??? I have 2 - explorer.exe files running ???

[PuRpLe_EmO_eMuS]

Im hoping that someone mite be able to help me with this.

My name is Rob and for the past few weeks Ive noticed that my laptop is starting to run alot slower then it used to. Also I use Firefox but id say at least 4 to 5 times in the time that i spend online I get a warning about a add-on for IE that is needed. I dont know if pop up would be apporpriate for it for it is an add-on warning and not a IE window.

Just a slight history ive always had a protection running on my computer but apperently there not all perfect. I use AVG but had Avast before that. SUPERAntiSpyware, Adaware, and so on... about a week ago i did a full system scan and did find a virus. looking back at the logs it was: Trojan horse Downloader.Agent.ALMI. I did research online and found how to remove it and it worked as stated. But i now fear that this has infected my system worse. :/ Though all the scans i do now come up nothing except cookies from the net...(even in safe mode)

Now since then ive noticed that in my task manager i have 2... yes count them 2 explorer.exe's running?? But heres the weird thing.. its only at different times.. no rhyme or reason.. i dont start the same program and notice it did it.. nothing.. im baffaled by this O___o

i have followed the steps and included my hijackthis log below and will subscribe to this thread too :)

☻ Thankx PuRpLe_EmO_eMuS ☻


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:58 AM, on 10/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Cingular\Communication Manager\CingularCCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Cingular Communication Manager] "C:\Program Files\Cingular\Communication Manager\CingularCCM.exe" -a
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CF7E98-45C8-4FB5-A148-CF8422B120C7}: NameServer = 209.183.33.23 209.183.35.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8141 bytes

My computer details i put in my profile but if u need them just let me know.

[PuRpLe_EmO_eMuS]

i know its wrong but its been 11 days now and i havent got a reply :(
someone plz help me
*bump*

[Ried]

Hello PuRpLe_EmO_eMuS,

I'd like to see a more comprehensive set of logs. Download RSIT.exe and save it to your desktop.

• Double click on RSIT.exe to run the tool.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[PuRpLe_EmO_eMuS]

Hey Ried,

Heres a new one that has been happening. I use Firefox but i keep getting the pop up that says IE needs to install a add-on from time to time now. I keep canceling it for it does not tell me what add-on at all and no publisher either. Even then im not even using IE anymore.

So anyways i got RSIT and saved it to my C: drive and ran it.

The following are the results. I await further instructions.

Thanks for your quick reply btw.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Rob at 2008-10-17 12:23:39
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 72 GB (51%) free of 142 GB
Total RAM: 1917 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:42 PM, on 10/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Cingular\Communication Manager\CingularCCM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rob\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rob.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Cingular Communication Manager] "C:\Program Files\Cingular\Communication Manager\CingularCCM.exe" -a
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CF7E98-45C8-4FB5-A148-CF8422B120C7}: NameServer = 209.183.33.23 209.183.35.23
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8597 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-27 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-10-26 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-11 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-11 2055960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2006-11-21 1540096]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-16 1234712]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
""= []
"Cingular Communication Manager"=C:\Program Files\Cingular\Communication Manager\CingularCCM.exe [2007-03-14 19968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"P2kAutostart"= []
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-05-29 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-07-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cingular Communication Manager]
C:\Program Files\Cingular\Communication Manager\CingularCCM.exe [2007-03-14 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
c:\dell\dsca.exe [2007-07-30 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Windows\sttray.exe [2007-02-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-27 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-26 45056]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e58aa6-7d7e-11dd-97c7-00f1d000f1d0}]
shell\AutoRun\command - F:\AUTORUN.EXE


======List of files/folders created in the last 1 months======

2008-10-15 13:02:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 13:02:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 13:02:55 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 13:02:54 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 13:02:53 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 13:02:52 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 13:02:52 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 13:02:52 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 13:02:51 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-13 00:07:56 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-05 04:05:58 ----D---- C:\rsit
2008-10-05 03:03:10 ----D---- C:\Program Files\SpywareBlaster
2008-10-05 03:03:10 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2008-10-05 02:51:23 ----D---- C:\Program Files\CleanUp!
2008-09-28 17:30:22 ----A---- C:\avgrep.txt
2008-09-26 16:52:47 ----D---- C:\Program Files\AskPBar
2008-09-26 16:51:54 ----D---- C:\Program Files\Trillian
2008-09-22 20:36:15 ----D---- C:\Program Files\Common Files\wsm
2008-09-22 18:44:47 ----D---- C:\Program Files\WinPcap
2008-09-22 17:53:22 ----A---- C:\Windows\system32\erdmpg-parse.dll
2008-09-22 17:53:22 ----A---- C:\Windows\system32\erdmpg-int.dll
2008-09-22 17:53:22 ----A---- C:\Windows\system32\erdmpg-enc.dll
2008-09-22 17:53:22 ----A---- C:\Windows\system32\erdmpg-5.2.dll
2008-09-22 17:53:22 ----A---- C:\Windows\system32\DirectEncode.dll
2008-09-22 17:53:21 ----A---- C:\Windows\system32\GdiPlus.dll
2008-09-22 17:40:01 ----D---- C:\Program Files\Solent
2008-09-20 14:01:22 ----D---- C:\Windows\OPTIONS
2008-09-20 14:01:06 ----D---- C:\Program Files\Susteen
2008-09-19 23:16:28 ----D---- C:\Program Files\Common Files\Research in Motion
2008-09-19 04:37:06 ----D---- C:\ProgramData\Messenger Plus!
2008-09-19 04:18:34 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-18 14:19:29 ----D---- C:\Users\Rob\AppData\Roaming\Roxio
2008-09-18 04:13:53 ----D---- C:\Program Files\Windows Live

======List of files/folders modified in the last 1 months======

2008-10-17 12:23:41 ----D---- C:\Windows\Temp
2008-10-17 12:13:25 ----SHD---- C:\Windows\Installer
2008-10-17 12:13:24 ----RD---- C:\Program Files
2008-10-17 12:13:05 ----SHD---- C:\System Volume Information
2008-10-17 11:55:47 ----D---- C:\Windows\Prefetch
2008-10-17 11:45:31 ----A---- C:\Windows\ntbtlog.txt
2008-10-17 11:44:04 ----SHD---- C:\$Recycle.Bin
2008-10-17 11:43:39 ----RD---- C:\Users
2008-10-17 10:40:15 ----SD---- C:\ProgramData\Microsoft
2008-10-16 20:40:05 ----D---- C:\Windows\winsxs
2008-10-16 20:29:58 ----D---- C:\Windows\system32\catroot2
2008-10-16 20:29:58 ----D---- C:\Windows\system32\catroot
2008-10-16 20:23:45 ----D---- C:\Windows\system32\drivers
2008-10-16 20:23:45 ----D---- C:\Program Files\Windows Mail
2008-10-16 20:23:45 ----AD---- C:\Windows\System32
2008-10-16 20:23:44 ----D---- C:\Windows\system32\migration
2008-10-13 14:29:53 ----D---- C:\Users\Rob\AppData\Roaming\Audacity
2008-10-13 00:07:56 ----HD---- C:\ProgramData
2008-10-12 09:27:07 ----D---- C:\Windows\inf
2008-10-12 09:27:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-11 20:05:34 ----D---- C:\Windows
2008-10-11 14:59:42 ----D---- C:\Program Files\Yahoo!
2008-10-09 04:16:24 ----HD---- C:\$AVG8.VAULT$
2008-10-07 15:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-05 03:22:22 ----AD---- C:\ProgramData\TEMP
2008-10-03 03:13:15 ----D---- C:\Windows\__eereg
2008-10-01 05:29:45 ----D---- C:\Windows\system32\config
2008-09-28 19:56:09 ----SD---- C:\Windows\Downloaded Program Files
2008-09-28 19:49:12 ----D---- C:\Program Files\Mozilla Firefox
2008-09-28 17:12:40 ----D---- C:\Program Files\Common Files
2008-09-26 0131 ----D---- C:\Windows\system32\oodag
2008-09-23 14:16:46 ----D---- C:\ProgramData\Yahoo!
2008-09-22 19:47:23 ----SD---- C:\Users\Rob\AppData\Roaming\Microsoft
2008-09-22 18:45:22 ----D---- C:\Windows\system32\Tasks
2008-09-20 15:54:17 ----D---- C:\p2kcommander
2008-09-20 14:33:17 ----D---- C:\ProgramData\BVRP Software
2008-09-20 14:03:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 23:14:37 ----D---- C:\ProgramData\Cingular
2008-09-19 04:42:01 ----D---- C:\Windows\Minidump
2008-09-19 00:09:44 ----D---- C:\ProgramData\Roxio
2008-09-19 00:04:31 ----D---- C:\Program Files\Evidence Eliminator
2008-09-18 15:22:19 ----D---- C:\Windows\Tasks
2008-09-18 14:17:52 ----D---- C:\Users\Rob\AppData\Roaming\Eltima Software
2008-09-18 11:36:50 ----D---- C:\Program Files\Microsoft Office
2008-09-18 11:35:53 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-18 04:12:04 ----D---- C:\ProgramData\WLInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-08-11 26824]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2007-12-31 33408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-08-11 69128]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GTFFBUS;GT FF BUS; C:\Windows\system32\DRIVERS\gtffbus.sys [2007-02-23 17152]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS; C:\Windows\system32\DRIVERS\Gtm51Irp.sys [2007-02-23 122240]
R3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-02-23 8064]
R3 GTUQBUS;GT UQ BUS; C:\Windows\system32\DRIVERS\gtuqbus.sys [2007-02-23 36992]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2006-11-03 158720]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2007-02-26 24304]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 2085888]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]
R3 tenCapture;tenCapture; C:\Windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 StudioPro;StudioPro webcam; C:\Windows\system32\DRIVERS\StudioPro.sys [2007-01-05 120320]
S3 AR5211;[CommView] Atheros Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\ar5211.sys [2007-08-22 558560]
S3 AteksoftAudio;WebCamera Plus Audio; C:\Windows\system32\drivers\ateksoftaudio.sys [2007-12-25 11776]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-03-12 45568]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM); C:\Windows\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mamovec;mamovec; C:\Windows\System32\Drivers\mamovec.sys [2005-06-16 24784]
S3 mamovem;mamovem; C:\Windows\System32\Drivers\mamovem.sys [2005-06-16 25044]
S3 mamoveu;mamoveu; C:\Windows\system32\DRIVERS\mamoveu.sys [2007-08-13 48853]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-03 18560]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-09-05 47360]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
S3 ser2plms;Deluo GPS USB port driver; C:\Windows\system32\DRIVERS\ser2plms.sys [2007-04-05 42240]
S3 SUSTUCAM;Susteen USB Cable Modem Driver; C:\Windows\system32\DRIVERS\sustucam.sys [2007-04-04 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver; C:\Windows\system32\DRIVERS\sustucap.sys [2007-04-04 38272]
S3 SUSTUCAU;Susteen USB Cable USB Driver; C:\Windows\system32\DRIVERS\sustucau.sys [2007-04-04 21376]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2006-11-20 43520]
S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2006-11-20 37376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2006-11-25 557056]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2006-11-21 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-10-17 12:23:52
======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
ATI Catalyst Control Center Ex-->MsiExec.exe /I{EAB9C426-6626-7B76-64F3-569FDCA9852D}
ATI PCI Express (3GIO) Filter Driver-->C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly
Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Call Assistant-->C:\Windows\WindowsMobile\Call Assistant\Uninstall.exe Call Assistant
CeRegEditor 0.0.4.4-->"C:\Program Files\CeRegEditor\unins000.exe"
Cingular Communication Manager-->MsiExec.exe /X{8D315319-150D-461A-A60B-034D17DC4214}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
DataPilot-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC} /l1033
Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
GTK+ Runtime 2.12.1 rev b (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hacker Evolution (1.00.0083) (remove only)-->"C:\Program Files\Hacker Evolution\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Motorola Driver Installation 3.5.0-->MsiExec.exe /I{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update-->MsiExec.exe /I{D5203057-E552-4903-BF49-5CC0F9E5EC84}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
PowerArchiver 2007-->MsiExec.exe /I{C297F052-BB51-43FF-B403-A4045D865816}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
ratDVD 0.78.1444-->C:\Program Files\ratDVD\uninst.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

[Ried]

Hi PuRpLe_EmO_eMuS,

Quote:

about a week ago i did a full system scan and did find a virus. looking back at the logs it was: Trojan horse Downloader.Agent.ALMI. I did research online and found how to remove it and it worked as stated.

Do you still have that log to refer to? If so, what was the location of that infection and what steps did you take to clean it?

I'd like you to run an online scan to search for remnants. Using Firefox or IE, perform an online scan at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[PuRpLe_EmO_eMuS]

I have done the online scan and the results are below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 18, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 12:31:51
Records in database: 1320761
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 116742
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:40:04


File name / Threat name / Threats count
C:\Users\Rob\Desktop\Stuff\Documents\Stuff.rar Infected: Trojan.JS.Seeker-based 1
C:\Users\Rob\Documents\Ebay Stuff To Sell\Ebay+Sales+Stuff.zip Infected: Trojan.JS.Seeker-based 1

The selected area was scanned.


What it's showing infected i have had for probably over a year now and i dont even use that anymore... im just a pack rat lol..
Now the scan that i did before and found the one virus i mentioned. I did some research online for it and found i needed to log into safe mode and do the scan and then delete the infected files found.

Looking back on my scan logs i have found the following

9/04/2008 1 infected file:
C:/Program File\DeluoGPS\GPS Wizard\uninstall.exe - Trojan horse Startpage.CZA

9/28/2008 1 infected file:
C:\$Recycle B\S-1-5-21-2293934993-143782535-2831528717-1000\$RXFQMFY.dll - Trojan horse Downloader.Agent.ALMI

I hope some of this helps you and i await your next step.

Thanks so much for all your help too!

[Ried]

It would really help me a great deal if you could tell me what you deleted. Do you still have that information available?

[PuRpLe_EmO_eMuS]

I have went through every log i have for all my protection programs and i cannot find the exact file. And off the top of my head i know it was located in the Windows\System32 folder. I cannot remember the exact file name but know it started with a "M". Im not sure why i done have the log of that day unless it didnt create one because it ran as a command prompt scan.

Sorry if this isn't a great help.

[Ried]

Thanks for trying. : )

There's really nothing for me to go on here. I see no malware in the logs, and even the HijackThis entries you've previously fixed are not malware related.

The only 'clue' I may have here is that you have installed Messenger Plus!. When you first installed it, you would have been advised of a Sponsor Program that would also be installed. Hopefully you declined that offer.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe

• Choose the language, then choose Option 1 (Search)
• When the tool has completed, please post the C:\lopR.txt

[PuRpLe_EmO_eMuS]

Hey Reid =)
Thanks for your quick responses with all this.. your amazing :D

The Messenger Plus i did install and i did say no to that sponsered stuff that tried to install so i dont think that is the problem.. but your the expert lol ..

Here is the log i got from that program... Hope it helps you some here...


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-58 )
BIOS : BIOS Version 2.6.1
USER : Rob ( Not Administrator ! )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 138 Go Free : 68 Go
D:\ (Local Disk) - NTFS - Total : 9 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Mon 10/20/2008| 1:44 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[11/23/2007|01:05] C:\Users\Rob\AppData\Local\<DIR> Adobe
[12/28/2007|05:51] C:\Users\Rob\AppData\Local\<DIR> Ahead
[01/20/2008|02:04] C:\Users\Rob\AppData\Local\<DIR> AOL
[06/17/2008|10:52] C:\Users\Rob\AppData\Local\<DIR> AOL OCP
[12/15/2007|10:24] C:\Users\Rob\AppData\Local\<DIR> Apple
[07/08/2008|11:12] C:\Users\Rob\AppData\Local\<DIR> Apple Computer
[11/23/2007|01:55] C:\Users\Rob\AppData\Local\<JUNCTION> Application Data
[11/23/2007|01:57] C:\Users\Rob\AppData\Local\<DIR> ATI
[09/16/2008|06:27] C:\Users\Rob\AppData\Local\<DIR> BVRP Software
[11/30/2007|07:46] C:\Users\Rob\AppData\Local\<DIR> Cingular
[10/01/2008|05:35] C:\Users\Rob\AppData\Local\680 d3d9caps.dat
[11/30/2007|07:17] C:\Users\Rob\AppData\Local\<DIR> DBUpdater
[10/19/2008|12:28] C:\Users\Rob\AppData\Local\60,416 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/17/2007|01:21] C:\Users\Rob\AppData\Local\<DIR> DeluoGPS
[11/24/2007|11:37] C:\Users\Rob\AppData\Local\<DIR> Evidence Eliminator
[12/01/2007|11:46] C:\Users\Rob\AppData\Local\<DIR> Frameworkx.com
[02/24/2008|09:15] C:\Users\Rob\AppData\Local\82,584 GDIPFONTCACHEV1.DAT
[09/18/2008|03:22] C:\Users\Rob\AppData\Local\<DIR> Google
[11/23/2007|01:55] C:\Users\Rob\AppData\Local\<JUNCTION> History
[10/19/2008|02:08] C:\Users\Rob\AppData\Local\1,523,023 IconCache.db
[03/06/2008|10:10] C:\Users\Rob\AppData\Local\<DIR> IsolatedStorage
[08/11/2008|03:32] C:\Users\Rob\AppData\Local\<DIR> Microsoft
[11/29/2007|01:19] C:\Users\Rob\AppData\Local\<DIR> Microsoft Games
[12/01/2007|11:51] C:\Users\Rob\AppData\Local\<DIR> Mozilla
[12/28/2007|05:45] C:\Users\Rob\AppData\Local\<DIR> Nero
[09/14/2008|07:41] C:\Users\Rob\AppData\Local\<DIR> Netlog
[03/22/2008|01:35] C:\Users\Rob\AppData\Local\<DIR> PokerStars
[09/08/2008|02:21] C:\Users\Rob\AppData\Local\<DIR> ratDVD
[12/02/2007|10:21] C:\Users\Rob\AppData\Local\<DIR> Steam
[12/02/2007|03:01] C:\Users\Rob\AppData\Local\<DIR> SupportSoft
[10/20/2008|01:43] C:\Users\Rob\AppData\Local\<DIR> Temp
[12/13/2007|08:12] C:\Users\Rob\AppData\Local\0 Tempinvoice0.pdf
[11/23/2007|01:55] C:\Users\Rob\AppData\Local\<JUNCTION> Temporary Internet Files
[02/08/2008|08:29] C:\Users\Rob\AppData\Local\<DIR> Thunderbird
[11/25/2007|01:06] C:\Users\Rob\AppData\Local\<DIR> VirtualStore
[11/25/2007|11:17] C:\Users\Rob\AppData\Local\<DIR> Yahoo
[03/06/2008|10:11] C:\Users\Rob\AppData\Local\<DIR> Yahoo! Inc
[03/06/2008|10:09] C:\Users\Rob\AppData\Local\<DIR> Yahoo!_Inc

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[10/19/2008 03:03 AM][--ah-----] C:\Windows\tasks\SA.DAT
[10/19/2008 03:00 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[06/17/2008|10:48] C:\ProgramData\<DIR> acccore
[02/06/2008|02:23] C:\ProgramData\<DIR> Adobe
[01/20/2008|02:03] C:\ProgramData\<DIR> AOL
[06/17/2008|10:51] C:\ProgramData\<DIR> AOL Downloads
[11/25/2007|11:01] C:\ProgramData\<DIR> AOL OCP
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Application Data
[08/11/2008|03:33] C:\ProgramData\<DIR> avg8
[09/20/2008|02:33] C:\ProgramData\<DIR> BVRP Software
[09/19/2008|11:14] C:\ProgramData\<DIR> Cingular
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Desktop
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Documents
[02/03/2008|06:03] C:\ProgramData\32 ezsid.dat
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Favorites
[01/27/2008|11:18] C:\ProgramData\<DIR> Google
[10/26/2007|07:13] C:\ProgramData\<DIR> InstallShield
[10/04/2008|09:40] C:\ProgramData\<DIR> Messenger Plus!
[10/17/2008|10:40] C:\ProgramData\<DIR> Microsoft
[11/29/2007|05:47] C:\ProgramData\<DIR> Mozilla
[12/04/2007|08:05] C:\ProgramData\<DIR> Novatel Wireless
[09/19/2008|12:09] C:\ProgramData\<DIR> Roxio
[10/26/2007|07:16] C:\ProgramData\<DIR> Sonic
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Start Menu
[08/14/2008|05:01] C:\ProgramData\<DIR> SUPERAntiSpyware.com
[11/26/2007|02:54] C:\ProgramData\<DIR> TamoSoft
[10/19/2008|03:21] C:\ProgramData\<DIR> TEMP
[11/23/2007|01:52] C:\ProgramData\<JUNCTION> Templates
[06/17/2008|10:48] C:\ProgramData\<DIR> Viewpoint
[09/18/2008|04:12] C:\ProgramData\<DIR> WLInstaller
[09/23/2008|02:16] C:\ProgramData\<DIR> Yahoo!
[10/13/2008|12:07] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[11/29/2007|12:05] C:\Program Files\<DIR> 7-Zip
[02/06/2008|02:23] C:\Program Files\<DIR> Adobe
[12/10/2007|11:05] C:\Program Files\<DIR> AF Uninstalls
[06/17/2008|10:52] C:\Program Files\<DIR> AIM6
[06/17/2008|10:43] C:\Program Files\<DIR> AIMQuickBuddy
[11/29/2007|08:14] C:\Program Files\<DIR> Alwil Software
[10/26/2007|07:08] C:\Program Files\<DIR> AMD
[01/12/2008|05:18] C:\Program Files\<DIR> ArtOfIllusion
[09/26/2008|04:52] C:\Program Files\<DIR> AskPBar
[08/18/2008|12:04] C:\Program Files\<DIR> a-squared Free
[10/26/2007|07:04] C:\Program Files\<DIR> ATI Technologies
[06/29/2008|11:32] C:\Program Files\<DIR> Audacity 1.3 Beta (Unicode)
[08/11/2008|03:33] C:\Program Files\<DIR> AVG
[11/27/2007|11:32] C:\Program Files\<DIR> bln
[06/08/2008|08:19] C:\Program Files\<DIR> CeRegEditor
[12/15/2007|07:25] C:\Program Files\<DIR> Cingular
[10/05/2008|02:51] C:\Program Files\<DIR> CleanUp!
[09/28/2008|05:12] C:\Program Files\<DIR> Common Files
[10/26/2007|06:50] C:\Program Files\<DIR> CONEXANT
[12/04/2007|08:00] C:\Program Files\<DIR> Dell
[04/22/2008|02:50] C:\Program Files\<DIR> DeluoGPS
[10/26/2007|07:11] C:\Program Files\<DIR> Digital Line Detect
[11/29/2007|02:47] C:\Program Files\<DIR> DivX
[09/09/2008|03:40] C:\Program Files\<DIR> Elaborate Bytes
[09/19/2008|12:04] C:\Program Files\<DIR> Evidence Eliminator
[04/23/2008|06:26] C:\Program Files\<DIR> Google
[08/27/2008|02:21] C:\Program Files\<DIR> Hacker Evolution
[09/20/2008|02:03] C:\Program Files\<DIR> InstallShield Installation Information
[09/12/2008|07:33] C:\Program Files\<DIR> Internet Explorer
[10/26/2007|07:03] C:\Program Files\<DIR> Java
[01/23/2008|12:04] C:\Program Files\<DIR> LegendSoftware
[09/19/2008|04:20] C:\Program Files\<DIR> Messenger Plus! Live
[11/02/2006|08:37] C:\Program Files\<DIR> Microsoft Games
[12/01/2007|10:09] C:\Program Files\<DIR> Microsoft IntelliPoint
[09/18/2008|11:36] C:\Program Files\<DIR> Microsoft Office
[09/01/2008|03:03] C:\Program Files\<DIR> Microsoft Silverlight
[09/10/2008|04:01] C:\Program Files\<DIR> Microsoft Works
[06/12/2008|10:02] C:\Program Files\<DIR> MoDaCo.SmartphoneGPSActivator
[10/26/2007|07:10] C:\Program Files\<DIR> Modem Diagnostic Tool
[09/16/2008|06:36] C:\Program Files\<DIR> Motorola
[09/16/2008|06:23] C:\Program Files\<DIR> Motorola Phone Tools
[09/12/2008|07:33] C:\Program Files\<DIR> Movie Maker
[09/28/2008|07:49] C:\Program Files\<DIR> Mozilla Firefox
[04/22/2008|02:46] C:\Program Files\<DIR> Mozilla Firefox 3 Beta 4
[11/02/2006|08:37] C:\Program Files\<DIR> MSBuild
[03/05/2008|12:10] C:\Program Files\<DIR> MSECache
[11/23/2007|02:17] C:\Program Files\<DIR> MSXML 4.0
[07/13/2008|06:34] C:\Program Files\<DIR> MySpace
[09/14/2008|07:41] C:\Program Files\<DIR> Netlog Photo Tool
[10/26/2007|07:10] C:\Program Files\<DIR> NetWaiting
[12/02/2007|02:50] C:\Program Files\<DIR> OO Software
[12/31/2007|03:24] C:\Program Files\<DIR> Pegasys Inc
[09/03/2008|09:48] C:\Program Files\<DIR> PopCap Games
[12/06/2007|12:09] C:\Program Files\<DIR> PowerArchiver
[12/15/2007|10:27] C:\Program Files\<DIR> QuickTime
[09/08/2008|02:19] C:\Program Files\<DIR> ratDVD
[12/27/2007|02:26] C:\Program Files\<DIR> Real
[11/02/2006|08:37] C:\Program Files\<DIR> Reference Assemblies
[10/26/2007|07:15] C:\Program Files\<DIR> Roxio
[12/01/2007|11:02] C:\Program Files\<DIR> Shock Utility
[10/26/2007|07:06] C:\Program Files\<DIR> SigmaTel
[09/22/2008|05:40] C:\Program Files\<DIR> Solent
[10/19/2008|03:20] C:\Program Files\<DIR> SpywareBlaster
[08/14/2008|05:01] C:\Program Files\<DIR> SUPERAntiSpyware
[09/20/2008|02:01] C:\Program Files\<DIR> Susteen
[10/27/2007|02:44] C:\Program Files\<DIR> Synaptics
[03/14/2008|10:49] C:\Program Files\<DIR> Tencent
[08/31/2008|09:10] C:\Program Files\<DIR> Trend Micro
[09/28/2008|05:13] C:\Program Files\<DIR> Trillian
[11/02/2006|09:01] C:\Program Files\<DIR> Uninstall Information
[11/29/2007|09:59] C:\Program Files\<DIR> VideoLAN
[11/25/2007|11:02] C:\Program Files\<DIR> Viewpoint
[09/05/2008|03:20] C:\Program Files\<DIR> VSO
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Calendar
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Collaboration
[09/12/2008|07:32] C:\Program Files\<DIR> Windows Defender
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Journal
[09/18/2008|04:19] C:\Program Files\<DIR> Windows Live
[08/11/2008|12:07] C:\Program Files\<DIR> Windows Live Safety Center
[10/16/2008|08:23] C:\Program Files\<DIR> Windows Mail
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Media Player
[05/26/2008|09:26] C:\Program Files\<DIR> Windows Mobile Device Handbook
[11/02/2006|08:37] C:\Program Files\<DIR> Windows NT
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Photo Gallery
[09/12/2008|07:33] C:\Program Files\<DIR> Windows Sidebar
[09/22/2008|06:44] C:\Program Files\<DIR> WinPcap
[10/11/2008|02:59] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/06/2008|02:23] C:\Program Files\Common Files\<DIR> Adobe
[06/17/2008|10:47] C:\Program Files\Common Files\<DIR> AOL
[11/28/2007|11:48] C:\Program Files\Common Files\<DIR> GTK
[10/26/2007|07:13] C:\Program Files\Common Files\<DIR> InstallShield
[10/26/2007|07:03] C:\Program Files\Common Files\<DIR> Java
[09/18/2008|11:35] C:\Program Files\Common Files\<DIR> microsoft shared
[09/16/2008|12:19] C:\Program Files\Common Files\<DIR> Motorola Shared
[09/16/2008|06:36] C:\Program Files\Common Files\<DIR> MSSoap
[11/29/2007|01:11] C:\Program Files\Common Files\<DIR> PX Storage Engine
[12/27/2007|02:26] C:\Program Files\Common Files\<DIR> Real
[09/19/2008|11:16] C:\Program Files\Common Files\<DIR> Research in Motion
[10/26/2007|07:12] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/02/2006|07:18] C:\Program Files\Common Files\<DIR> Services
[10/26/2007|07:15] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/02/2006|07:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/26/2007|07:13] C:\Program Files\Common Files\<DIR> SureThing Shared
[07/13/2008|06:30] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/12/2008|07:32] C:\Program Files\Common Files\<DIR> System
[12/23/2007|05:06] C:\Program Files\Common Files\<DIR> Thraex Software
[11/26/2007|12:05] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[08/14/2008|05:00] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[09/22/2008|08:36] C:\Program Files\Common Files\<DIR> wsm
[12/27/2007|02:26] C:\Program Files\Common Files\<DIR> xing shared
[12/04/2007|08:00] C:\Program Files\Common Files\<DIR> Zeepe Framework 7

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 01:45:09
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 84

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..


[F:943][D:15]-> C:\Users\Rob\AppData\Local\Temp
[F:4][D:1]-> C:\Users\Rob\AppData\Roaming\MICROS~1\Windows\Cookies
[F:106][D:4]-> C:\Users\Rob\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:23][D:16]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Mon 10/20/2008| 1:46 - Option : [1]

--------------------\\ Scan completed at 1:46:57
[ UAC => 1 ]

[PuRpLe_EmO_eMuS]

i took a screen shot of my task manager for you.. this was the first sign of something possibly being wrong. The 2 explorer.exe files running.

[Ried]

Hi,

Quote:

The Messenger Plus i did install and i did say no to that sponsered stuff that tried to install so i dont think that is the problem

Good, and that is verified by the scan you just posted.

It can be normal for Vista to have 2 explorer.exe's running. For example, I have 2 instances running on my Vista. Loading under one of them is QPService.exe which is related to HP's QuickPlay. Although, the amount of mem usage under that one is much smaller than the explorer.exe that is running everything else.

Let's take a look at what is loading under each of yours. Download & Install - Process Explorer

Extract the files and double click on procexp.exe to start the tool.

Next to each instance of explorer.exe there should be a '+'. Click that to expand the tree and tell me what is loading under each of those instances.

[PuRpLe_EmO_eMuS]

Ok heres what i got:

explorer.exe (1) had:

MSASCui.exe
SynTPEnh.exe
WLTRAY.EXE
ipoint.exe
avgtray.exe
VCDDaemon.exe
sttray.exe
ehtray.exe
SUPERAntiSpyware.exe
msnmsgr.exe
DLG.exe
CingularCCM.exe
firefox.exe

and explorer.exe (2) has:
procexp.exe

awaiting your instructions =)

[Ried]

Hi,

All of those are legit programs. I think this is just Vista being 'Vista'. If you'd like an explanation as to why it can have 2 explorer.exe's running, you'd do best talking to the folks in Windows Vista Support.

[PuRpLe_EmO_eMuS]

Well Ried.. you have been amazing!! Thank you so much!!
I thought it was weird and didnt find any answers online but it sounds like im clean so thanks so much for all of your help in this!

[Ried]

You're welcome, Rob.

Take care.