Windows Update blocked, browser redirects, slow to load Windows

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

coxpac30

Thread Starter
Joined
May 9, 2011
Messages
3
I recently installed Windows XP and all my programs on a new hard drive, as the old one would not boot. Last week I received a "Generic host process for Win32 services" error. My machine locked up, and I had to restart. Then I started having issues where Windows would not load or would take a very long time. I am able to start Windows in Safe Mode, but it takes much longer than it should.

Now sometimes when starting IE or Firefox or when surfing, new tabs are started on spammy webpages. Other times, IE or Firefox will not start. I also cannot go to the Windows Update site.

Neither Malwarebytes nor Avast find any instance of infection.

AVG says that it finds 6 infections and repairs 3. Just in case it would help, here is that part of the AVG log file:
(C:\WINDOWS\system32\svchost.exe (3440):\memory_001a0000 Trojan horse Agent_r.XJ
C:\WINDOWS\system32\svchost.exe (3440) Trojan horse Agent_r.XJ Object was removed.
C:\Program Files\Internet Explorer\iexplore.exe (2652):\memory_00260000 Trojan horse Agent_r.XJ
C:\Program Files\Internet Explorer\iexplore.exe (2652) Trojan horse Agent_r.XJ Object was removed.
C:\WINDOWS\explorer.exe (1484):\memory_001a0000 Trojan horse Agent_r.XJ
C:\WINDOWS\explorer.exe (1484) Trojan horse Agent_r.XJ Object was removed.)

Thanks for any help you can provide!
coxpac30

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:07 PM, on 5/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\mcox\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: AutoHook 2008.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UltraMon.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ims.jocogov.org
O15 - Trusted Zone: http://www2.wycokck.org
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1302720362015
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ADPDC1.allenbrand-drews.com
O17 - HKLM\Software\..\Telephony: DomainName = ADPDC1.allenbrand-drews.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ADPDC1.allenbrand-drews.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8122 bytes



.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by mcox at 12:03:17.46 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1644 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\mcox\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mcox\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\mcox\startm~1\programs\startup\autoho~1.lnk - c:\docume~1\mcox\applic~1\microsoft\installer\{c1673858-a2ed-4c3e-9004-755be906eab0}\2008icons.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{83cccbdc-3a56-4f3b-89df-69386c3b7d62}\IcoUltraMon.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: jocogov.org\ims
Trusted Zone: wycokck.org\www2
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302720362015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\mcox\applic~1\mozilla\firefox\profiles\u2h8cpr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Leapforce - Search Engine Evaluator Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: EWOQ Rater Helper: {feee3d1c-da92-4c21-8665-2425de7f53b7} - %profile%\extensions\{feee3d1c-da92-4c21-8665-2425de7f53b7}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-2-15 7421280]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-18 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-6 38224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-05-09 17:01:57 -------- d-----w- c:\program files\whitesmoketoolbar
2011-05-07 14:47:51 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-07 14:32:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-05-06 16:15:52 -------- d-----w- c:\program files\AVAST Software
2011-05-06 16:15:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-06 14:59:28 -------- d-----w- c:\windows\pss
2011-05-06 14:29:00 -------- d-----w- c:\docume~1\mcox\applic~1\Malwarebytes
2011-05-06 14:28:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 14:28:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 14:28:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-06 14:28:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-06 14:13:31 -------- d-----w- c:\program files\MSXML 4.0
2011-05-04 15:40:25 -------- d-----w- c:\program files\AnswerWorks 4.0
2011-05-04 15:39:20 -------- d-----w- C:\Land Projects 2004
2011-05-04 15:39:19 -------- d-----w- c:\program files\Land Desktop 2004
2011-04-29 19:10:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-29 19:10:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 19:10:46 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-29 16:58:31 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\File Renamer Basic
2011-04-29 16:58:00 121229 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2011-04-29 16:57:57 -------- d-----w- c:\program files\File Renamer
2011-04-25 13:37:02 -------- d-----w- c:\program files\iPod
2011-04-25 13:31:20 -------- d-----w- c:\program files\Bonjour
2011-04-18 16:38:23 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Mozilla
2011-04-18 15:33:49 -------- d-----w- c:\windows\system32\appmgmt
2011-04-18 15:32:50 -------- d-----w- c:\documents and settings\mcox\.thumbnails
2011-04-18 15:25:54 -------- d-----w- c:\documents and settings\mcox\.gimp-2.6
2011-04-18 15:24:48 -------- d-----w- c:\program files\GIMP-2.0
2011-04-18 15:22:36 -------- d-----w- c:\program files\TerraGo Technologies
2011-04-18 15:22:36 -------- d-----w- c:\program files\common files\TerraGo
2011-04-18 15:08:41 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Downloaded Installations
2011-04-14 20:28:12 -------- d--h--w- C:\$AVG
2011-04-14 19:52:12 -------- d-----w- c:\docume~1\mcox\applic~1\AVG10
2011-04-14 19:27:19 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Temp
2011-04-14 19:12:35 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-14 19:10:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-14 19:10:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-14 19:09:15 -------- d-----w- c:\program files\AVG
2011-04-14 18:56:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-14 18:41:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-14 18:41:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-14 18:41:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-14 18:41:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-04-14 17:50:18 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Google
2011-04-14 16:53:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-14 16:53:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-14 16:52:51 -------- d-----w- c:\program files\iTunes
2011-04-14 16:52:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-04-14 16:52:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-04-14 16:51:56 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Apple
2011-04-14 16:51:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-04-14 16:51:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-14 16:21:44 -------- d--h--w- c:\windows\PIF
2011-04-14 16:00:56 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Adobe
2011-04-14 16:00:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-04-14 14:39:49 -------- d-----w- c:\program files\PalletteAutohideSpeed
2011-04-14 14:35:57 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-14 14:35:57 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-04-14 14:01:46 -------- d-----w- C:\CADTemp
2011-04-14 13:52:59 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Stardock
2011-04-14 13:36:54 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Apple Computer
2011-04-14 13:34:40 -------- d-----w- c:\docume~1\mcox\applic~1\Stardock
2011-04-14 13:34:25 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2011-04-14 13:34:18 -------- d-----w- c:\program files\Stardock
2011-04-14 13:33:55 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\PackageAware
2011-04-14 13:33:28 -------- d-----w- c:\docume~1\mcox\applic~1\Windows Search
2011-04-13 21:53:00 -------- d-----w- c:\windows\Downloaded Installations
2011-04-13 21:51:29 -------- d-----w- c:\docume~1\mcox\applic~1\Xerox
2011-04-13 21:50:17 -------- d-----w- c:\program files\MSECache
2011-04-13 21:49:48 -------- d-----w- c:\program files\Crimson Editor
2011-04-13 21:49:12 -------- d-----w- c:\program files\common files\KIP
2011-04-13 21:49:10 -------- d-----w- c:\program files\KIP
2011-04-13 21:48:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2011-04-13 21:44:55 -------- d-----w- c:\docume~1\mcox\applic~1\Realtime Soft
2011-04-13 21:44:53 -------- d-----w- c:\program files\UltraMon
2011-04-13 21:44:53 -------- d-----w- c:\program files\common files\Realtime Soft
2011-04-13 21:44:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2011-04-13 21:43:28 28672 ----a-r- c:\docume~1\mcox\applic~1\microsoft\installer\{c1673858-a2ed-4c3e-9004-755be906eab0}\_A520EF8C30D0_440D_98A4_8ED14050EE88.exe
2011-04-13 21:43:27 -------- d-----w- c:\program files\AutoHook 2008
2011-04-13 21:32:34 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-13 21:31:29 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.2
2011-04-13 21:23:54 -------- d-----w- c:\program files\AutoCAD Civil 3D 2008
2011-04-13 21:23:54 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Autodesk
2011-04-13 21:23:54 -------- d-----w- c:\docume~1\mcox\applic~1\Autodesk
2011-04-13 21:23:54 -------- d-----w- C:\Civil 3D Projects
2011-04-13 21:23:54 -------- d-----w- C:\Civil 3D Project Templates
2011-04-13 21:22:45 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-04-13 21:22:45 -------- d-----w- c:\program files\Autodesk
2011-04-13 21:22:23 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2011-04-13 21:22:23 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2011-04-13 21:22:23 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2011-04-13 21:22:23 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2011-04-13 21:22:23 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2011-04-13 21:22:22 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2011-04-13 21:22:22 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2011-04-13 21:17:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-04-13 21:12:22 -------- d-----w- c:\windows\ShellNew
2011-04-13 21:12:17 -------- d-----w- c:\program files\common files\L&H
2011-04-13 20:56:39 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\ApplicationHistory
2011-04-13 20:47:20 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\ATI
2011-04-13 20:31:18 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-13 20:31:01 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-13 20:30:54 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-13 20:30:54 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-13 20:30:54 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-13 20:30:54 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-13 20:30:54 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-13 20:30:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-13 20:30:54 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-13 20:30:54 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-13 20:30:54 -------- d-----w- C:\4aa2c49b2c81ffe9e761b5
2011-04-13 20:22:16 -------- d-----w- c:\docume~1\mcox\locals~1\applic~1\Identities
2011-04-13 20:22:15 -------- d-----w- c:\docume~1\mcox\applic~1\Windows Desktop Search
2011-04-13 20:21:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-13 20:21:42 -------- d-----w- c:\program files\Windows Desktop Search
2011-04-13 20:20:58 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-04-13 20:20:58 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-04-13 20:20:58 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-04-13 20:20:09 -------- d-----w- c:\program files\Windows Media Connect 2
2011-04-13 20:18:40 -------- d-----w- c:\windows\system32\LogFiles
2011-04-13 20:17:25 -------- d-----w- c:\windows\system32\URTTEMP
2011-04-13 19:48:52 -------- d-sh--w- c:\documents and settings\mcox\IECompatCache
2011-04-13 19:48:28 -------- d-sh--w- c:\documents and settings\mcox\PrivacIE
2011-04-13 19:41:55 -------- d-sh--w- c:\documents and settings\mcox\IETldCache
2011-04-13 19:14:46 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-13 19:14:20 -------- d-----w- c:\windows\ie8updates
2011-04-13 19:14:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-13 19:14:15 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-13 19:14:15 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-13 19:14:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-13 19:14:15 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-04-13 19:14:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-13 19:14:15 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-04-13 19:13:14 -------- dc-h--w- c:\windows\ie8
2011-04-13 19:00:13 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-04-13 18:58:00 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-13 18:57:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-04-13 18:57:42 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-04-13 18:57:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-04-13 18:57:33 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-13 18:56:46 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-04-13 18:56:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-04-13 18:55:54 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-04-13 18:54:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-04-13 18:54:29 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-04-13 18:54:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-04-13 18:53:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-04-13 18:52:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-04-13 18:50:13 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-04-13 18:50:13 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-04-13 18:50:13 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-04-13 18:50:13 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-04-13 18:50:13 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-04-13 18:50:13 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-04-13 18:50:13 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-04-13 18:50:13 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-04-13 18:50:12 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-04-13 18:50:12 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-04-13 18:50:12 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-04-13 18:50:12 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-04-13 18:49:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-04-13 18:49:54 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-04-13 18:49:22 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-04-13 18:49:19 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-04-13 18:48:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-04-13 18:48:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-04-13 18:48:00 -------- d-----w- c:\windows\system32\PreInstall
2011-04-13 18:47:58 -------- d--h--w- c:\windows\$hf_mig$
2011-04-13 18:45:32 -------- d-sh--w- c:\documents and settings\mcox\UserData
2011-04-13 18:43:26 0 ----a-w- c:\windows\ativpsrm.bin
2011-04-13 18:41:14 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-04-13 18:41:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-04-13 18:41:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-04-13 18:41:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-04-13 18:41:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-04-13 18:41:14 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-04-13 18:41:12 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-04-13 18:41:04 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-04-13 18:40:46 -------- d-----w- c:\program files\ATI Technologies
2011-04-13 18:40:33 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-04-13 18:40:33 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-04-13 18:40:33 221184 ------w- c:\program files\common files\installshield\iscript\IScript.dll
2011-04-13 18:40:33 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-04-13 18:40:33 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-04-13 18:40:12 -------- d-----w- C:\ATI
2011-04-13 18:38:58 -------- d-----w- c:\windows\system32\Lang
2011-04-13 18:24:50 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-04-13 18:24:46 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-04-13 18:18:05 -------- d-----w- c:\windows\ServicePackFiles
2011-04-13 18:17:57 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-04-13 18:17:54 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-04-13 18:15:41 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-04-13 18:15:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-04-13 17:53:53 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-13 17:49:45 117248 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2011-04-13 17:49:40 81920 ------w- c:\windows\system32\drivers\iansmsg.dll
2011-04-13 17:49:40 503808 ------w- c:\windows\system32\ncscrtp71.dll
2011-04-13 17:49:40 430080 ------w- c:\windows\system32\Ncs2DMIX.dll
2011-04-13 17:49:40 417792 ------w- c:\windows\system32\NcsCoLib.dll
2011-04-13 17:49:40 344064 ------w- c:\windows\system32\ncscrt71.dll
2011-04-13 17:49:40 323584 ------w- c:\windows\system32\Accesor.dll
2011-04-13 17:49:40 20480 ------w- c:\windows\system32\drivers\iqvw32.sys
2011-04-13 17:49:40 167936 ------w- c:\windows\system32\PRONtObj.dll
2011-04-13 17:49:40 126976 ------w- c:\windows\system32\Ncs2InstUtility.dll
2011-04-13 17:48:14 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:51:57 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3300622AS rev.3.AAH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B4B4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b517f0]; MOV EAX, [0x89b5186c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89BBA9C0]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x89BBE6D0]
\Driver\atapi[0x89B59468] -> IRP_MJ_CREATE -> 0x89B4B4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B4B31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:05:04.01 ===============



GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-09 13:16:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3300622AS rev.3.AAH
Running: 1hl19ez8.exe; Driver: C:\DOCUME~1\mcox\LOCALS~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\mcox\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EE000C
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02AA000A
.text C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00ED000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89B4B31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89B4B31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89B4B31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89B4B31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-e 89B4B31B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 89B4B31B

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----


Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 6 Stepping 2
Processor Count: 2
RAM: 2047 Mb
Graphics Card: Radeon X1600/X1650 Series , 1 Mb
Hard Drives: C: Total - 286157 MB, Free - 224951 MB;
Motherboard: ASUSTeK Computer INC., P5LD2-VM, Rev 1.xx, MB-1234567890
Antivirus: None
 

Attachments

coxpac30

Thread Starter
Joined
May 9, 2011
Messages
3
Is there anyone out there that can help me, or can I provide any additional information?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top