1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Update blocked, browser redirects, slow to load Windows

Discussion in 'Virus & Other Malware Removal' started by coxpac30, May 9, 2011.

Thread Status:
Not open for further replies.
  1. coxpac30

    coxpac30 Thread Starter

    Joined:
    May 9, 2011
    Messages:
    3
    I recently installed Windows XP and all my programs on a new hard drive, as the old one would not boot. Last week I received a "Generic host process for Win32 services" error. My machine locked up, and I had to restart. Then I started having issues where Windows would not load or would take a very long time. I am able to start Windows in Safe Mode, but it takes much longer than it should.

    Now sometimes when starting IE or Firefox or when surfing, new tabs are started on spammy webpages. Other times, IE or Firefox will not start. I also cannot go to the Windows Update site.

    Neither Malwarebytes nor Avast find any instance of infection.

    AVG says that it finds 6 infections and repairs 3. Just in case it would help, here is that part of the AVG log file:
    (C:\WINDOWS\system32\svchost.exe (3440):\memory_001a0000 Trojan horse Agent_r.XJ
    C:\WINDOWS\system32\svchost.exe (3440) Trojan horse Agent_r.XJ Object was removed.
    C:\Program Files\Internet Explorer\iexplore.exe (2652):\memory_00260000 Trojan horse Agent_r.XJ
    C:\Program Files\Internet Explorer\iexplore.exe (2652) Trojan horse Agent_r.XJ Object was removed.
    C:\WINDOWS\explorer.exe (1484):\memory_001a0000 Trojan horse Agent_r.XJ
    C:\WINDOWS\explorer.exe (1484) Trojan horse Agent_r.XJ Object was removed.)

    Thanks for any help you can provide!
    coxpac30

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:02:07 PM, on 5/9/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\mcox\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: AutoHook 2008.lnk = ?
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: UltraMon.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://ims.jocogov.org
    O15 - Trusted Zone: http://www2.wycokck.org
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1302720362015
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ADPDC1.allenbrand-drews.com
    O17 - HKLM\Software\..\Telephony: DomainName = ADPDC1.allenbrand-drews.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ADPDC1.allenbrand-drews.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 8122 bytes



    .
    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
    Run by mcox at 12:03:17.46 on Mon 05/09/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1644 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\mcox\Desktop\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\mcox\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\autoho~1.lnk - c:\docume~1\mcox\applic~1\microsoft\installer\{c1673858-a2ed-4c3e-9004-755be906eab0}\2008icons.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: jocogov.org\ims
    Trusted Zone: wycokck.org\www2
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302720362015
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\mcox\applic~1\mozilla\firefox\profiles\u2h8cpr4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Leapforce - Search Engine Evaluator Toolbar: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: EWOQ Rater Helper: {feee3d1c-da92-4c21-8665-2425de7f53b7} - %profile%\extensions\{feee3d1c-da92-4c21-8665-2425de7f53b7}
    FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
    FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
    FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-6 38224]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-05-09 17:01:57 -------- d-----w- c:\program files\whitesmoketoolbar
    2011-05-07 14:47:51 -------- d-----w- c:\windows\LastGood.Tmp
    2011-05-07 14:32:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2011-05-06 16:15:52 -------- d-----w- c:\program files\AVAST Software
    2011-05-06 16:15:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-05-06 14:59:28 -------- d-----w- c:\windows\pss
    2011-05-06 14:29:00 -------- d-----w- c:\docume~1\mcox\applic~1\Malwarebytes
    2011-05-06 14:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-06 14:28:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-06 14:28:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-06 14:28:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-05-06 14:13:31 -------- d-----w- c:\program files\MSXML 4.0
    2011-05-04 15:40:25 -------- d-----w- c:\program files\AnswerWorks 4.0
    2011-05-04 15:39:20 -------- d-----w- C:\Land Projects 2004
    2011-05-04 15:39:19 -------- d-----w- c:\program files\Land Desktop 2004
    2011-04-29 19:10:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-29 19:10:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-29 19:10:46 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-04-29 16:58:31 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\File Renamer Basic
    2011-04-29 16:58:00 121229 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
    2011-04-29 16:57:57 -------- d-----w- c:\program files\File Renamer
    2011-04-25 13:37:02 -------- d-----w- c:\program files\iPod
    2011-04-25 13:31:20 -------- d-----w- c:\program files\Bonjour
    2011-04-18 16:38:23 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Mozilla
    2011-04-18 15:33:49 -------- d-----w- c:\windows\system32\appmgmt
    2011-04-18 15:32:50 -------- d-----w- c:\documents and settings\mcox\.thumbnails
    2011-04-18 15:25:54 -------- d-----w- c:\documents and settings\mcox\.gimp-2.6
    2011-04-18 15:24:48 -------- d-----w- c:\program files\GIMP-2.0
    2011-04-18 15:22:36 -------- d-----w- c:\program files\TerraGo Technologies
    2011-04-18 15:22:36 -------- d-----w- c:\program files\common files\TerraGo
    2011-04-18 15:08:41 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Downloaded Installations
    2011-04-14 20:28:12 -------- d--h--w- C:\$AVG
    2011-04-14 19:52:12 -------- d-----w- c:\docume~1\mcox\applic~1\AVG10
    2011-04-14 19:27:19 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Temp
    2011-04-14 19:12:35 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2011-04-14 19:10:16 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-04-14 19:10:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2011-04-14 19:09:15 -------- d-----w- c:\program files\AVG
    2011-04-14 18:56:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-04-14 18:41:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-04-14 18:41:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2011-04-14 18:41:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-04-14 18:41:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-04-14 17:50:18 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Google
    2011-04-14 16:53:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-04-14 16:53:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-04-14 16:52:51 -------- d-----w- c:\program files\iTunes
    2011-04-14 16:52:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-04-14 16:51:56 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Apple
    2011-04-14 16:51:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-04-14 16:51:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-04-14 16:21:44 -------- d--h--w- c:\windows\PIF
    2011-04-14 16:00:56 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Adobe
    2011-04-14 16:00:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
    2011-04-14 14:39:49 -------- d-----w- c:\program files\PalletteAutohideSpeed
    2011-04-14 14:35:57 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-04-14 14:35:57 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-04-14 14:01:46 -------- d-----w- C:\CADTemp
    2011-04-14 13:52:59 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Stardock
    2011-04-14 13:36:54 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Apple Computer
    2011-04-14 13:34:40 -------- d-----w- c:\docume~1\mcox\applic~1\Stardock
    2011-04-14 13:34:25 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
    2011-04-14 13:34:18 -------- d-----w- c:\program files\Stardock
    2011-04-14 13:33:55 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\PackageAware
    2011-04-14 13:33:28 -------- d-----w- c:\docume~1\mcox\applic~1\Windows Search
    2011-04-13 21:53:00 -------- d-----w- c:\windows\Downloaded Installations
    2011-04-13 21:51:29 -------- d-----w- c:\docume~1\mcox\applic~1\Xerox
    2011-04-13 21:50:17 -------- d-----w- c:\program files\MSECache
    2011-04-13 21:49:48 -------- d-----w- c:\program files\Crimson Editor
    2011-04-13 21:49:12 -------- d-----w- c:\program files\common files\KIP
    2011-04-13 21:49:10 -------- d-----w- c:\program files\KIP
    2011-04-13 21:48:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Downloaded Installations
    2011-04-13 21:44:55 -------- d-----w- c:\docume~1\mcox\applic~1\Realtime Soft
    2011-04-13 21:44:53 -------- d-----w- c:\program files\UltraMon
    2011-04-13 21:44:53 -------- d-----w- c:\program files\common files\Realtime Soft
    2011-04-13 21:44:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
    2011-04-13 21:43:28 28672 ----a-r- c:\docume~1\mcox\applic~1\microsoft\installer\{c1673858-a2ed-4c3e-9004-755be906eab0}\_A520EF8C30D0_440D_98A4_8ED14050EE88.exe
    2011-04-13 21:43:27 -------- d-----w- c:\program files\AutoHook 2008
    2011-04-13 21:32:34 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-04-13 21:31:29 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.2
    2011-04-13 21:23:54 -------- d-----w- c:\program files\AutoCAD Civil 3D 2008
    2011-04-13 21:23:54 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Autodesk
    2011-04-13 21:23:54 -------- d-----w- c:\docume~1\mcox\applic~1\Autodesk
    2011-04-13 21:23:54 -------- d-----w- C:\Civil 3D Projects
    2011-04-13 21:23:54 -------- d-----w- C:\Civil 3D Project Templates
    2011-04-13 21:22:45 -------- d-----w- c:\program files\common files\Autodesk Shared
    2011-04-13 21:22:45 -------- d-----w- c:\program files\Autodesk
    2011-04-13 21:22:23 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
    2011-04-13 21:22:23 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
    2011-04-13 21:22:23 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
    2011-04-13 21:22:23 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
    2011-04-13 21:22:23 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
    2011-04-13 21:22:22 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
    2011-04-13 21:22:22 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
    2011-04-13 21:17:10 -------- d-----w- c:\program files\Microsoft ActiveSync
    2011-04-13 21:12:22 -------- d-----w- c:\windows\ShellNew
    2011-04-13 21:12:17 -------- d-----w- c:\program files\common files\L&H
    2011-04-13 20:56:39 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\ApplicationHistory
    2011-04-13 20:47:20 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\ATI
    2011-04-13 20:31:18 -------- d-----w- c:\windows\system32\XPSViewer
    2011-04-13 20:31:01 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-04-13 20:30:54 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-04-13 20:30:54 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-04-13 20:30:54 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-04-13 20:30:54 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-04-13 20:30:54 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-04-13 20:30:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-04-13 20:30:54 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-04-13 20:30:54 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-04-13 20:30:54 -------- d-----w- C:\4aa2c49b2c81ffe9e761b5
    2011-04-13 20:22:16 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Identities
    2011-04-13 20:22:15 -------- d-----w- c:\docume~1\mcox\applic~1\Windows Desktop Search
    2011-04-13 20:21:42 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-04-13 20:21:42 -------- d-----w- c:\program files\Windows Desktop Search
    2011-04-13 20:20:58 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-04-13 20:20:58 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-04-13 20:20:58 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-04-13 20:20:09 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-04-13 20:18:40 -------- d-----w- c:\windows\system32\LogFiles
    2011-04-13 20:17:25 -------- d-----w- c:\windows\system32\URTTEMP
    2011-04-13 19:48:52 -------- d-sh--w- c:\documents and settings\mcox\IECompatCache
    2011-04-13 19:48:28 -------- d-sh--w- c:\documents and settings\mcox\PrivacIE
    2011-04-13 19:41:55 -------- d-sh--w- c:\documents and settings\mcox\IETldCache
    2011-04-13 19:14:46 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-04-13 19:14:20 -------- d-----w- c:\windows\ie8updates
    2011-04-13 19:14:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-04-13 19:14:15 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-04-13 19:14:15 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-13 19:14:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-04-13 19:14:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-04-13 19:14:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-04-13 19:14:15 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-04-13 19:13:14 -------- dc-h--w- c:\windows\ie8
    2011-04-13 19:00:13 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-04-13 18:58:00 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-04-13 18:57:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-04-13 18:57:42 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-04-13 18:57:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-04-13 18:57:33 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-04-13 18:56:46 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-04-13 18:56:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-04-13 18:55:54 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-04-13 18:54:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-04-13 18:54:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-04-13 18:54:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-04-13 18:53:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-04-13 18:52:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-04-13 18:50:13 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-04-13 18:50:13 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-04-13 18:50:13 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-04-13 18:50:13 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-04-13 18:50:13 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-04-13 18:50:13 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-04-13 18:50:13 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-04-13 18:50:13 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-04-13 18:50:12 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-04-13 18:50:12 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-04-13 18:50:12 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-04-13 18:50:12 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-04-13 18:49:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-04-13 18:49:54 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-04-13 18:49:22 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-04-13 18:49:19 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-04-13 18:48:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-04-13 18:48:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-04-13 18:48:00 -------- d-----w- c:\windows\system32\PreInstall
    2011-04-13 18:47:58 -------- d--h--w- c:\windows\$hf_mig$
    2011-04-13 18:45:32 -------- d-sh--w- c:\documents and settings\mcox\UserData
    2011-04-13 18:43:26 0 ----a-w- c:\windows\ativpsrm.bin
    2011-04-13 18:41:14 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-04-13 18:41:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-04-13 18:41:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-04-13 18:41:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-04-13 18:41:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-04-13 18:41:14 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-04-13 18:41:12 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-04-13 18:41:04 593920 ------w- c:\windows\system32\ati2sgag.exe
    2011-04-13 18:40:46 -------- d-----w- c:\program files\ATI Technologies
    2011-04-13 18:40:33 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-04-13 18:40:33 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-04-13 18:40:33 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll
    2011-04-13 18:40:33 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-04-13 18:40:33 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2011-04-13 18:40:12 -------- d-----w- C:\ATI
    2011-04-13 18:38:58 -------- d-----w- c:\windows\system32\Lang
    2011-04-13 18:24:50 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2011-04-13 18:24:46 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-04-13 18:18:05 -------- d-----w- c:\windows\ServicePackFiles
    2011-04-13 18:17:57 294912 ------w- c:\program files\windows media player\dlimport.exe
    2011-04-13 18:17:54 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2011-04-13 18:15:41 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-04-13 18:15:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-04-13 17:53:53 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-04-13 17:49:45 117248 ----a-w- c:\windows\system32\drivers\ianswxp.sys
    2011-04-13 17:49:40 81920 ------w- c:\windows\system32\drivers\iansmsg.dll
    2011-04-13 17:49:40 503808 ------w- c:\windows\system32\ncscrtp71.dll
    2011-04-13 17:49:40 430080 ------w- c:\windows\system32\Ncs2DMIX.dll
    2011-04-13 17:49:40 417792 ------w- c:\windows\system32\NcsCoLib.dll
    2011-04-13 17:49:40 344064 ------w- c:\windows\system32\ncscrt71.dll
    2011-04-13 17:49:40 323584 ------w- c:\windows\system32\Accesor.dll
    2011-04-13 17:49:40 20480 ------w- c:\windows\system32\drivers\iqvw32.sys
    2011-04-13 17:49:40 167936 ------w- c:\windows\system32\PRONtObj.dll
    2011-04-13 17:49:40 126976 ------w- c:\windows\system32\Ncs2InstUtility.dll
    2011-04-13 17:48:14 -------- d-----w- C:\Intel
    .
    ==================== Find3M ====================
    .
    2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
    2011-02-17 13:51:57 81920 ------w- c:\windows\system32\ieencode.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
    1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
    1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
    1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
    1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3300622AS rev.3.AAH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B4B4D0]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b517f0]; MOV EAX, [0x89b5186c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89BBA9C0]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x89BBE6D0]
    \Driver\atapi[0x89B59468] -> IRP_MJ_CREATE -> 0x89B4B4D0
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x89B4B31B
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 12:05:04.01 ===============



    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-09 13:16:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3300622AS rev.3.AAH
    Running: 1hl19ez8.exe; Driver: C:\DOCUME~1\mcox\LOCALS~1\Temp\pxtdqpow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\mcox\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF000A
    .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F0000A
    .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EE000C
    .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02AA000A
    .text C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00ED000A
    .text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C3000A
    .text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
    .text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89B4B31B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89B4B31B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89B4B31B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89B4B31B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-e 89B4B31B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 89B4B31B

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----


    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 6 Stepping 2
    Processor Count: 2
    RAM: 2047 Mb
    Graphics Card: Radeon X1600/X1650 Series , 1 Mb
    Hard Drives: C: Total - 286157 MB, Free - 224951 MB;
    Motherboard: ASUSTeK Computer INC., P5LD2-VM, Rev 1.xx, MB-1234567890
    Antivirus: None
     

    Attached Files:

  2. coxpac30

    coxpac30 Thread Starter

    Joined:
    May 9, 2011
    Messages:
    3
    Is there anyone out there that can help me, or can I provide any additional information?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/995899

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice