Tech Support Forum - View Single Post - Help needed. Red X in taskbar that says "Your computer is infected!

iiiput · 11-04-2008, 09:24 PM

Steps completed. Here is the log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-04 23:23:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 29 GB (77%) free of 38 GB
Total RAM: 766 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:56 PM, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://72.17.246.138/cab/OCXChecker_6110.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6364 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2002-11-01 208560]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2002-10-17 4608]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-10-11 126976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-10-11 561152]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe [2004-04-06 172032]
"HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-06 49152]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPHmon06"=C:\WINDOWS\System32\hphmon06.exe [2004-06-06 659456]
"QuickTime Task"=C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [2006-02-01 155648]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-18 590848]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Linksys Wireless-N Notebook Adapter"=C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe [2006-04-28 36864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleStartMenu"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast"
"C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-04 22:49:48 ----SHD---- C:\RECYCLER
2008-11-04 21:20:11 ----D---- C:\WINDOWS\temp
2008-11-04 21:20:09 ----A---- C:\ComboFix.txt
2008-11-04 21:15:30 ----A---- C:\WINDOWS\zip.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\VFIND.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWSC.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWREG.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\sed.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\grep.exe
2008-11-04 21:15:30 ----A---- C:\WINDOWS\fdsv.exe
2008-11-04 21:15:20 ----D---- C:\WINDOWS\ERDNT
2008-11-04 21:15:20 ----D---- C:\Qoobox
2008-11-02 00:38:19 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\Process.exe
2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-11-01 21:29:56 ----D---- C:\Program Files\Windows Defender
2008-11-01 16:50:15 ----A---- C:\WINDOWS\gmer.ini
2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer.exe
2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer.dll
2008-11-01 16:47:50 ----A---- C:\log.txt
2008-11-01 16:47:00 ----D---- C:\rsit
2008-11-01 16:47:00 ----D---- C:\Program Files\trend micro
2008-10-24 15:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 17:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 17:54:02 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-15 17:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 1 months======

2008-11-04 23:23:56 ----D---- C:\WINDOWS\Prefetch
2008-11-04 22:55:49 ----D---- C:\WINDOWS\system32
2008-11-04 22:55:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 22:54:40 ----SD---- C:\WINDOWS\Tasks
2008-11-04 22:50:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 21:25:48 ----D---- C:\Program Files\Hijackthis
2008-11-04 21:20:11 ----D---- C:\WINDOWS
2008-11-04 21:18:30 ----A---- C:\WINDOWS\system.ini
2008-11-04 21:17:34 ----D---- C:\WINDOWS\system32\drivers
2008-11-04 21:17:34 ----D---- C:\WINDOWS\AppPatch
2008-11-04 21:17:34 ----D---- C:\Program Files\Common Files
2008-11-04 18:52:14 ----D---- C:\Program Files\Mozilla Firefox
2008-11-04 18:41:52 ----SHD---- C:\WINDOWS\Installer
2008-11-04 18:41:52 ----HD---- C:\Config.Msi
2008-11-04 18:40:57 ----RHD---- C:\$VAULT$.AVG
2008-11-04 18:34:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 18:33:44 ----D---- C:\Documents and Settings\Owner\Application Data\AVG7
2008-11-02 10:36:09 ----D---- C:\WINDOWS\system32\768890
2008-11-02 09:34:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 00:38:19 ----RD---- C:\Program Files
2008-11-02 00:30:25 ----A---- C:\rapport.txt
2008-11-02 00:29:11 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-02 00:12:40 ----RASH---- C:\boot.ini
2008-11-02 00:12:40 ----A---- C:\WINDOWS\win.ini
2008-11-01 23:57:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 21:29:58 ----HD---- C:\WINDOWS\inf
2008-11-01 21:29:58 ----D---- C:\WINDOWS\WinSxS
2008-11-01 21:29:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-01 16:42:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-01 16:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-01 16:41:44 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-01 16:41:42 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-01 16:02:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-24 15:28:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 17:58:12 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 17:50:56 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-22 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-04-07 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-04-07 27776]
R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2007-12-20 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-03-21 17156]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-10-17 36348]
R3 BCM43XX;Linksys Wireless-N Notebook Adapter WPC300N Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2006-04-24 543104]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-12-17 42368]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-10-17 1174128]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2002-10-17 159652]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-11-11 193840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-10-11 264528]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-10-17 602512]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A; C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 31799]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B; C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 33335]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-02-04 109280]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-02-04 78304]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-01 85969]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-04-07 49664]
R2 NICSer_WPC300N;NICSer_WPC300N; C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe [2003-11-13 452608]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

11-04-2008, 09:24 PM	#12 (permalink)
iiiput Registered User Join Date: May 2008 Posts: 17 OS: XP	Re: Help needed. Red X in taskbar that says "Your computer is infected! Steps completed. Here is the log: Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-11-04 23:23:46 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (77%) free of 38 GB Total RAM: 766 MB (47% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:56 PM, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon06.exe C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe C:\Program Files\trend micro\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://72.17.246.138/cab/OCXChecker_6110.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 6364 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\HP Usg Daily.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976] "DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2002-11-01 208560] "CARPService"=C:\WINDOWS\system32\carpserv.exe [2002-10-17 4608] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-10-11 126976] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-10-11 561152] "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe [2004-04-06 172032] "HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-06 49152] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664] "HPHmon06"=C:\WINDOWS\System32\hphmon06.exe [2004-06-06 659456] "QuickTime Task"=C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [2006-02-01 155648] "AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-18 590848] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "Linksys Wireless-N Notebook Adapter"=C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe [2006-04-28 36864] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll msansspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSimpleStartMenu"= "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe::Enabled:avginet.exe" "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE::Enabled:Microsoft Office PowerPoint" "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE::Enabled:Microsoft Office Word" "C:\StubInstaller.exe"="C:\StubInstaller.exe::Enabled:LimeWire swarmed installer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe::Enabled:SopCast" "C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Owner\Application Data\SopCast\adv\SopAdver.exe::Enabled:SopAdver" "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe::Enabled:TVAnts" "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe::Enabled:TVUPlayer Component" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2008-11-04 22:49:48 ----SHD---- C:\RECYCLER 2008-11-04 21:20:11 ----D---- C:\WINDOWS\temp 2008-11-04 21:20:09 ----A---- C:\ComboFix.txt 2008-11-04 21:15:30 ----A---- C:\WINDOWS\zip.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\VFIND.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWSC.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\SWREG.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\sed.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\grep.exe 2008-11-04 21:15:30 ----A---- C:\WINDOWS\fdsv.exe 2008-11-04 21:15:20 ----D---- C:\WINDOWS\ERDNT 2008-11-04 21:15:20 ----D---- C:\Qoobox 2008-11-02 00:38:19 ----D---- C:\Program Files\EsetOnlineScanner 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\VACFix.exe 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\o4Patch.exe 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\IEDFix.exe 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\IEDFix.C.exe 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-11-02 00:29:00 ----A---- C:\WINDOWS\system32\404Fix.exe 2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\WS2Fix.exe 2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\VCCLSID.exe 2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\SrchSTS.exe 2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\Process.exe 2008-11-02 00:28:59 ----A---- C:\WINDOWS\system32\dumphive.exe 2008-11-01 21:29:56 ----D---- C:\Program Files\Windows Defender 2008-11-01 16:50:15 ----A---- C:\WINDOWS\gmer.ini 2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer.exe 2008-11-01 16:50:13 ----A---- C:\WINDOWS\gmer.dll 2008-11-01 16:47:50 ----A---- C:\log.txt 2008-11-01 16:47:00 ----D---- C:\rsit 2008-11-01 16:47:00 ----D---- C:\Program Files\trend micro 2008-10-24 15:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-15 17:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 17:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 17:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 17:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 17:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-15 17:54:02 ----A---- C:\WINDOWS\system32\MRT.INI 2008-10-15 17:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ ======List of files/folders modified in the last 1 months====== 2008-11-04 23:23:56 ----D---- C:\WINDOWS\Prefetch 2008-11-04 22:55:49 ----D---- C:\WINDOWS\system32 2008-11-04 22:55:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-04 22:54:40 ----SD---- C:\WINDOWS\Tasks 2008-11-04 22:50:27 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-04 21:25:48 ----D---- C:\Program Files\Hijackthis 2008-11-04 21:20:11 ----D---- C:\WINDOWS 2008-11-04 21:18:30 ----A---- C:\WINDOWS\system.ini 2008-11-04 21:17:34 ----D---- C:\WINDOWS\system32\drivers 2008-11-04 21:17:34 ----D---- C:\WINDOWS\AppPatch 2008-11-04 21:17:34 ----D---- C:\Program Files\Common Files 2008-11-04 18:52:14 ----D---- C:\Program Files\Mozilla Firefox 2008-11-04 18:41:52 ----SHD---- C:\WINDOWS\Installer 2008-11-04 18:41:52 ----HD---- C:\Config.Msi 2008-11-04 18:40:57 ----RHD---- C:\$VAULT$.AVG 2008-11-04 18:34:00 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-04 18:33:44 ----D---- C:\Documents and Settings\Owner\Application Data\AVG7 2008-11-02 10:36:09 ----D---- C:\WINDOWS\system32\768890 2008-11-02 09:34:53 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-02 00:38:19 ----RD---- C:\Program Files 2008-11-02 00:30:25 ----A---- C:\rapport.txt 2008-11-02 00:29:11 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-02 00:12:40 ----RASH---- C:\boot.ini 2008-11-02 00:12:40 ----A---- C:\WINDOWS\win.ini 2008-11-01 23:57:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-01 21:29:58 ----HD---- C:\WINDOWS\inf 2008-11-01 21:29:58 ----D---- C:\WINDOWS\WinSxS 2008-11-01 21:29:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-01 16:42:17 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-01 16:42:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-01 16:41:44 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-11-01 16:41:42 ----D---- C:\Program Files\SUPERAntiSpyware 2008-11-01 16:02:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-24 15:28:13 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-15 17:58:12 ----A---- C:\WINDOWS\imsins.BAK 2008-10-15 17:50:56 ----D---- C:\Program Files\Internet Explorer 2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-22 821856] R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-04-07 4224] R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-04-07 27776] R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2007-12-20 10760] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-03-21 17156] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-10-17 36348] R3 BCM43XX;Linksys Wireless-N Notebook Adapter WPC300N Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2006-04-24 543104] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-12-17 42368] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS [] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-10-17 1174128] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2002-10-17 159652] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998] R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-11-11 193840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-10-11 264528] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-10-17 602512] S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A; C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 31799] S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B; C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 33335] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-02-04 109280] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-02-04 78304] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-01 85969] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-03-18 51088] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-03-18 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-03-18 21744] S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-22 418816] R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-04-07 49664] R2 NICSer_WPC300N;NICSer_WPC300N; C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe [2003-11-13 452608] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF-----------------