Still getting random popups

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
:eek:The other day I opened a website that completely contaminated my computer with trojans and accidentally installed antimalwaredoctor on my computer.

I was getting so many popups that I couldn't use the computer at all. I ran malwarebytes, avg, spybot, and adaware, and the computer seems to be almost back to normal, except I am still getting a random popup that comes out of nowhere. The popups are never the same. I've uninstalled antimalware doctor to the best of my knowledge.

I've run all my scans several times and cleaned out my startups via msconfig, and still can't get rid of the pesky little bugger.


update: Apr 27....Now I am getting constant alerts from my AVG Resident Shield that says resident shield C:\windows\system32\drivers\AvgLdx86.sys is infected. It's driving me nuts.
Here is my HJT scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:50:41 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird 3 Beta 1\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} (BiblioNetCtrl Class) - http://www.freehandmusic.com/Update/biblionet.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} (SoleroMusicControl Class) - http://www.freehandmusic.com/Update/SoleroMusicControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...b/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8355 bytes
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
still need help.

Last night my computer seemed to infect itself with xp defender, which I think I managed to get off my computer, but I still have a win32/Patched.DO virus that keeps popping up threats detected in C:\WINDOWS\system32\drivers\AvgLdx86.sys.

This is popping up so frequently that I can't work on my computer.

Please help.
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hello & Welcome to TechSupportGuy

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.
  • Double click DeFogger to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
Here are the scan results. I ran gmer, and when it finished almost 12 hours later, it would not allow me to save the scan and froze my computer. I rebooted.

Here is the GMER quick scan result:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-02 12:24:03
Windows 5.1.2600 Service Pack 3
Running: Gamer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

P2P Warning!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent | BitTorrent | LimeWire 5.5.6

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Personal Antispy - I hope you didn't pay for this

If some programs listed are not present, please do not panic
The following version of Adobe Reader should also be removed as it is open to exploitation:
Adobe Acrobat Reader 3.01

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
Here is the combofix log. I had to shut down the computer manually after running the temp file cleaner, as the computer froze up on the "windows is shutting down" screen. Hope this didn't affect anything.

I will let you know about the popups, as they appear randomly without warning. ie. everything is fine and then all of a sudden it isn't fine.

Any cleanups?


hmmm. Won't let me post or attach the log.
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

If the log is too big to post in one post, break it up & post over a few replies. Or try from another computer.
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
used my laptop as it would not allow pasting or attaching on the one I'm trying to fix.

ComboFix 10-05-02.01 - Owner 05/02/2010 18:44:53.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2494 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-28 06:29 . 2010-04-28 06:29 -------- d-----w- c:\program files\Personal Antispy
2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 18:42 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
2010-05-02 08:10 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.

((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 00:17 . 2010-05-03 00:17 16384 c:\windows\Temp\Perflib_Perfdata_548.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 18:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 18:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
"rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-02 18:53:05
ComboFix-quarantined-files.txt 2010-05-03 00:53
ComboFix2.txt 2010-05-03 00:34
ComboFix3.txt 2010-04-28 22:46
ComboFix4.txt 2008-05-21 23:27

Pre-Run: 380,952,506,368 bytes free
Post-Run: 380,940,369,920 bytes free

- - End Of File - - 794185CA8180A016776011A3C1A63DCD
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
Sorry... I didn't see Personal Antispy in my add/remove list, and just noticed it on the comboFix scan.

I uninstalled it via the Programs menu.

Should I run another comboFix scan?
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
Ok, so I ran the TFC again, and then the ComboFix.

Here is the new ComboFix scan.

ComboFix 10-05-02.01 - Owner 05/02/2010 19:28:47.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2564 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 01:18 . 2009-01-22 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-03 01:17 . 2009-01-22 01:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 00:53 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
2010-05-02 08:10 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.

((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 01:24 . 2010-05-03 01:24 16384 c:\windows\Temp\Perflib_Perfdata_490.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-09-16 18:16 1833296 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-1.0 - c:\program files\Personal Antispy\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 19:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
"rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-02 19:39:05
ComboFix-quarantined-files.txt 2010-05-03 01:39
ComboFix2.txt 2010-05-03 00:53
ComboFix3.txt 2010-05-03 00:34
ComboFix4.txt 2010-04-28 22:46
ComboFix5.txt 2010-05-03 01:27

Pre-Run: 380,965,433,344 bytes free
Post-Run: 380,929,081,344 bytes free

- - End Of File - - 653401630A89732C36D67C3F921964F4
 

jmw3

Malware Specialist
Joined
Jul 23, 2007
Messages
1,460
Hi

Any reason why you renamed ComboFix.exe to puppy.exe?

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:
Folder::
c:\program files\Personal Antispy
DirLook::
c:\documents and settings\All Users\Application Data\30148
Driver::
NeroRegInCDSrv
DDS::
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Save this as CFScript.txt, in the same location as ComboFix.exe



Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


maxlook
Download maxlook by noahdfear from Here & save the file to your desktop.
  • Double click maxlook.exe to run it. Note - you must run it only once!
  • As instructed when the tool runs, restart the computer & log on to the Recovery Console
  • Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

    batch look.bat

  • Press Enter
  • You will see 1 file copied many times then return to the x:\windows> prompt
  • Type Exit to restart your computer then logon in normal mode
  • Once back in Windows, go to Start > Run & copy/paste the following then press Enter

    maxlook -sig

  • Follow the prompts & post the log produced, C:\looklog.txt
To post in next reply:
ComboFix log
looklog.txt

Could you also let me know if you uninstalled any of the P2P programs. If so we can clean up any leftover files/folders/registry entries
 

Tracee

Thread Starter
Joined
Mar 9, 2004
Messages
337
I'm sorry, I did not remove the P2P programs as I do use them and am usually pretty careful with what I download. I will be extra careful now. :eek:

Here is the comboFix log:

ComboFix 10-05-02.01 - Owner 05/02/2010 20:31:40.5.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2651 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEROREGINCDSRV
-------\Service_NeroRegInCDSrv


((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 02:24 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
2010-05-03 02:06 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-03 02:03 . 2009-01-22 01:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 01:39 . 2009-01-22 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\30148 ----

2010-04-22 23:57 . 2010-04-22 23:57 3172 ----a-w- c:\documents and settings\All Users\Application Data\30148\{BF55C9EF-AA5F-4ADF-A3CE-352FC468402A}.swf


((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-03 02:41 . 2010-05-03 02:41 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2010-05-03 02:41 . 2009-10-07 07:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 20:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
"rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-05-02 20:48:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-03 02:48
ComboFix2.txt 2010-05-03 01:39
ComboFix3.txt 2010-05-03 00:53
ComboFix4.txt 2010-05-03 00:34
ComboFix5.txt 2010-05-03 02:29

Pre-Run: 380,912,758,784 bytes free
Post-Run: 380,785,152,000 bytes free

- - End Of File - - F4EFA1E663244A35E69D652A8574C3D6

Here is the looklog:

Code:
Run from C:\Documents and Settings\Owner\Desktop\maxlook.exe on Sun 05/02/2010 at 22:02:11.20

--------- maxlook unsigned files ---------

c:\windows\maxdriver\AvgLdx86.sys:
	Verified:	Unsigned
	File date:	11:18 AM 5/1/2010
	Publisher:	n/a
	Description:	n/a
	Product:	n/a
	Version:	n/a
	File version:	n/a
c:\windows\maxdriver\cdr4_xp.sys:
	Verified:	Unsigned
	File date:	3:00 AM 8/19/2005
	Publisher:	Sonic Solutions
	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\maxdriver\cdralw2k.sys:
	Verified:	Unsigned
	File date:	3:00 AM 8/19/2005
	Publisher:	Sonic Solutions
	Description:	CDRAL Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\maxdriver\nvtcp.sys:
	Verified:	Unsigned
	File date:	9:08 PM 4/14/2006
	Publisher:	NVIDIA Corporation
	Description:	NVIDIA Networking Protocol Driver.
	Product:	NVTCP
	Version:	1.00.00.05025
	File version:	1.00.00.05025

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_xp.sys:
	Verified:	Unsigned
	File date:	3:00 AM 8/19/2005
	Publisher:	Sonic Solutions
	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\system32\drivers\cdralw2k.sys:
	Verified:	Unsigned
	File date:	3:00 AM 8/19/2005
	Publisher:	Sonic Solutions
	Description:	CDRAL Place Holder Driver (see PxHelp)
	Product:	Drag-to-Disc
	Version:	8.0.0.212 
	File version:	8.0.0.212 
c:\windows\system32\drivers\nvtcp.sys:
	Verified:	Unsigned
	File date:	9:08 PM 4/14/2006
	Publisher:	NVIDIA Corporation
	Description:	NVIDIA Networking Protocol Driver.
	Product:	NVTCP
	Version:	1.00.00.05025
	File version:	1.00.00.05025
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top