06 19:55:36 . 2008-04-14 07:15:08 6272 ----a-w- C:\WINDOWS\system32\drivers\splitter.sys
2010-04-06 19:55:29 . 2008-04-14 07:15:02 52864 ----a-w- C:\WINDOWS\system32\drivers\dmusic.sys
2010-04-06 19:49:56 . 2008-04-14 12:42:12 184320 ----a-w- C:\WINDOWS\system32\accwiz.exe
2010-04-06 16:32:45 . 2008-04-14 07:10:28 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2010-04-06 16:29:49 . 2008-04-14 12:41:58 4096 ----a-w- C:\WINDOWS\system32\ksuser.dll
2010-04-06 06:23:22 . 2008-04-14 12:43:22 40840 ----a-w- C:\WINDOWS\system32\drivers\termdd.sys
2010-04-06 06:23:20 . 2008-04-14 07:02:52 196224 ----a-w- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-04-06 06:21:19 . 2008-04-14 12:42:46 146432 ----a-w- C:\WINDOWS\system\winspool.drv
2010-04-06 06:21:19 . 2008-04-14 07:24:30 11264 ----a-w- C:\WINDOWS\system32\drivers\irenum.sys
2010-04-06 06:21:19 . 2002-08-29 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll
2010-04-06 06:21:15 . 2008-04-14 12:42:08 74752 ----a-w- C:\WINDOWS\system32\storprop.dll
2010-04-06 06:18:02 . 2010-04-06 06:18:02 -------- d-s---w- C:\WINDOWS\system32\config\systemprofile\History
2010-04-05 01:01:41 . 2007-10-22 10:39:54 267272 ----a-w- C:\WINDOWS\system32\xactengine2_10.dll
2010-04-05 01:01:39 . 2007-10-02 16:56:34 444776 ----a-w- C:\WINDOWS\system32\d3dx10_36.dll
2010-04-05 01:01:38 . 2007-10-12 22:14:00 1374232 ----a-w- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-04-05 01:01:33 . 2007-10-12 22:14:00 3734536 ----a-w- C:\WINDOWS\system32\d3dx9_36.dll
2010-04-05 01:01:30 . 2007-07-20 07:57:12 267112 ----a-w- C:\WINDOWS\system32\xactengine2_9.dll
2010-04-05 01:01:27 . 2007-07-20 01:14:42 444776 ----a-w- C:\WINDOWS\system32\d3dx10_35.dll
2010-04-05 01:01:27 . 2007-07-20 01:14:42 1358192 ----a-w- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-04-05 01:01:22 . 2007-07-20 01:14:42 3727720 ----a-w- C:\WINDOWS\system32\d3dx9_35.dll
2010-04-05 01:01:15 . 2007-10-22 10:37:16 17928 ----a-w- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-04-05 01:01:15 . 2007-06-21 03:46:04 266088 ----a-w- C:\WINDOWS\system32\xactengine2_8.dll
2010-04-05 01:01:13 . 2007-05-16 23:45:16 443752 ----a-w- C:\WINDOWS\system32\d3dx10_34.dll
2010-04-05 01:01:13 . 2007-05-16 23:45:16 1124720 ----a-w- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-04-05 01:01:05 . 2007-05-16 23:45:16 3497832 ----a-w- C:\WINDOWS\system32\d3dx9_34.dll
2010-04-05 01:00:55 . 2007-04-05 01:53:42 81768 ----a-w- C:\WINDOWS\system32\xinput1_3.dll
2010-04-05 01:00:35 . 2007-04-05 01:55:00 261480 ----a-w- C:\WINDOWS\system32\xactengine2_7.dll
2010-04-05 01:00:17 . 2007-03-15 23:57:58 443752 ----a-w- C:\WINDOWS\system32\d3dx10_33.dll
2010-04-05 01:00:17 . 2007-03-12 23:42:30 1123696 ----a-w- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-04-05 00:58:54 . 2007-03-12 23:42:30 3495784 ----a-w- C:\WINDOWS\system32\d3dx9_33.dll
2010-04-05 00:58:44 . 2007-01-24 22:27:30 255848 ----a-w- C:\WINDOWS\system32\xactengine2_6.dll
2010-04-05 00:58:37 . 2006-12-08 19:02:00 251672 ----a-w- C:\WINDOWS\system32\xactengine2_5.dll
2010-04-05 00:58:15 . 2006-11-29 20:06:18 3426072 ----a-w- C:\WINDOWS\system32\d3dx9_32.dll
2010-04-05 00:58:06 . 2007-03-05 19:42:18 15128 ----a-w- C:\WINDOWS\system32\x3daudio1_1.dll
2010-04-05 00:58:06 . 2006-09-28 23:05:56 237848 ----a-w- C:\WINDOWS\system32\xactengine2_4.dll
2010-04-05 00:58:02 . 2006-09-28 23:05:20 2414360 ----a-w- C:\WINDOWS\system32\d3dx9_31.dll
2010-04-05 00:57:54 . 2006-07-28 16:30:32 236824 ----a-w- C:\WINDOWS\system32\xactengine2_3.dll
2010-04-05 00:57:51 . 2006-07-28 16:30:14 62744 ----a-w- C:\WINDOWS\system32\xinput1_2.dll
2010-04-05 00:54:01 . 2005-05-26 22:34:52 2297552 ----a-w- C:\WINDOWS\system32\d3dx9_26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 02:50:20 . 2010-04-21 01:44:28 2557780 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2010-04-30 07:00:45 . 2009-02-12 01:04:13 -------- d-----w- C:\Documents and Settings\me\Application Data\EndNote
2010-04-26 18:17:12 . 2006-10-15 23:00:18 -------- d-----w- C:\Documents and Settings\me\Application Data\Lavasoft
2010-04-25 08:38:55 . 2007-09-05 18:11:44 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-21 01:21:35 . 2006-12-29 06:29:03 -------- d-----w- C:\Program Files\MOBILedit!
2010-04-21 01:20:25 . 2006-08-26 09:44:04 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-21 01:20:24 . 2006-08-26 09:44:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-04-21 01:03:58 . 2010-04-21 01:03:58 -------- d-----w- C:\Documents and Settings\me\Application Data\CheckPoint
2010-04-21 01:03:40 . 2010-04-21 01:03:40 -------- d-----w- C:\Program Files\CheckPoint
2010-04-21 01:03:38 . 2010-04-21 01:03:38 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
2010-04-21 01:03:27 . 2010-04-21 01:03:27 -------- d-----w- C:\Program Files\Zone Labs
2010-04-19 07:57:45 . 2006-09-04 22:57:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 01:29:21 . 2006-09-04 22:55:37 -------- d-----w- C:\Program Files\Winamp
2010-04-10 19:43:11 . 2006-09-02 15:47:15 98336 ----a-w- C:\Documents and Settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 09:34:18 . 2006-09-04 22:58:27 -------- d-----w- C:\Program Files\CCleaner
2010-04-09 08:29:21 . 2006-09-04 04:41:47 88037 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2010-04-07 20:26:28 . 2006-08-26 09:29:36 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-07 20:20:18 . 2006-08-26 09:29:38 -------- d-----w- C:\Program Files\Java
2010-04-06 19:55:50 . 2010-04-06 19:55:50 2678 ----a-w- C:\WINDOWS\java\Packages\Data\SRRZD357.DAT
2010-04-06 19:55:50 . 2010-04-06 19:55:49 558142 ----a-w- C:\WINDOWS\java\Packages\13VJN7ZZ.ZIP
2010-04-06 19:55:48 . 2010-04-06 19:55:48 2678 ----a-w- C:\WINDOWS\java\Packages\Data\PVXJV7N1.DAT
2010-04-06 19:55:48 . 2010-04-06 19:55:48 155995 ----a-w- C:\WINDOWS\java\Packages\6XZZVB9R.ZIP
2010-04-06 19:55:46 . 2010-04-06 19:55:46 2678 ----a-w- C:\WINDOWS\java\Packages\Data\BBZRTFRD.DAT
2010-04-06 19:55:46 . 2010-04-06 19:55:46 2678 ----a-w- C:\WINDOWS\java\Packages\Data\A8J5J1NV.DAT
2010-04-06 19:55:45 . 2010-04-06 19:55:45 2678 ----a-w- C:\WINDOWS\java\Packages\Data\8GGA3PB9.DAT
2010-04-06 19:50:45 . 2004-08-10 18:02:15 23428 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2010-04-06 19:50:32 . 2010-04-06 19:50:22 1663 ----a-w- C:\WINDOWS\inf\COM1DF.tmp
2010-03-06 03:20:26 . 2010-02-22 11:48:05 15944 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-02-23 02:10:33 . 2010-02-23 02:10:33 12872 ----a-w- C:\WINDOWS\system32\bootdelete.exe
2007-03-09 07:12:32 . 2007-03-09 07:12:32 27648 --sha-w- C:\WINDOWS\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\HOPE2 ----

2010-04-15 01:40:41 . 2010-04-15 01:45:44 764 ----a-w- C:\HOPE2\mbr.txt
2010-04-15 01:37:05 . 2010-04-15 01:36:58 389120 ----a-r- C:\HOPE2\CF12226.cfxxe
2010-04-15 01:36:49 . 2009-10-25 13:11:34 77312 ----a-r- C:\HOPE2\mbr.cfxxe

---- Directory of c:\program files\HOPE ----

2010-04-19 17:30:44 . 2010-03-30 07:46:02 1086856 ----a-w- c:\program files\HOPE\hop.exe
2010-04-15 01:34:09 . 2010-04-19 17:30:48 10498 ----a-w- c:\program files\HOPE\unins000.msg
2010-04-15 01:34:08 . 2010-03-30 07:46:14 303952 ----a-w- c:\program files\HOPE\mbamservice.exe
2010-04-15 01:34:07 . 2010-03-30 07:46:12 437584 ----a-w- c:\program files\HOPE\mbamgui.exe
2010-04-15 01:34:06 . 2010-03-30 07:46:28 496976 ----a-w- c:\program files\HOPE\vbalsgrid6.ocx
2010-04-15 01:34:06 . 2010-03-30 07:46:28 46416 ----a-w- c:\program files\HOPE\ssubtmr6.dll
2010-04-15 01:34:06 . 2010-03-30 07:46:30 79696 ----a-w- c:\program files\HOPE\zlib.dll
2010-04-15 01:34:06 . 2010-02-22 02:28:34 8078 ----a-w- c:\program files\HOPE\Languages\slovenian.lng
2010-04-15 01:34:06 . 2010-03-13 05:25:50 9986 ----a-w- c:\program files\HOPE\Languages\spanish.lng
2010-04-15 01:34:06 . 2010-03-06 02:46:34 8658 ----a-w- c:\program files\HOPE\Languages\swedish.lng
2010-04-15 01:34:06 . 2010-02-20 02:29:48 8414 ----a-w- c:\program files\HOPE\Languages\turkish.lng
2010-04-15 01:34:06 . 2010-02-19 00:29:06 9392 ----a-w- c:\program files\HOPE\Languages\portuguesePT.lng
2010-04-15 01:34:06 . 2010-03-11 04:53:54 9331 ----a-w- c:\program files\HOPE\Languages\romanian.lng
2010-04-15 01:34:06 . 2010-03-05 03:18:20 8742 ----a-w- c:\program files\HOPE\Languages\russian.lng
2010-04-15 01:34:06 . 2010-02-19 06:27:14 8771 ----a-w- c:\program files\HOPE\Languages\serbian.lng
2010-04-15 01:34:06 . 2010-02-18 19:04:12 8355 ----a-w- c:\program files\HOPE\Languages\slovak.lng
2010-04-15 01:34:06 . 2010-03-08 10:26:24 8878 ----a-w- c:\program files\HOPE\Languages\latvian.lng
2010-04-15 01:34:06 . 2010-03-03 03:22:30 9662 ----a-w- c:\program files\HOPE\Languages\macedonian.lng
2010-04-15 01:34:06 . 2010-03-06 06:27:22 8147 ----a-w- c:\program files\HOPE\Languages\norwegian.lng
2010-04-15 01:34:06 . 2010-02-17 11:06:40 8624 ----a-w- c:\program files\HOPE\Languages\polish.lng
2010-04-15 01:34:06 . 2010-02-17 19:47:06 9284 ----a-w- c:\program files\HOPE\Languages\portugueseBR.lng
2010-04-15 01:34:06 . 2010-02-23 17:40:46 9309 ----a-w- c:\program files\HOPE\Languages\italian.lng
2010-04-15 01:34:06 . 2010-02-19 05:51:04 7082 ----a-w- c:\program files\HOPE\Languages\korean.lng
2010-04-15 01:34:06 . 2010-02-18 00:54:28 6252 ----a-w- c:\program files\HOPE\Languages\hebrew.lng
2010-04-15 01:34:06 . 2010-03-13 22:49:40 9404 ----a-w- c:\program files\HOPE\Languages\hungarian.lng
2010-04-15 01:34:06 . 2010-02-19 04:50:28 8287 ----a-w- c:\program files\HOPE\Languages\finnish.lng
2010-04-15 01:34:06 . 2010-02-12 18:47:08 9901 ----a-w- c:\program files\HOPE\Languages\french.lng
2010-04-15 01:34:06 . 2010-03-13 15:43:24 9880 ----a-w- c:\program files\HOPE\Languages\german.lng
2010-04-15 01:34:06 . 2010-02-23 06:56:32 9663 ----a-w- c:\program files\HOPE\Languages\greek.lng
2010-04-15 01:34:06 . 2010-03-23 20:58:50 8726 ----a-w- c:\program files\HOPE\Languages\croatian.lng
2010-04-15 01:34:06 . 2010-02-20 15:16:46 8401 ----a-w- c:\program files\HOPE\Languages\czech.lng
2010-04-15 01:34:06 . 2010-02-19 03:59:00 8787 ----a-w- c:\program files\HOPE\Languages\danish.lng
2010-04-15 01:34:06 . 2010-03-06 08:25:10 9325 ----a-w- c:\program files\HOPE\Languages\dutch.lng
2010-04-15 01:34:06 . 2010-02-12 03:58:26 8089 ----a-w- c:\program files\HOPE\Languages\english.lng
2010-04-15 01:34:06 . 2010-03-14 02:50:26 8323 ----a-w- c:\program files\HOPE\Languages\estonian.lng
2010-04-15 01:34:06 . 2010-03-28 20:24:42 5365 ----a-w- c:\program files\HOPE\Languages\chineseSI.lng
2010-04-15 01:34:06 . 2010-03-14 21:07:58 6050 ----a-w- c:\program files\HOPE\Languages\chineseTR.lng
2010-04-15 01:34:06 . 2010-03-13 23:39:34 8948 ----a-w- c:\program files\HOPE\Languages\bulgarian.lng
2010-04-15 01:34:06 . 2010-03-06 02:29:50 9353 ----a-w- c:\program files\HOPE\Languages\catalan.lng
2010-04-15 01:34:06 . 2010-02-19 21:57:02 8878 ----a-w- c:\program files\HOPE\Languages\belarusian.lng
2010-04-15 01:34:06 . 2010-03-04 06:32:28 8744 ----a-w- c:\program files\HOPE\Languages\bosnian.lng
2010-04-15 01:34:04 . 2010-03-29 23:11:08 1705 ----a-w- c:\program files\HOPE\changes.rtf
2010-04-15 01:34:04 . 2009-01-05 02:31:04 4124 ----a-w- c:\program files\HOPE\license.txt
2010-04-15 01:34:04 . 2010-03-30 07:46:02 350032 ----a-w- c:\program files\HOPE\mbam.dll
2010-04-15 01:34:04 . 2010-03-29 21:51:52 35157 ----a-w- c:\program files\HOPE\mbam.chm
2010-04-15 01:34:03 . 2010-03-30 07:46:00 85328 ----a-w- c:\program files\HOPE\mbamext.dll
2010-04-15 01:34:03 . 2010-04-19 17:30:48 42687 ----a-w- c:\program files\HOPE\unins000.dat
2010-04-15 01:34:03 . 2010-04-19 17:30:18 705360 ----a-w- c:\program files\HOPE\unins000.exe


((((((((((((((((((((((((((((( SnapShot@2010-04-15_01.40.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 02:44:34 . 2010-05-01 02:44:34 16384 C:\WINDOWS\temp\Perflib_Perfdata_d4.dat
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:42 99208 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:50 65928 C:\WINDOWS\system32\ZoneLabs\zatray.exe
+ 2010-04-21 01:03:30 . 2009-11-22 22:43:00 20872 C:\WINDOWS\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 14216 C:\WINDOWS\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 43912 C:\WINDOWS\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 85384 C:\WINDOWS\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 37256 C:\WINDOWS\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 18824 C:\WINDOWS\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 10120 C:\WINDOWS\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 11144 C:\WINDOWS\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 14216 C:\WINDOWS\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12168 C:\WINDOWS\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 11144 C:\WINDOWS\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 29064 C:\WINDOWS\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:56 35720 C:\WINDOWS\system32\ZoneLabs\lib\Alert.zip.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:36 38280 C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:36 98184 C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2010-04-21 01:03:38 . 2009-11-22 22:42:36 74632 C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:40 69000 C:\WINDOWS\system32\zlcomm.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:40 41864 C:\WINDOWS\system32\vswmi.dll
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:40 58248 C:\WINDOWS\system32\vsregexp.dll
+ 2004-08-10 17:51:20 . 2010-04-26 18:45:40 80726 C:\WINDOWS\system32\perfc009.dat
- 2004-08-10 17:51:20 . 2010-04-09 10:37:00 80726 C:\WINDOWS\system32\perfc009.dat
- 2007-06-17 20:59:06 . 2009-09-13 23:32:49 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-17 20:59:06 . 2010-04-24 17:35:04 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-04-16 18:43:27 . 2010-04-16 18:43:27 98336 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 65024 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 18944 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 5120 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:42 141192 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:40 172936 C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 210824 C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2010-04-21 01:03:36 . 2007-10-11 23:51:34 832984 C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:38 434568 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:38 135048 C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2010-04-21 01:03:37 . 2009-07-14 06:58:50 722392 C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:43:00 119688 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 267656 C:\WINDOWS\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 175496 C:\WINDOWS\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 368008 C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 139144 C:\WINDOWS\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:56 376712 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-04-21 01:02:55 . 2009-10-10 03:33:50 579048 C:\WINDOWS\system32\ZoneLabs\icslta.dll
+ 2010-04-21 01:03:38 . 2008-03-17 23:52:02 813568 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:40 103816 C:\WINDOWS\system32\zlcommdb.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:40 109960 C:\WINDOWS\system32\vsxml.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 621960 C:\WINDOWS\system32\vsutil.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:42:40 299912 C:\WINDOWS\system32\vspubapi.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:42:40 107912 C:\WINDOWS\system32\vsmonapi.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 227720 C:\WINDOWS\system32\vsinit.dll
+ 2010-04-21 01:03:27 . 2009-11-22 22:42:54 486280 C:\WINDOWS\system32\vsdatant.sys
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:38 112008 C:\WINDOWS\system32\vsdata.dll
- 2004-08-10 17:51:20 . 2010-04-09 10:37:00 462298 C:\WINDOWS\system32\perfh009.dat
+ 2004-08-10 17:51:20 . 2010-04-26 18:45:40 462298 C:\WINDOWS\system32\perfh009.dat
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 256280 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:44 1238408 C:\WINDOWS\system32\zpeng25.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:40 1789320 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:44:16 2384240 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 1536392 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 3884312 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2010-04-16 09:10:31 . 2010-04-16 09:10:31 1583616 C:\WINDOWS\Installer\1aa1066.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 19:28:36 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 18:43:18 248040]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 16:48:02 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 13:08:42 1347584]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 00:05:30 1117184]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 21:30:44 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-07-29 11:07:57 188416]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 01:15:14 290816]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 10:12:00 98304]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 19:58:52 1032192]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 20:57:24 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 13:24:52 286720]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 05:13:52 208952]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-15 00:07:26 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-15 00:04:10 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-15 00:08:08 118784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 22:42:50 1037192]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 13:30:06 730480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:42:18 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2002-08-29 12:00:00 40960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-10-22 323584]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20:00 122940 ----a-w- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-13 06:58:16 188416 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 23:30:30 249856 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 23:30:30 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 21:42:04 267064 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 21:53:40 169264 ----a-w- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40:44 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-13 23:28:08 185872 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Spooler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15:58 AM 66632]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 6:30:02 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 6:30:26 AM 476528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [9/18/2008 7:23:19 PM 24652]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15:58 AM 12872]
S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58:52 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [8/2/2005 2:10:13 PM 32512]
S3 XDva090;XDva090;\??\C:\WINDOWS\system32\XDva090.sys --> C:\WINDOWS\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\C:\WINDOWS\system32\XDva190.sys --> C:\WINDOWS\system32\XDva190.sys [?]
S3 XDva269;XDva269;\??\C:\WINDOWS\system32\XDva269.sys --> C:\WINDOWS\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\C:\WINDOWS\system32\XDva275.sys --> C:\WINDOWS\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\C:\WINDOWS\system32\XDva279.sys --> C:\WINDOWS\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\C:\WINDOWS\system32\XDva288.sys --> C:\WINDOWS\system32\XDva288.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\xdvvoe8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 20:14:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(872)
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-04-30 20:17:43
ComboFix-quarantined-files.txt 2010-05-01 03:17:40
ComboFix2.txt 2010-04-26 18:49:14
ComboFix3.txt 2010-04-15 01:44:18
ComboFix4.txt 2010-04-07 18:38:57

Pre-Run: 29,191,520,256 bytes free
Post-Run: 29,127,155,712 bytes free

- - End Of File - - 5C609CC005011FAEEAFB3B3826824FF4
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top
Advertisement
Register to Remove

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 3rd, 2010, 3:27 am

Hi

That's looking better, we're nearly done. Follow the instructions below in the order given



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall via Start > Control Panel > Add/Remove Programs:
    Adobe Reader 7.1.0
  • Install the new downloaded updated software.
  • Then using the internal updater update the software to the current increment 9.3.2
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • If updates are found click Show Details and check the boxes to click to download and install any necessary updates.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u20-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 19
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

(You should still have this on your desktop)
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



No Antivirus
Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for non-commercial users.
3) Microsoft Security Essentials - Free anti-malware solution that helps protect against viruses, spyware, and other malicious software

[Please note that trial pay is not needed to get any product for free.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.



In your next reply:
  1. Eset log
  2. A fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 4th, 2010, 1:25 pm

hi thank you melboy,
Please give me some time to do these last steps.
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 4th, 2010, 4:36 pm

Ok - Try and get them posted in the next couple of days.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 7th, 2010, 1:41 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# osver=5.1.2600 NT Service Pack 3
# scanned=131113
# found=17
# cleaned=0
# scan_time=14758
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SupsavSmss1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentwu.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AUD trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\me\Local Settings\Application Data\av.exe.vir a variant of Win32/Kryptik.CCE trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\me\Local Settings\Application Data\MSASCui.exe.vir a variant of Win32/Kryptik.CCE trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\me\Start Menu\Programs\Startup\_monnid32_.exe.zip a variant of Win32/Kryptik.CPN trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\uzayejamiyumih.dll.vir a variant of Win32/Cimag.BX trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\maivvvoi.dll.vir a variant of Win32/Agent.WQK trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir Win32/TrojanDownloader.FakeAlert.ARF trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dmio.sys.vir_ Win32/Patched.EQ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_jbvpdvy_.sys.zip Win32/Bubnix.AE trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_nbbsy_.sys.zip Win32/Rootkit.Kryptik.BB trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0026498.sys Win32/Patched.EQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0026534.dll a variant of Win32/Agent.WQK trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0016090.exe probably a variant of Win32/Kryptik.DUC trojan 00000000000000000000000000000000 I

It's a bit worrying to see I still have so many reds, but as for how the computer is running, things are much better that I can tell. The only noticeable problem is I can't access the shut down menu, and can only shut down using ctrl+alt+del.
I'll install the antivirus and run Hijackthis tomorrow. Thanks again melboy :D
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 7th, 2010, 12:19 pm

Ok - Don't worry too much about the ESET detections. Some I expected to see - The majority are files quarantined by either combofix or Spybot, and then some in System Resotre that we'll deal with shortly.

Install an antivirus and then give me the fresh Hijackthis log I requested and we'll take it from there.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 7th, 2010, 7:35 pm

Ok, I have installed Microsoft Security Essentials.

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:51 PM, on 5/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\msiexec.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\me\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8709 bytes

Thanks melboy
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 7th, 2010, 7:45 pm

Thanks

We're nearly done.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
      MICROSOFT SECURITY ESSENTIALS

    • Open MSE and go to Settings > Real Time Protection.
    • Then uncheck "Turn on real time protection".
    • Exit MSE when done.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 10th, 2010, 7:57 am

Are you still with us CalvinQuest?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 10th, 2010, 12:45 pm

Hi melboy,
I'm sorry, I ran the Combofix, but when it finished and restarted, at the point it usually generates a log file, it hanged. I waited for about 20 hours, but it didn't finish and didn't create a log file.
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 10th, 2010, 12:58 pm

Hi

Ok, try this instead.


OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt 

:Commands
[purity]
[emptytemp]
[Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 12th, 2010, 4:48 pm

Hi melboy
Here is my OTM log:

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS2

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1016608 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: me
->Temp folder emptied: 14617149 bytes
->Temporary Internet Files folder emptied: 3029522 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55225846 bytes
->Flash cache emptied: 5454 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1070306 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05122010_134008

Files moved on Reboot...
C:\Documents and Settings\me\Local Settings\Temp\~DFE307.tmp moved successfully.
File C:\WINDOWS\temp\ZLT03b8c.TMP not found!

I think some files weren't found because I had run Combofix previously as per your request.
Registry entries deleted on Reboot...
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 12th, 2010, 4:52 pm

Ok, post me the log at:

C:\combofix.txt

How are things running - any problems?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby CalvinQuest » May 12th, 2010, 11:32 pm

I don't see that file. The last time I ran Combofix as per your request, it had completed all its processes but hanged at the part where it generates a log. I waited for 20 hours but no log was made.
Sorry for the trouble.
CalvinQuest
Regular Member
 
Posts: 20
Joined: April 20th, 2010, 8:53 pm
Top

Re: AVE.exe keeps returning, cpu 100%, freezing

Unread postby melboy » May 13th, 2010, 2:51 am

Ok - no trouble :)

One last check and we should be done. How are things running?


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.


In your next reply:
  1. MBAM log
  2. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 537 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index