Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

hijacked links problem

This is a discussion on hijacked links problem within the Resolved HJT Threads forums, part of the Tech Support Forum category. running windows xp-sp3 happened yesterday i was not even on the computer and all the sudden the total anti virus


 
 
Thread Tools Search this Thread
Old 08-26-2009, 10:18 PM   #1
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



running windows xp-sp3 happened yesterday i was not even on the computer and all the sudden the total anti virus thing came up and went crazy-- i used malware bytes to remove that but there is still something left becuase now the google/yahoo redirect hijack is going on - i hop ei got all that correct if you need anything else just tell me thanks in advance-



DDS (Ver_09-07-30.01) - NTFSx86
Run by m. groves at 23:24:36.37 on Wed 08/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2298 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\m. groves\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [USIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express my scrapbook 2.0\calcheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SAClient] "c:\program files\insight\bbclient\programs\RegCon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\mea5d~1.gro\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127840841656
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-26 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-26 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]

=============== Created Last 30 ================

2009-08-26 21:56 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-26 21:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-26 21:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-26 21:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 21:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-26 21:49 <DIR> --d----- c:\program files\AVG
2009-08-26 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-26 21:45 <DIR> --d----- C:\AVGTemp
2009-08-26 21:27 <DIR> --d----- c:\program files\Anti-Virus Professional
2009-08-26 21:23 <DIR> --d----- c:\program files\Yahoo!
2009-08-26 21:23 <DIR> --d----- c:\program files\CCleaner
2009-08-26 21:07 <DIR> --d----- c:\docume~1\mea5d~1.gro\applic~1\AVG8
2009-08-26 20:58 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-08-26 20:58 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-08-26 20:58 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-26 20:55 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-08-26 20:55 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-08-26 20:55 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-08-26 20:55 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-08-26 20:55 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-08-26 20:55 8,192 a------- c:\windows\system32\kbdkor.dll
2009-08-26 20:55 6,144 a------- c:\windows\system32\kbd101c.dll
2009-08-26 20:55 5,632 a------- c:\windows\system32\kbd103.dll
2009-08-26 20:55 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-08-26 20:55 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-08-26 20:55 6,144 a------- c:\windows\system32\kbd106.dll
2009-08-26 20:55 6,144 a------- c:\windows\system32\kbd101b.dll
2009-08-26 20:51 <DIR> --d----- c:\program files\SpywareGuard
2009-08-26 20:28 <DIR> --d----- c:\program files\Trend Micro
2009-08-26 20:01 <DIR> a-dshr-- C:\cmdcons
2009-08-26 20:00 229,376 a------- c:\windows\PEV.exe
2009-08-26 20:00 161,792 a------- c:\windows\SWREG.exe
2009-08-26 20:00 98,816 a------- c:\windows\sed.exe
2009-08-26 19:59 <DIR> --ds---- C:\ComboFix
2009-08-26 19:59 389,120 a------- c:\windows\system32\CF32167.exe
2009-08-26 19:57 389,120 a------- c:\windows\system32\CF31745.exe
2009-08-25 22:50 <DIR> --d----- c:\docume~1\mea5d~1.gro\applic~1\Malwarebytes
2009-08-25 22:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 22:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-25 22:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-25 22:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 22:41 <DIR> --d----- c:\program files\WinPcap
2009-08-25 22:40 <DIR> a-d----- c:\windows\system32\images
2009-08-23 23:35 <DIR> --d----- c:\program files\Pod to PC
2009-08-23 23:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Protexis
2009-08-23 23:27 <DIR> --d----- c:\program files\Tansee iPod Transfer
2009-08-23 23:27 80 ---shr-- c:\windows\system32\8231F249FB.dll
2009-08-23 23:15 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-23 23:15 159,232 a------- c:\windows\system32\ptpusd.dll
2009-08-22 18:44 <DIR> --d----- c:\windows\system32\scripting
2009-08-22 18:44 <DIR> --d----- c:\windows\system32\en
2009-08-22 18:44 <DIR> --d----- c:\windows\system32\bits
2009-08-22 18:44 <DIR> --d----- c:\windows\l2schemas
2009-08-22 18:42 <DIR> --d----- c:\windows\network diagnostic
2009-08-22 18:41 <DIR> --d----- c:\windows\EHome
2009-08-22 13:26 <DIR> --d----- c:\program files\Full Tilt Poker
2009-08-19 02:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-18 11:01 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-18 02:01 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-18 02:01 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-18 02:01 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-18 02:01 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-18 02:01 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-18 02:01 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-18 02:01 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-18 02:01 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-18 02:01 <DIR> --d----- C:\fffb1bf5ee05fa9d9894a5320170325e
2009-08-18 02:00 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-17 18:39 <DIR> --d----- c:\program files\common files\HP
2009-08-17 18:39 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-08-17 18:38 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-08-17 18:38 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-08-17 18:37 21,568 a------- c:\windows\system32\drivers\HPZius12.sys
2009-08-17 18:37 16,496 a------- c:\windows\system32\drivers\HPZipr12.sys
2009-08-17 18:37 49,920 a------- c:\windows\system32\drivers\HPZid412.sys
2009-08-17 18:37 271,704 a------- c:\windows\system32\hpzids01.dll
2009-08-17 18:37 970,752 a------- c:\windows\system32\hpotiop6.dll
2009-08-17 18:37 729,088 a------- c:\windows\system32\hpowiax8.dll
2009-08-17 18:37 372,736 a------- c:\windows\system32\hppldcoi.dll
2009-08-17 18:37 309,760 a------- c:\windows\system32\difxapi.dll
2009-08-17 18:37 303,104 a------- c:\windows\system32\hpovst14.dll
2009-08-17 18:37 <DIR> --d----- c:\program files\HP
2009-08-17 18:36 162,782 -------- c:\windows\hpoins29.dat.temp
2009-08-17 18:36 799 -------- c:\windows\hpomdl29.dat.temp
2009-08-17 18:27 <DIR> --d----- c:\program files\PowerPoker
2009-08-17 18:26 163,161 a------- c:\windows\hpoins29.dat
2009-08-17 18:26 799 -------- c:\windows\hpomdl29.dat
2009-08-17 02:08 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-17 02:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-16 22:18 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-08-16 21:01 <DIR> --d----- c:\docume~1\mea5d~1.gro\applic~1\postgresql
2009-08-16 20:45 <DIR> --d----- C:\HMArchive
2009-08-16 20:44 <DIR> --d----- c:\program files\PokerStars
2009-08-16 20:43 <DIR> --d----- c:\program files\RVG Software
2009-08-16 20:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-16 20:23 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-16 20:23 <DIR> --d----- c:\program files\iPod
2009-08-16 20:23 <DIR> --d----- c:\program files\iTunes
2009-08-16 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-16 20:23 <DIR> --d----- c:\program files\Bonjour
2009-08-16 20:22 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-08-16 20:22 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-16 20:18 <DIR> --d----- c:\program files\Absolute Poker
2009-08-16 20:17 <DIR> --d----- c:\program files\_uninstallation_info
2009-08-16 20:06 <DIR> --d----- c:\program files\PostgreSQL
2009-08-16 20:05 <DIR> --d----- c:\program files\PokerTracker 3
2009-08-16 20:04 <DIR> --dsh--- c:\documents and settings\m. groves\IECompatCache
2009-08-16 20:03 <DIR> --dsh--- c:\documents and settings\m. groves\PrivacIE
2009-08-16 20:03 <DIR> --dsh--- c:\documents and settings\m. groves\IETldCache
2009-08-16 20:01 <DIR> --d----- c:\windows\ie8updates
2009-08-16 20:01 <DIR> -cd-h--- c:\windows\ie8
2009-08-16 20:00 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-16 20:00 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-16 20:00 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-16 20:00 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-16 20:00 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-16 20:00 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-16 19:38 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-16 19:38 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-16 19:36 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-16 19:36 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-16 19:36 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-16 19:36 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-16 19:36 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-16 19:36 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-16 19:36 <DIR> --d----- c:\program files\Insight
2009-08-16 19:35 <DIR> --d----- c:\windows\BBBackup
2009-08-16 19:32 <DIR> --dsh--- c:\documents and settings\m. groves\UserData
2009-08-16 19:32 <DIR> --d----- c:\documents and settings\m. groves
2009-08-16 19:32 12,594 a------- c:\windows\system32\wpa.bak
2009-08-16 19:30 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-08-16 19:30 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-08-16 19:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-08-16 19:30 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-08-16 19:26 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-16 19:26 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-08-05 04:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 23:37 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-28 23:37 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll

==================== Find3M ====================

2009-08-22 18:44 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 09:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll

============= FINISH: 23:25:59.39 ===============
Attached Files
File Type: zip ark.zip (3.5 KB, 20 views)
frostymember is offline  
Sponsored Links
Advertisement
 
Old 08-28-2009, 05:26 PM   #2
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
CatByte is offline  
Old 08-30-2009, 06:00 PM   #3
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



ok having trouble with combofix-- i downloaded it- put on desktop- turned off all other programs- when i start it it says it as detected avg real time scanner- i have all the avg stuff turned off but it still says it is open- if i run combofix it works for a minute the screen go blue system reboots and then nothing after its back on- assuming im missing something any idea what i need to do to get combofix to run through and make a log
frostymember is offline  
Sponsored Links
Advertisement
 
Old 08-30-2009, 06:04 PM   #4
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Delete the copy of combofix that you have on your desktop.

Download a fresh copy and rename it to Combo-Fix.exe before saving it.

Make sure you disable AVG this way:

Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on the task bar.
  • Click on Tools.
  • Select Advanced Settings.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."
  • To re-enable AVG 8, please select "Enable Resident Shield" again.
CatByte is offline  
Old 08-30-2009, 06:50 PM   #5
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



did that all shield is deselected and greyed out - still get the -- antivirus: avg anti-virus
real time scanner are still active

no clue what im doing wrong
frostymember is offline  
Old 08-30-2009, 06:54 PM   #6
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Try to uninstall AVG - we can reinstall it later. If it won't uninstall because of the malware, follow the steps to disable it then run Combo-fix
CatByte is offline  
Old 08-30-2009, 07:03 PM   #7
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



ok i got it disabled - i redownloaded the combo fix and renamed it- it ran didnt ever say that it detected any avg so i thought all was good then a screen poped up about deleting and getting a new combo fix and it being a free software ya ya- it started to run for around 1 minute screen went blue comp rebooted and then nothing else- computers are the best thing i have ever hated
frostymember is offline  
Old 08-30-2009, 07:23 PM   #8
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Can you navigate to C:\Combofix folder and see if there was a log produced
CatByte is offline  
Old 08-30-2009, 07:30 PM   #9
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



inside the combo fix folder is another folder named "N_" inside thta folder is about 7 files that are each just named a number like "100972" or "789565" each file is less then 1 kb and that is all it produced
frostymember is offline  
Old 08-30-2009, 07:41 PM   #10
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Can you please post the last log from the malwareBytes program
(open the program - go to the logs tab - choose the last log run)
so I can see the names of the infections removed.

We need to delete the copy of ComboFix again, download a fresh copy, this time - rename it to iexplore.exe and run it.

make sure you allow it plenty of time to run even if it appears to stall and make sure all other programs are closed


If it still will not run,

please run this program:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two text files will open - log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt andinfo.txt in your reply, you won't need to produce a new HijackThis log as RSIT produces one for you.
CatByte is offline  
Old 08-30-2009, 07:45 PM   #11
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



Malwarebytes' Anti-Malware 1.40
Database version: 2697
Windows 5.1.2600 Service Pack 3

8/25/2009 11:09:37 PM
mbam-log-2009-08-25 (23-09-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161764
Time elapsed: 17 minute(s), 35 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 5
Files Infected: 57

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\10076564\10076564.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10076564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\10076564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\All Users\Application Data\10076564\10076564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10076564\10076564.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10076564\pc10076564ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\m. groves\Local Settings\Temp\kbiwkmoqyecrjcip.tmp (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\m. groves\Local Settings\Temporary Internet Files\Content.IE5\QGNER3VG\load[1].php (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMPA4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\412JOPUF\sys[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\logon.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl9E.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdlA0.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdlA2.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
frostymember is offline  
Old 08-30-2009, 07:57 PM   #12
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



ok i tried to rename combo fix again and still didnt work- it went to the screen that says it is scanning and then it goes for a minute then system reboots and nothing happens- here is the rsit logs

info.txt logfile of random's system information tool 1.06 2009-08-30 21:54:24

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
3DMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\Setup.exe" -l0x9
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\setup\hpzscr01.exe -datfile hposcr29.dat -onestop
Insight Broadband QIC Service Activator-->C:\WINDOWS\BBBackup\BB5.0\QICUnInstaller.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Pod to PC 3.03-->"C:\Program Files\Pod to PC\unins000.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerPoker-->C:\Program Files\PowerPoker\uninstall.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Tansee iPod Transfer v3.2-->"C:\Program Files\Tansee iPod Transfer\unins000.exe"
Ulead Data-Add 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 3.5 Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7D89BBE-D4B3-49E8-B185-7966B5345866}\Setup.exe" -l0x9
Ulead Photo Explorer 8.5 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x9
Ulead Photo Express My Scrapbook 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF404C21-47EB-4FA5-B920-91746874ED43}\setup.exe" -l0x9
Ulead PhotoImpact XL SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CADA6C4C-3EF2-43FC-8E5B-E89E3880A399}\setup.exe" -l0x9
Ulead VideoStudio 8.0 SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: AVG Anti-Virus (disabled)

======System event log======

Computer Name: GROVES
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 373
Source Name: W32Time
Time Written: 20090820074942.000000-300
Event Type: warning
User:

Computer Name: GROVES
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 336
Source Name: W32Time
Time Written: 20090818154914.000000-300
Event Type: warning
User:

Computer Name: GROVES
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 262
Source Name: Print
Time Written: 20090818020148.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GROVES
Event Code: 20
Message: Printer Driver HP Photosmart C4400 series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpoc4403.gpd, UNIDRV.HLP, hpoc440a.ini, hpzst5mu.dll, hpz3c5mu.dll, hpzur5mu.dll, hpoc4403.xml, hpzsc5mu.dtd, hpzui5mu.dll, hpz3r5mu.dll, hpzpr5mu.dll, hpcdmc32.dll, hpbcfgre.dll, hpoc4403.exp, hpzsm5mu.gpd, hpz3m5mu.gpd, hpzev5mu.dll, hpzhl5mu.cab, UNIRES.DLL, STDNAMES.GPD, hpfie5mu.dll, hpfig5mu.dll, hpfrs5mu.dll, hpzc35mu.dll, hpfst071.rpo, hpuac5mu.dll.

Record Number: 242
Source Name: Print
Time Written: 20090817183851.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: GROVES
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 230
Source Name: W32Time
Time Written: 20090817154838.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: GROVES
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 42
Source Name: Application Hang
Time Written: 20090816224802.000000-300
Event Type: error
User:

Computer Name: GROVES
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 27
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090816204230.000000-300
Event Type: warning
User:

Computer Name: GROVES
Event Code: 1002
Message: Hanging application notepad.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 22
Source Name: Application Hang
Time Written: 20090816203513.000000-300
Event Type: error
User:

Computer Name: groves
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <https://www.download.windowsupdate.co...throotstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 5
Source Name: crypt32
Time Written: 20090816193643.000000-300
Event Type: error
User:

Computer Name: groves
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <https://www.download.windowsupdate.co...throotstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 4
Source Name: crypt32
Time Written: 20090816193643.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3.5 Suite;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by m. groves at 2009-08-30 21:54:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 96 GB (84%) free of 114 GB
Total RAM: 3071 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:23 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\m. groves\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\m. groves.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\m. groves\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\m. groves\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsu...?1127840841656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7836 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-26 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USIUDF_Eject_Monitor"=C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [2004-05-28 81920]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [2004-06-28 81920]
"Ulead Photo Express Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe [2003-09-19 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-11 86016]
"SAClient"=C:\Program Files\Insight\BBClient\Programs\RegCon.exe [2003-12-01 294912]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-26 2007832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-30 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\m. groves\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-26 11952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-30 21:54:20 ----D---- C:\rsit
2009-08-30 21:48:31 ----SD---- C:\iexplorer
2009-08-30 21:48:29 ----A---- C:\WINDOWS\system32\CF7540.exe
2009-08-30 21:24:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-30 21:24:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-30 21:24:36 ----A---- C:\WINDOWS\system32\java.exe
2009-08-30 21:24:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-30 21:24:20 ----D---- C:\Program Files\Java
2009-08-30 21:23:47 ----D---- C:\Documents and Settings\m. groves\Application Data\Sun
2009-08-30 20:55:31 ----SD---- C:\Combo-Fix
2009-08-30 20:55:28 ----A---- C:\WINDOWS\system32\CF26651.exe
2009-08-30 20:51:00 ----A---- C:\WINDOWS\system32\CF4903.exe
2009-08-30 18:16:59 ----SD---- C:\ComboFix
2009-08-30 18:16:56 ----A---- C:\WINDOWS\system32\CF17612.exe
2009-08-30 17:59:04 ----D---- C:\WINDOWS\pss
2009-08-30 17:45:27 ----A---- C:\WINDOWS\system32\CF3852.exe
2009-08-26 21:56:39 ----HD---- C:\$AVG8.VAULT$
2009-08-26 21:49:32 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-26 21:49:07 ----D---- C:\Program Files\AVG
2009-08-26 21:49:06 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-26 21:45:21 ----D---- C:\AVGTemp
2009-08-26 21:27:11 ----D---- C:\Program Files\Anti-Virus Professional
2009-08-26 21:23:02 ----D---- C:\Program Files\Yahoo!
2009-08-26 21:23:02 ----D---- C:\Documents and Settings\m. groves\Application Data\Yahoo!
2009-08-26 21:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-08-26 21:23:00 ----D---- C:\Program Files\CCleaner
2009-08-26 21:07:58 ----D---- C:\Documents and Settings\m. groves\Application Data\AVG8
2009-08-26 20:58:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-26 20:58:30 ----D---- C:\Program Files\SpywareBlaster
2009-08-26 20:58:30 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-08-26 20:57:28 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-08-26 20:57:27 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-08-26 20:57:27 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-08-26 20:57:27 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-08-26 20:57:19 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-08-26 20:57:13 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-08-26 20:57:13 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-08-26 20:57:13 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-08-26 20:57:02 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-08-26 20:55:53 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-08-26 20:55:53 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-08-26 20:55:53 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-08-26 20:55:53 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-08-26 20:55:50 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-08-26 20:55:50 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-08-26 20:51:32 ----D---- C:\Program Files\SpywareGuard
2009-08-26 20:28:30 ----D---- C:\Program Files\Trend Micro
2009-08-26 20:03:28 ----D---- C:\WINDOWS\Minidump
2009-08-26 20:01:58 ----A---- C:\Boot.bak
2009-08-26 20:01:53 ----RASHD---- C:\cmdcons
2009-08-26 20:00:04 ----A---- C:\WINDOWS\zip.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\SWSC.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\SWREG.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\sed.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\PEV.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-26 20:00:04 ----A---- C:\WINDOWS\grep.exe
2009-08-26 19:59:45 ----D---- C:\WINDOWS\ERDNT
2009-08-26 19:59:41 ----A---- C:\WINDOWS\system32\CF32167.exe
2009-08-26 19:57:34 ----A---- C:\WINDOWS\system32\CF31745.exe
2009-08-26 19:57:17 ----D---- C:\Qoobox
2009-08-26 03:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 22:50:46 ----D---- C:\Documents and Settings\m. groves\Application Data\Malwarebytes
2009-08-25 22:50:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-25 22:50:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-25 22:41:06 ----D---- C:\Program Files\WinPcap
2009-08-25 22:40:35 ----AD---- C:\WINDOWS\system32\images
2009-08-24 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-08-24 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-24 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-08-23 23:35:22 ----D---- C:\Program Files\Pod to PC
2009-08-23 23:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Protexis
2009-08-23 23:27:03 ----RSH---- C:\WINDOWS\system32\8231F249FB.dll
2009-08-23 23:27:03 ----D---- C:\Program Files\Tansee iPod Transfer
2009-08-23 23:15:14 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-08-23 23:15:13 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-08-22 18:49:00 ----D---- C:\WINDOWS\Prefetch
2009-08-22 18:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-22 18:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-22 18:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-22 18:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-22 18:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-22 18:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-22 18:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-22 18:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-22 18:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-22 18:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-22 18:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-22 18:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-22 18:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-22 18:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-22 18:46:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-22 18:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-22 18:46:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-22 18:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-22 18:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-22 18:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-22 18:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-22 18:46:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-22 18:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-22 18:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-22 18:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-22 18:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-22 18:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-22 18:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-22 18:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-22 18:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-22 18:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-22 18:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-22 18:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-22 18:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-22 18:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-22 18:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-22 18:44:08 ----D---- C:\WINDOWS\system32\scripting
2009-08-22 18:44:08 ----D---- C:\WINDOWS\system32\en
2009-08-22 18:44:08 ----D---- C:\WINDOWS\system32\bits
2009-08-22 18:44:08 ----D---- C:\WINDOWS\l2schemas
2009-08-22 18:42:47 ----D---- C:\WINDOWS\network diagnostic
2009-08-22 18:41:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-08-22 18:41:43 ----D---- C:\WINDOWS\EHome
2009-08-22 13:26:39 ----D---- C:\Program Files\Full Tilt Poker
2009-08-19 02:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-08-19 02:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-19 02:00:16 ----D---- C:\Program Files\MSXML 4.0
2009-08-18 02:01:58 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-18 02:01:56 ----D---- C:\Program Files\MSBuild
2009-08-18 02:01:53 ----D---- C:\Program Files\Reference Assemblies
2009-08-18 02:01:41 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-18 02:01:41 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-18 02:01:41 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-18 02:01:40 ----D---- C:\fffb1bf5ee05fa9d9894a5320170325e
2009-08-18 02:00:35 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-18 02:00:32 ----D---- C:\Program Files\MSXML 6.0
2009-08-17 18:45:13 ----D---- C:\Documents and Settings\m. groves\Application Data\Adobe
2009-08-17 18:39:17 ----D---- C:\Program Files\Hewlett-Packard
2009-08-17 18:39:17 ----D---- C:\Program Files\Common Files\HP
2009-08-17 18:39:15 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-08-17 18:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-08-17 18:38:48 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2009-08-17 18:37:43 ----A---- C:\WINDOWS\system32\hpzids01.dll
2009-08-17 18:37:42 ----A---- C:\WINDOWS\system32\hppldcoi.dll
2009-08-17 18:37:42 ----A---- C:\WINDOWS\system32\hpowiax8.dll
2009-08-17 18:37:42 ----A---- C:\WINDOWS\system32\hpovst14.dll
2009-08-17 18:37:42 ----A---- C:\WINDOWS\system32\hpotiop6.dll
2009-08-17 18:37:42 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-08-17 18:37:41 ----D---- C:\Program Files\HP
2009-08-17 18:37:31 ----HD---- C:\Config.Msi
2009-08-17 18:27:59 ----D---- C:\Program Files\PowerPoker
2009-08-17 02:08:30 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-17 02:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-08-17 02:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-08-17 02:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-08-17 02:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-08-17 02:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-08-17 02:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-08-17 02:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-08-17 02:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-08-17 02:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-08-17 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-08-17 02:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-08-17 02:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-08-17 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-08-17 02:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-17 02:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-08-17 02:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-08-17 02:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-08-17 02:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-08-17 02:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-17 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-08-17 02:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-17 02:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-08-17 02:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-08-17 02:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-08-17 02:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-08-17 02:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-08-17 02:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-08-17 02:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-08-17 02:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-08-17 02:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-08-17 02:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-08-17 02:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-08-17 02:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-08-17 02:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-08-17 02:00:55 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-17 02:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-17 02:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-08-17 02:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-08-17 02:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-08-17 02:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-08-17 02:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-08-17 02:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-08-17 02:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-08-17 02:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-08-16 22:36:57 ----D---- C:\Documents and Settings\m. groves\Application Data\Macromedia
2009-08-16 21:01:51 ----D---- C:\Documents and Settings\m. groves\Application Data\postgresql
2009-08-16 20:45:53 ----D---- C:\HMArchive
2009-08-16 20:44:03 ----D---- C:\Program Files\PokerStars
2009-08-16 20:43:47 ----D---- C:\Program Files\RVG Software
2009-08-16 20:42:24 ----RSD---- C:\WINDOWS\assembly
2009-08-16 20:42:11 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-16 20:23:29 ----D---- C:\Documents and Settings\m. groves\Application Data\Apple Computer
2009-08-16 20:23:26 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-16 20:23:19 ----D---- C:\Program Files\iPod
2009-08-16 20:23:18 ----D---- C:\Program Files\iTunes
2009-08-16 20:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-16 20:23:12 ----D---- C:\Program Files\Bonjour
2009-08-16 20:23:01 ----D---- C:\Program Files\QuickTime
2009-08-16 20:23:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-08-16 20:22:54 ----D---- C:\Program Files\Apple Software Update
2009-08-16 20:22:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-16 20:22:52 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-08-16 20:22:46 ----D---- C:\Program Files\Common Files\Apple
2009-08-16 20:22:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-16 20:18:01 ----D---- C:\Program Files\Absolute Poker
2009-08-16 20:17:58 ----D---- C:\Program Files\_uninstallation_info
2009-08-16 2008 ----D---- C:\Program Files\PostgreSQL
2009-08-16 20:05:20 ----D---- C:\Program Files\PokerTracker 3
2009-08-16 20:01:43 ----D---- C:\WINDOWS\ie8updates
2009-08-16 20:01:34 ----D---- C:\WINDOWS\WBEM
2009-08-16 20:01:25 ----HDC---- C:\WINDOWS\ie8
2009-08-16 20:01:25 ----D---- C:\WINDOWS\system32\en-US
2009-08-16 19:36:21 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-08-16 19:36:08 ----D---- C:\Program Files\Insight
2009-08-16 19:35:39 ----D---- C:\WINDOWS\BBBackup
2009-08-16 19:32:54 ----SD---- C:\Documents and Settings\m. groves\Application Data\Microsoft
2009-08-16 19:32:54 ----D---- C:\Documents and Settings\m. groves\Application Data\Ulead Systems
2009-08-16 19:32:54 ----D---- C:\Documents and Settings\m. groves\Application Data\Identities
2009-08-16 19:32:54 ----ASH---- C:\Documents and Settings\m. groves\Application Data\desktop.ini
2009-08-16 19:32:10 ----A---- C:\WINDOWS\system32\wpa.bak
2009-08-16 19:30:56 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-16 19:30:56 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-16 19:30:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2009-08-30 21:51:43 ----D---- C:\WINDOWS\Temp
2009-08-30 21:51:19 ----D---- C:\WINDOWS
2009-08-30 21:50:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-30 21:49:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-30 21:48:35 ----D---- C:\WINDOWS\system32
2009-08-30 21:24:48 ----SHD---- C:\WINDOWS\Installer
2009-08-30 21:24:20 ----RD---- C:\Program Files
2009-08-30 19:56:38 ----RASH---- C:\boot.ini
2009-08-30 19:56:38 ----A---- C:\WINDOWS\win.ini
2009-08-30 19:56:38 ----A---- C:\WINDOWS\system.ini
2009-08-30 17:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-08-30 16:52:39 ----HD---- C:\WINDOWS\inf
2009-08-26 23:01:11 ----D---- C:\WINDOWS\system32\drivers
2009-08-26 21:23:38 ----D---- C:\WINDOWS\Debug
2009-08-26 21:10:53 ----D---- C:\WINDOWS\WinSxS
2009-08-26 21:10:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-26 20:57:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-26 20:57:24 ----RSD---- C:\WINDOWS\Fonts
2009-08-26 20:57:21 ----D---- C:\WINDOWS\Help
2009-08-24 03:00:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-22 18:50:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 18:48:44 ----D---- C:\WINDOWS\system32\wbem
2009-08-22 18:48:44 ----D---- C:\WINDOWS\system32\Setup
2009-08-22 18:48:44 ----D---- C:\WINDOWS\AppPatch
2009-08-22 18:48:04 ----D---- C:\WINDOWS\security
2009-08-22 18:47:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 18:47:13 ----D---- C:\Program Files\Outlook Express
2009-08-22 18:45:30 ----D---- C:\Program Files\Messenger
2009-08-22 18:44:12 ----D---- C:\WINDOWS\ime
2009-08-22 18:44:08 ----D---- C:\WINDOWS\system32\usmt
2009-08-22 18:44:08 ----D---- C:\WINDOWS\PeerNet
2009-08-22 18:44:08 ----D---- C:\Program Files\Movie Maker
2009-08-22 18:44:08 ----D---- C:\Program Files\Internet Explorer
2009-08-22 18:43:23 ----D---- C:\WINDOWS\system32\Restore
2009-08-22 18:43:23 ----D---- C:\WINDOWS\system32\npp
2009-08-22 18:43:23 ----D---- C:\WINDOWS\msagent
2009-08-22 18:43:22 ----D---- C:\WINDOWS\system32\Com
2009-08-22 18:43:22 ----D---- C:\WINDOWS\srchasst
2009-08-22 18:43:22 ----D---- C:\Program Files\NetMeeting
2009-08-22 18:43:21 ----D---- C:\Program Files\Windows NT
2009-08-22 18:43:21 ----D---- C:\Program Files\Windows Media Player
2009-08-22 18:43:20 ----D---- C:\Program Files\Common Files\System
2009-08-22 18:43:14 ----D---- C:\WINDOWS\system32\oobe
2009-08-22 18:43:14 ----D---- C:\WINDOWS\system
2009-08-22 13:26:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-18 02:01:49 ----D---- C:\WINDOWS\system32\spool
2009-08-18 02:01:14 ----D---- C:\WINDOWS\system32\mui
2009-08-17 18:45:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-17 18:42:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-17 18:39:19 ----D---- C:\WINDOWS\twain_32
2009-08-17 18:39:17 ----D---- C:\Program Files\Common Files
2009-08-16 21:37:01 ----SHD---- C:\RECYCLER
2009-08-16 20:42:11 ----D---- C:\WINDOWS\pchealth
2009-08-16 2021 ----D---- C:\Documents and Settings
2009-08-16 20:01:32 ----D---- C:\WINDOWS\Media
2009-08-16 19:32:46 ----SHD---- C:\System Volume Information
2009-08-16 19:32:46 ----D---- C:\WINDOWS\system32\config
2009-08-16 19:31:17 ----D---- C:\WINDOWS\Registration
2009-08-16 19:31:04 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-26 108552]
R1 USIUDF;USIUDF; C:\WINDOWS\System32\Drivers\USIUDF.sys [2004-05-29 292288]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2005-09-15 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2005-01-27 27392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-25 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-25 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-25 21568]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-26 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-26 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-30 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-12 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
frostymember is offline  
Old 08-30-2009, 08:01 PM   #13
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Thanks, give me some time to look this over, I'll be back as soon as possible with further instructions
CatByte is offline  
Old 08-30-2009, 08:25 PM   #14
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

Please do the following:

Please navigate to the following file

C:\Program Files\Anti-Virus Professional

drag this file to your desktop and drop it there (don't delete it)

(make the window smaller so you have access to drop it on your desktop)

when you have done that, reboot your machine and run combo-fix once more.
CatByte is offline  
Old 08-30-2009, 08:40 PM   #15
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



that was a folder-- with one file inside it - should i put the whole folder on the desktop? and should i delete and redownload combo-fix?
frostymember is offline  
Old 08-30-2009, 08:58 PM   #16
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



sorry yes...drag the whole folder to the desktop,

try running the combofix that you have after doing a reboot
CatByte is offline  
Old 08-30-2009, 09:03 PM   #17
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



ok that did the same thing wouldnt run it just rebooted automatically a minute after it hit the "this could take up to 10 minutes and possibly even double on a badly infected machine" that screen
frostymember is offline  
Old 08-30-2009, 09:25 PM   #18
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

reboot the machine and tap into safe mode (F8 - safe mode with networking)

try running Combo-fix in safe mode.

It's late here, we'll have to pick it up tomorrow evening,

Thanks
CatByte is offline  
Old 08-30-2009, 09:43 PM   #19
Guest
 
Join Date: Aug 2009
Posts: 21
OS:



Ok I just booted into safe mode- soon as I picked safe mode it basically rebooted back to the start up sequence (like when you first turn it on) then it goes bak to letting me select what type of startup- no matter what I select it just restarts and does nothing else- any ideas?
frostymember is offline  
Old 08-30-2009, 09:51 PM   #20
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Pardon the interruption, but CatByte is offline. Have you tried selecting Last known good configuration?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:37 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts