Solved: Help, Winzix on my system

78kitty · 17-Oct-2009, 12:13 PM #1

Like an idiot I installed Winzix.exe thinking it was a legit program and now cannot get rid of it. I tried uninstalling it and have run Windows Defender, AVG virus scan, Spybot, and spy-hunter. None of the programs has been able to get rid of the root problem. When files are removed there will be the same ones the next day.

I already did a hijack this scan, and the log is below...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:44 AM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [pollinternet] C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\mfcd open.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7496 bytes

78kitty · 20-Oct-2009, 02:07 PM #2

Bump, been 3 days, is anyone out there!?

78kitty · 22-Oct-2009, 03:13 PM #3

bump- been another 2 days from my last post!

78kitty · 27-Oct-2009, 12:22 PM #4

Anyone been able to look at this yet? I'm trying to be patient, but the banner says a day or two and it's been much longer than that. I'd appreciate if someone could at least look at my Hijack This log & see what's actually on the computer & causing it to run slow as mollases!

**eddie5659** · 29-Oct-2009, 10:23 AM #5

Hiya

Can you do the following:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Zip Mirrors (Recommended)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive.
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below

)[/list]

In there, at the bottom, click on the button Manage Attachments (in the picture below .
A window will appear, and then Browse to RSReport.zip on your Desktop.
Click Upload, and when uploaded click Close this Window
Then, in the previous window, click on Add Reply

Please include the MBAM log, SAS log, RootRepeal.txt and a fresh HijackThis log in your next reply

Regards

eddie

78kitty · 30-Oct-2009, 11:31 PM #6

Hey Eddie. I couldn't find the RSReport.zip file on my desktop you asked at the end of your previous reply for me to upload, but here's the MBAM log, SAS log, RootRepeal.txt, and a fresh HijackThis log...

MBAM log-
Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 3

10/30/2009 8:39:36 PM
mbam-log-2009-10-30 (20-39-36).txt

Scan type: Quick Scan
Objects scanned: 97909
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\videoplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bend logo clock film (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Frag great bend logo (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\copy lite.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\once show.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\once show.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rodqgpvlrdo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SAS log-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2009 at 09:45 PM

Application Version : 4.29.1004

Core Rules Database Version : 4216
Trace Rules Database Version: 2122

Scan type : Complete Scan
Total Scan Time : 00:51:27

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 6130
Registry threats detected : 0
File items scanned : 28476
File threats detected : 25

Adware.Tracking Cookie
C:\Documents and Settings\BigD\Cookies\bigd@eas.apm.emediate[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@ads.techguy[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@advertising.sheknows[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@adbrite[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@ads.bootcampmedia[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@imrworldwide[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@tacoda[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@adserver.adtechus[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@www.adserver5[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@ads.right-ads[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@content.yieldmanager[3].txt
C:\Documents and Settings\BigD\Cookies\bigd@server.iad.liveperson[3].txt
C:\Documents and Settings\BigD\Cookies\bigd@advertising.healthguru[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@realmedia[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@mediatraffic[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@adserver.bettyconfidential[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@azjmp[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@kontera[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@ad.zanox[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@collective-media[1].txt
C:\Documents and Settings\BigD\Cookies\bigd@chitika[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@at.atwola[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@revsci[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@server.iad.liveperson[2].txt
C:\Documents and Settings\BigD\Cookies\bigd@content.yieldmanager[2].txt

RootRepeal.txt log-
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 21:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1B36000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79FD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7A59000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAEB87000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798D000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\system32\miglibnt.dll
Status: Size mismatch (API: 60928, Raw: 3234991907335630336)

Path: C:\System Volume Information\_restore{87E8B883-66E7-4388-A86F-C8EA9D9D2426}\RP946\A0116198.cfg
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\bigd\local settings\temp\~df1cf.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\documents and settings\bigd\local settings\temp\~df792d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb1d090b0

==EOF==

HijackThis log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:00 PM, on 10/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [pollinternet] C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\mfcd open.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7959 bytes

**eddie5659** · 02-Nov-2009, 06:38 PM #7

Its okay about the RSReport.zip, as it was a fault on my speech. Its now removed for future threads

Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie

78kitty · 04-Nov-2009, 08:47 AM #8

Combo Fix Log-

ComboFix 09-11-03.03 - BigD 11/04/2009 7:26.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.953 [GMT -5:00]
Running from: c:\documents and settings\BigD\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-10-31 00:51 . 2009-10-31 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-31 00:51 . 2009-10-31 00:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-31 00:51 . 2009-10-31 00:51 -------- d-----w- c:\documents and settings\BigD\Application Data\SUPERAntiSpyware.com
2009-10-31 00:30 . 2009-10-31 00:30 -------- d-----w- c:\documents and settings\BigD\Application Data\Malwarebytes
2009-10-31 00:30 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 00:30 . 2009-10-31 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 00:30 . 2009-10-31 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 00:30 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 13:36 . 2009-10-12 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-10-12 13:36 . 2009-10-12 13:36 -------- d-----w- c:\program files\TechSmith
2009-10-12 13:36 . 2009-10-12 13:36 -------- d-----w- c:\documents and settings\BigD\Local Settings\Application Data\TechSmith
2009-10-12 13:33 . 2009-10-31 00:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 04:00 . 2007-05-07 15:04 -------- d-----w- c:\program files\SpeedFan
2009-10-20 02:20 . 2009-10-12 14:22 -------- d-----w- c:\documents and settings\BigD\Application Data\2 GREY DART
2009-10-20 02:20 . 2009-10-20 02:20 -------- d-----w- c:\program files\2 GREY DART
2009-10-17 14:42 . 2009-10-17 14:42 -------- d-----w- c:\program files\Trend Micro
2009-10-17 04:58 . 2008-02-14 23:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 13:52 . 2009-10-13 13:52 -------- d-----w- c:\program files\Enigma Software Group
2009-10-12 17:03 . 2007-04-20 03:45 -------- d-----w- c:\program files\SpywareBlaster
2009-10-01 14:29 . 2009-10-03 03:54 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-11 14:18 . 2004-08-04 13:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 13:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 13:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-16 12:24 . 2008-05-27 00:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 12:24 . 2008-05-27 00:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 12:24 . 2007-04-20 04:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-06 23:24 . 2007-04-20 00:39 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-04-20 00:39 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-04-20 00:39 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-04-20 00:39 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 13:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-04-20 00:39 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-04-20 00:39 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"pollinternet"="c:\docume~1\BigD\APPLIC~1\2GREYD~1\mfcd open.exe" [2009-10-20 462848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ500 0MUI.exe" [2008-08-22 1306624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\BigD\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-4-19 598069]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 12:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"KodakSvc"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [5/12/2004 3:01 PM 116264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2008 7:02 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2008 7:01 PM 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 2:13 AM 34064]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-11-04 c:\windows\Tasks\B249BFAF9E1628B7.job
- c:\docume~1\bigd\applic~1\2greyd~1\Blehtitleaxis.exe [2009-10-20 02:20]

2009-11-04 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 22:57]

2009-11-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2008-04-05 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-04-20 20:31]

2009-11-04 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-09-10 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
FF - ProfilePath - c:\documents and settings\BigD\Application Data\Mozilla\Firefox\Profiles\wybu8h2g.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 07:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-04 7:34
ComboFix-quarantined-files.txt 2009-11-04 12:34

Pre-Run: 98,551,586,816 bytes free
Post-Run: 98,545,618,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

78kitty · 08-Nov-2009, 10:41 AM #9

Hey Eddie I know you're busy on the weekends and that's OK. I was just wondering if you see anything on the computer? It did seem to be running a bit faster, but now it's slowing down again and is REALLY dragging this weekend. Not sure if it's my Internet or what.

**eddie5659** · 08-Nov-2009, 04:58 PM **#10**

Hiya

Yep, most weekends I'm not at home, but am tonight as I had to sort my dreaded car insurrance

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

---------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

You're looking for AVG 8, WINDOWS DEFENDER, SPYBOT TEATIMER, SPYWARE GUARD,

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

eddie

78kitty · 11-Nov-2009, 01:05 PM **#11**

Hey Eddie, I know car insurance can be a real nightmare!!

HijackThis Uninstall Log-

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
Adobe Shockwave Player
Adobe SVG Viewer 3.0
aiofw
aioocr
aioprnt
aioscnnr
ATI Display Driver
AVG Free 8.5
Avi2Dvd 0.4.5 beta
AviSynth 2.5
BitTornado 0.3.15
center
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Player
ffdshow [rev 610] [2006-12-01]
Garmin City Navigator North America v8
Garmin MapSource
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Help_CTR
helptut
helpug
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ImgBurn
InCD
Java(TM) SE Runtime Environment 6 Update 1
KODAK All-in-One Printer Software
ksdip
LimeWire 4.12.14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
Nero Media Player
NeroMIX
NeroVision Express 2
NeroVision Express Content
netbrdg
NVIDIA Drivers
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QuickTime
RealPlayer
SATARaid
save2pc Light 3.34
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SnagIt 9
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpyHunter
SpywareBlaster v3.5.1
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
TaxCut Premium + Efile 2008
TubeHunter Ultra
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6i
Winamp (remove only)
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
winpcap-nmap 4.02
WinRAR archiver

Lop S&D log-

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : BigD ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Not Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:91 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:120 Go (Free:23 Go)
F:\ (Local Disk) - NTFS - Total:115 Go (Free:93 Go)
G:\ (Local Disk) - NTFS - Total:113 Go (Free:113 Go)
H:\ (Local Disk) - NTFS - Total:115 Go (Free:111 Go)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 11/11/2009|11:58 )

--------------------\\ Listing folders in APPLIC~1

[10/25/2009|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/14/2007|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[03/30/2008|03:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/25/2009|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVG Security Toolbar
[05/08/2009|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[07/14/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[11/27/2008|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Eastman Kodak Company
[01/02/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/21/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[04/16/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> kds_kodak
[03/30/2008|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2009|07:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/01/2009|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/14/2009|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pdf995
[02/20/2009|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/30/2009|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/14/2009|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TaxCut
[10/12/2009|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith
[04/20/2007|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[06/24/2007|10:36] C:\DOCUME~1\BigD\APPLIC~1\<DIR> .BitTornado
[10/19/2009|09:20] C:\DOCUME~1\BigD\APPLIC~1\<DIR> 2 GREY DART
[05/28/2009|10:56] C:\DOCUME~1\BigD\APPLIC~1\<DIR> aAvgApi
[05/03/2008|04:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Adobe
[05/15/2007|05:38] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Ahead
[04/28/2007|01:29] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Apple Computer
[05/28/2009|11:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> AVGTOOLBAR
[04/21/2007|10:45] C:\DOCUME~1\BigD\APPLIC~1\<DIR> GARMIN
[05/02/2007|06:04] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Google
[04/19/2007|07:46] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Identities
[01/15/2008|09:01] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Image Zone Express
[07/07/2008|06:29] C:\DOCUME~1\BigD\APPLIC~1\<DIR> ImgBurn
[08/16/2008|11:59] C:\DOCUME~1\BigD\APPLIC~1\<DIR> LimeWire
[05/03/2008|04:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Macromedia
[10/30/2009|07:30] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Malwarebytes
[02/18/2009|11:34] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Microsoft
[09/03/2008|08:27] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Mozilla
[12/20/2008|04:34] C:\DOCUME~1\BigD\APPLIC~1\<DIR> pdf995
[05/07/2007|10:59] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Real
[05/10/2007|07:02] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Sun
[10/30/2009|07:51] C:\DOCUME~1\BigD\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/19/2007|11:45] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Talkback
[03/14/2009|05:49] C:\DOCUME~1\BigD\APPLIC~1\<DIR> TaxCut
[08/30/2008|04:20] C:\DOCUME~1\BigD\APPLIC~1\<DIR> vlc
[12/26/2007|08:30] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Winamp
[03/01/2009|04:56] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Windows Desktop Search
[03/01/2009|10:07] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Windows Search

[04/19/2007|07:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[06/25/2009|07:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVGTOOLBAR
[11/23/2007|08:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[03/01/2009|04:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/03/2008|08:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/11/2009 11:00 AM][--ah-----] C:\WINDOWS\tasks\B249BFAF9E1628B7.job
[11/11/2009 03:45 AM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/10/2009 09:38 PM][--a------] C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[11/11/2009 11:54 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/05/2008 01:23 PM][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[11/11/2009 11:49 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B249BFAF9E1628B7.job )=( c:\docume~1\bigd\applic~1\2greyd~1\Blehtitleaxis.exe )

--------------------\\ Listing Folders in C:\Program Files

[10/19/2009|09:20] C:\Program Files\<DIR> 2 GREY DART
[11/16/2008|11:55] C:\Program Files\<DIR> Adobe
[05/14/2007|08:59] C:\Program Files\<DIR> Ahead
[11/08/2009|09:20] C:\Program Files\<DIR> Apple Software Update
[05/26/2008|07:01] C:\Program Files\<DIR> AVG
[07/07/2008|06:26] C:\Program Files\<DIR> Avi2Dvd
[07/07/2008|06:26] C:\Program Files\<DIR> AviSynth 2.5
[06/24/2007|10:34] C:\Program Files\<DIR> BitTornado
[11/04/2009|07:29] C:\Program Files\<DIR> Common Files
[04/19/2007|07:38] C:\Program Files\<DIR> ComPlus Applications
[05/12/2007|03:29] C:\Program Files\<DIR> DivX
[10/13/2009|08:52] C:\Program Files\<DIR> Enigma Software Group
[08/30/2008|05:34] C:\Program Files\<DIR> FDRLab
[02/09/2009|12:06] C:\Program Files\<DIR> ffdshow
[02/24/2009|07:52] C:\Program Files\<DIR> Google
[04/19/2007|11:15] C:\Program Files\<DIR> Grisoft
[04/01/2008|06:14] C:\Program Files\<DIR> HP
[07/07/2008|06:28] C:\Program Files\<DIR> ImgBurn
[04/19/2007|10:10] C:\Program Files\<DIR> InstallShield Installation Information
[10/15/2009|02:06] C:\Program Files\<DIR> Internet Explorer
[05/10/2007|07:02] C:\Program Files\<DIR> Java
[03/30/2008|03:17] C:\Program Files\<DIR> Kodak
[07/01/2007|10:58] C:\Program Files\<DIR> LimeWire
[10/30/2009|07:30] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/19/2008|11:28] C:\Program Files\<DIR> Messenger
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft ActiveSync
[04/19/2007|07:42] C:\Program Files\<DIR> microsoft frontpage
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Office
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Visual Studio
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Works
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft.NET
[08/19/2008|11:20] C:\Program Files\<DIR> Movie Maker
[11/11/2009|10:14] C:\Program Files\<DIR> Mozilla Firefox
[03/01/2009|03:24] C:\Program Files\<DIR> MSBuild
[04/19/2007|07:37] C:\Program Files\<DIR> MSN
[04/19/2007|07:38] C:\Program Files\<DIR> MSN Gaming Zone
[04/01/2008|02:00] C:\Program Files\<DIR> MSXML 4.0
[02/28/2009|02:31] C:\Program Files\<DIR> Neoretix
[08/19/2008|11:08] C:\Program Files\<DIR> NetMeeting
[04/19/2007|07:38] C:\Program Files\<DIR> Online Services
[08/12/2009|02:10] C:\Program Files\<DIR> Outlook Express
[03/14/2009|05:48] C:\Program Files\<DIR> PDF995
[03/30/2008|03:19] C:\Program Files\<DIR> QuickTime
[05/07/2007|10:55] C:\Program Files\<DIR> Real
[03/01/2009|03:24] C:\Program Files\<DIR> Reference Assemblies
[04/19/2007|10:10] C:\Program Files\<DIR> Silicon Image
[11/04/2009|10:17] C:\Program Files\<DIR> SpeedFan
[07/30/2009|07:34] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2009|12:03] C:\Program Files\<DIR> SpywareBlaster
[06/19/2007|04:47] C:\Program Files\<DIR> SpywareGuard
[10/30/2009|07:51] C:\Program Files\<DIR> SUPERAntiSpyware
[11/14/2008|12:16] C:\Program Files\<DIR> TaxCut07
[03/14/2009|05:49] C:\Program Files\<DIR> TaxCut08
[10/12/2009|08:36] C:\Program Files\<DIR> TechSmith
[10/17/2009|09:42] C:\Program Files\<DIR> Trend Micro
[04/19/2007|07:46] C:\Program Files\<DIR> Uninstall Information
[08/30/2008|04:18] C:\Program Files\<DIR> VideoLAN
[12/26/2007|08:17] C:\Program Files\<DIR> Winamp
[07/07/2008|06:49] C:\Program Files\<DIR> Windows Defender
[06/11/2009|06:34] C:\Program Files\<DIR> Windows Desktop Search
[12/22/2008|11:43] C:\Program Files\<DIR> Windows Media Connect 2
[12/22/2008|11:43] C:\Program Files\<DIR> Windows Media Player
[08/19/2008|11:08] C:\Program Files\<DIR> Windows NT
[04/19/2007|07:40] C:\Program Files\<DIR> WindowsUpdate
[01/19/2009|02:21] C:\Program Files\<DIR> WinPcap
[05/07/2007|10:14] C:\Program Files\<DIR> WinRAR
[04/19/2007|07:42] C:\Program Files\<DIR> xerox
[04/19/2007|10:47] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/16/2009|11:58] C:\Program Files\Common Files\<DIR> Adobe
[05/14/2007|08:53] C:\Program Files\Common Files\<DIR> Ahead
[04/21/2007|10:22] C:\Program Files\Common Files\<DIR> DESIGNER
[04/21/2007|10:12] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[04/19/2007|10:06] C:\Program Files\Common Files\<DIR> InstallShield
[05/10/2007|07:01] C:\Program Files\Common Files\<DIR> Java
[04/21/2007|10:22] C:\Program Files\Common Files\<DIR> L&H
[05/26/2008|07:01] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/19/2007|07:39] C:\Program Files\Common Files\<DIR> MSSoap
[12/26/2007|08:33] C:\Program Files\Common Files\<DIR> NSV
[04/19/2007|03:31] C:\Program Files\Common Files\<DIR> ODBC
[05/07/2007|10:55] C:\Program Files\Common Files\<DIR> Real
[04/19/2007|07:39] C:\Program Files\Common Files\<DIR> Services
[04/19/2007|03:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/19/2008|11:08] C:\Program Files\Common Files\<DIR> System
[10/30/2009|07:50] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[05/07/2007|10:55] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 39 Processes )

IEXPLORE.EXE ~ [PID:2296]
IEXPLORE.EXE ~ [PID:560]
IEXPLORE.EXE ~ [PID:2256]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1
C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\Blehtitleaxis.exe
C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\lyswaylr.exe
C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\mfcd open.exe
C:\DOCUME~1\BigD\APPLIC~1\2GREYD~1\pbkvodxi.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\BigD\APPLIC~1\2greyd~1
C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\Blehtitleaxis.exe
C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\lyswaylr.exe
C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\mfcd open.exe
C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\pbkvodxi.exe
C:\Program Files\2greyd~1
C:\DOCUME~1\BigD\Desktop\WinZix_SystemCleaning_10-30-2009
C:\WINDOWS\Tasks\B249BFAF9E1628B7.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Signg lobalflap]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\BigD\\APPLIC~1\\2GREYD~1\\mfcd open.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pollinternet"="C:\\DOCUME~1\\BigD\\APPLIC~1\\2GREYD~1\\mfcd open.exe"
"pollinternet"="C:\\DOCUME~1\\BigD\\APPLIC~1\\2GREYD~1\\mfcd open.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 11:59:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\BigD\Favorites\Dave's_FHLB_Dox_11-06-2009\ComputerCellysCameras_Parts-Instruct_2004\Crackspider.net_08-23-2004.url
C:\DOCUME~1\BigD\Recent\AVG-AntiSpy-Crack-WrkdDsky2_05-23-2007.lnk
C:\DOCUME~1\BigD\Recent\AVG-AntiSpy-Crack_05-23-2007.lnk
C:\DOCUME~1\BigD\Recent\SpyHunter Security Suite 3.10.27 [ENG] [+Crack].torrent.lnk
C:\DOCUME~1\BigD\Recent\SpyHunterSecuritySuite_v.3.10.27+Crack.lnk

[F:50][D:4]-> C:\DOCUME~1\BigD\LOCALS~1\Temp
[F:146][D:0]-> C:\DOCUME~1\BigD\Cookies
[F:264][D:4]-> C:\DOCUME~1\BigD\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 11/11/2009|12:00 - Option : [1]

--------------------\\ Scan completed at 12:00:15

**eddie5659** · 13-Nov-2009, 01:41 PM **#12**

Got it sorted, a nice £300 of my renewel, as I went elsewhere.........again

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

78kitty · 14-Nov-2009, 12:18 PM **#13**

Yeah you have to pay attention on insurance to get the best deal. Never fun, but something you have to have!

LopR Scan Results-

/.
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : BigD ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:91 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:120 Go (Free:23 Go)
F:\ (Local Disk) - NTFS - Total:115 Go (Free:93 Go)
G:\ (Local Disk) - NTFS - Total:113 Go (Free:113 Go)
H:\ (Local Disk) - NTFS - Total:115 Go (Free:111 Go)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Sat 11/14/2009|10:42 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\Blehtitleaxis.exe
Deleted! - C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\lyswaylr.exe
Deleted! - C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\mfcd open.exe
Deleted! - C:\DOCUME~1\BigD\APPLIC~1\2greyd~1\pbkvodxi.exe
Deleted! - C:\DOCUME~1\BigD\Desktop\WinZix_SystemCleaning_10-30-2009
Deleted! - C:\WINDOWS\Tasks\B249BFAF9E1628B7.job
Deleted! - C:\DOCUME~1\BigD\APPLIC~1\2greyd~1
Deleted! - C:\Program Files\2greyd~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[10/25/2009|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/14/2007|08:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[03/30/2008|03:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/25/2009|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVG Security Toolbar
[05/08/2009|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[07/14/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[11/27/2008|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Eastman Kodak Company
[01/02/2009|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/21/2007|10:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[04/16/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> kds_kodak
[03/30/2008|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2009|07:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/01/2009|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/14/2009|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pdf995
[02/20/2009|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/30/2009|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/14/2009|05:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TaxCut
[10/12/2009|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith
[04/20/2007|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[06/24/2007|10:36] C:\DOCUME~1\BigD\APPLIC~1\<DIR> .BitTornado
[05/28/2009|10:56] C:\DOCUME~1\BigD\APPLIC~1\<DIR> aAvgApi
[05/03/2008|04:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Adobe
[05/15/2007|05:38] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Ahead
[04/28/2007|01:29] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Apple Computer
[05/28/2009|11:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> AVGTOOLBAR
[04/21/2007|10:45] C:\DOCUME~1\BigD\APPLIC~1\<DIR> GARMIN
[05/02/2007|06:04] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Google
[04/19/2007|07:46] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Identities
[01/15/2008|09:01] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Image Zone Express
[07/07/2008|06:29] C:\DOCUME~1\BigD\APPLIC~1\<DIR> ImgBurn
[08/16/2008|11:59] C:\DOCUME~1\BigD\APPLIC~1\<DIR> LimeWire
[05/03/2008|04:28] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Macromedia
[10/30/2009|07:30] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Malwarebytes
[02/18/2009|11:34] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Microsoft
[09/03/2008|08:27] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Mozilla
[12/20/2008|04:34] C:\DOCUME~1\BigD\APPLIC~1\<DIR> pdf995
[05/07/2007|10:59] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Real
[05/10/2007|07:02] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Sun
[10/30/2009|07:51] C:\DOCUME~1\BigD\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/19/2007|11:45] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Talkback
[03/14/2009|05:49] C:\DOCUME~1\BigD\APPLIC~1\<DIR> TaxCut
[08/30/2008|04:20] C:\DOCUME~1\BigD\APPLIC~1\<DIR> vlc
[12/26/2007|08:30] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Winamp
[03/01/2009|04:56] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Windows Desktop Search
[03/01/2009|10:07] C:\DOCUME~1\BigD\APPLIC~1\<DIR> Windows Search

[04/19/2007|07:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[06/25/2009|07:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVGTOOLBAR
[11/23/2007|08:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[03/01/2009|04:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/03/2008|08:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/13/2009 03:45 AM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/13/2009 09:38 PM][--a------] C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[11/14/2009 09:00 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/05/2008 01:23 PM][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[11/11/2009 12:08 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/16/2008|11:55] C:\Program Files\<DIR> Adobe
[05/14/2007|08:59] C:\Program Files\<DIR> Ahead
[11/08/2009|09:20] C:\Program Files\<DIR> Apple Software Update
[05/26/2008|07:01] C:\Program Files\<DIR> AVG
[07/07/2008|06:26] C:\Program Files\<DIR> Avi2Dvd
[07/07/2008|06:26] C:\Program Files\<DIR> AviSynth 2.5
[06/24/2007|10:34] C:\Program Files\<DIR> BitTornado
[11/04/2009|07:29] C:\Program Files\<DIR> Common Files
[04/19/2007|07:38] C:\Program Files\<DIR> ComPlus Applications
[05/12/2007|03:29] C:\Program Files\<DIR> DivX
[10/13/2009|08:52] C:\Program Files\<DIR> Enigma Software Group
[08/30/2008|05:34] C:\Program Files\<DIR> FDRLab
[02/09/2009|12:06] C:\Program Files\<DIR> ffdshow
[02/24/2009|07:52] C:\Program Files\<DIR> Google
[04/19/2007|11:15] C:\Program Files\<DIR> Grisoft
[04/01/2008|06:14] C:\Program Files\<DIR> HP
[07/07/2008|06:28] C:\Program Files\<DIR> ImgBurn
[04/19/2007|10:10] C:\Program Files\<DIR> InstallShield Installation Information
[10/15/2009|02:06] C:\Program Files\<DIR> Internet Explorer
[05/10/2007|07:02] C:\Program Files\<DIR> Java
[03/30/2008|03:17] C:\Program Files\<DIR> Kodak
[07/01/2007|10:58] C:\Program Files\<DIR> LimeWire
[10/30/2009|07:30] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/19/2008|11:28] C:\Program Files\<DIR> Messenger
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft ActiveSync
[04/19/2007|07:42] C:\Program Files\<DIR> microsoft frontpage
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Office
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Visual Studio
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft Works
[04/21/2007|10:22] C:\Program Files\<DIR> Microsoft.NET
[08/19/2008|11:20] C:\Program Files\<DIR> Movie Maker
[11/13/2009|07:47] C:\Program Files\<DIR> Mozilla Firefox
[03/01/2009|03:24] C:\Program Files\<DIR> MSBuild
[04/19/2007|07:37] C:\Program Files\<DIR> MSN
[04/19/2007|07:38] C:\Program Files\<DIR> MSN Gaming Zone
[04/01/2008|02:00] C:\Program Files\<DIR> MSXML 4.0
[02/28/2009|02:31] C:\Program Files\<DIR> Neoretix
[08/19/2008|11:08] C:\Program Files\<DIR> NetMeeting
[04/19/2007|07:38] C:\Program Files\<DIR> Online Services
[08/12/2009|02:10] C:\Program Files\<DIR> Outlook Express
[03/14/2009|05:48] C:\Program Files\<DIR> PDF995
[03/30/2008|03:19] C:\Program Files\<DIR> QuickTime
[05/07/2007|10:55] C:\Program Files\<DIR> Real
[03/01/2009|03:24] C:\Program Files\<DIR> Reference Assemblies
[04/19/2007|10:10] C:\Program Files\<DIR> Silicon Image
[11/13/2009|07:14] C:\Program Files\<DIR> SpeedFan
[07/30/2009|07:34] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2009|12:03] C:\Program Files\<DIR> SpywareBlaster
[06/19/2007|04:47] C:\Program Files\<DIR> SpywareGuard
[10/30/2009|07:51] C:\Program Files\<DIR> SUPERAntiSpyware
[11/14/2008|12:16] C:\Program Files\<DIR> TaxCut07
[03/14/2009|05:49] C:\Program Files\<DIR> TaxCut08
[10/12/2009|08:36] C:\Program Files\<DIR> TechSmith
[10/17/2009|09:42] C:\Program Files\<DIR> Trend Micro
[04/19/2007|07:46] C:\Program Files\<DIR> Uninstall Information
[08/30/2008|04:18] C:\Program Files\<DIR> VideoLAN
[12/26/2007|08:17] C:\Program Files\<DIR> Winamp
[07/07/2008|06:49] C:\Program Files\<DIR> Windows Defender
[06/11/2009|06:34] C:\Program Files\<DIR> Windows Desktop Search
[12/22/2008|11:43] C:\Program Files\<DIR> Windows Media Connect 2
[12/22/2008|11:43] C:\Program Files\<DIR> Windows Media Player
[08/19/2008|11:08] C:\Program Files\<DIR> Windows NT
[04/19/2007|07:40] C:\Program Files\<DIR> WindowsUpdate
[01/19/2009|02:21] C:\Program Files\<DIR> WinPcap
[05/07/2007|10:14] C:\Program Files\<DIR> WinRAR
[04/19/2007|07:42] C:\Program Files\<DIR> xerox
[04/19/2007|10:47] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/16/2009|11:58] C:\Program Files\Common Files\<DIR> Adobe
[05/14/2007|08:53] C:\Program Files\Common Files\<DIR> Ahead
[04/21/2007|10:22] C:\Program Files\Common Files\<DIR> DESIGNER
[04/21/2007|10:12] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[04/19/2007|10:06] C:\Program Files\Common Files\<DIR> InstallShield
[05/10/2007|07:01] C:\Program Files\Common Files\<DIR> Java
[04/21/2007|10:22] C:\Program Files\Common Files\<DIR> L&H
[05/26/2008|07:01] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/19/2007|07:39] C:\Program Files\Common Files\<DIR> MSSoap
[12/26/2007|08:33] C:\Program Files\Common Files\<DIR> NSV
[04/19/2007|03:31] C:\Program Files\Common Files\<DIR> ODBC
[05/07/2007|10:55] C:\Program Files\Common Files\<DIR> Real
[04/19/2007|07:39] C:\Program Files\Common Files\<DIR> Services
[04/19/2007|03:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/19/2008|11:08] C:\Program Files\Common Files\<DIR> System
[10/30/2009|07:50] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[05/07/2007|10:55] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 10:43:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\BigD\Favorites\Dave's_FHLB_Dox_11-06-2009\ComputerCellysCameras_Parts-Instruct_2004\Crackspider.net_08-23-2004.url
C:\DOCUME~1\BigD\Recent\AVG-AntiSpy-Crack-WrkdDsky2_05-23-2007.lnk
C:\DOCUME~1\BigD\Recent\AVG-AntiSpy-Crack_05-23-2007.lnk
C:\DOCUME~1\BigD\Recent\SpyHunter Security Suite 3.10.27 [ENG] [+Crack].torrent.lnk
C:\DOCUME~1\BigD\Recent\SpyHunterSecuritySuite_v.3.10.27+Crack.lnk

[F:80][D:4]-> C:\DOCUME~1\BigD\LOCALS~1\Temp
[F:146][D:0]-> C:\DOCUME~1\BigD\Cookies
[F:289][D:4]-> C:\DOCUME~1\BigD\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 11/11/2009|12:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 11/14/2009|10:44 - Option : [2]

--------------------\\ Scan completed at 10:44:41

**Cookiegal** · 14-Nov-2009, 04:41 PM **#14**

78kitty,

Forgive me for interrupting but I noticed that your signature doesn't comply with our new guidelines. Therefore, would you please take a minute to bring it into compliance, i.e. among other things, the maximum is now three lines.

Some of those specs can go in the section in your profile meant for computer specs which will then be visible to others when they click on the icon that looks like a computer next to your username.

http://forums.techguy.org/announceme...mitations.html

Thank you.

**eddie5659** · 15-Nov-2009, 08:37 AM **#15**

Thanks Cookie

Okay, looks like Lop has been removed, but I see you have tried a few keygen/cracks before, probably from the BitTornado or Limewire programs you have installed.

These programs are a major scource of virus/malware on the web, so its advisable not to use them. Also, take a look at this:

Quote:

Other Illegal Activities - As you might expect, we don't want anything illegal going on here. Users cannot post hacks, cracks, pirated software, or anything of the like. Furthermore, we do not allow instructions on how to complete illegal activities, such as pirating. Please don't ask for advice on using illegal software, as it will be removed.

http://www.techguy.org/rules.html

However, I will assist you still, as I have already started. Its just a little pointer at the rules

------------

Delete the copy of ComboFix you have and re-download and scan as per the link above again. Just want to see if its all clear that end.

Also, do this:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

eddie

Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!