The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FIX download

Posted 7/4/2009 7:28 PM
#74903
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
I downloaded the FIX folder and ran CCleaner. It seems to have worked. MalwarebytesAM flashes the black window you get when you do cmd and then nothing. Combofix gets me the VISTA user account control window. When I click "allow" nothing happens. Same with Hijcack this. Any thoughts?
Posted 7/5/2009 3:04 AM
#74915
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello ibgolfn




Please download Combofix:

Here
Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.


Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply



NB. It is possible you´ll have to run combofix from safe mode

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/6/2009 12:50 AM
#74922
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
Touch,

Thanks. I got through all that, however, I am unable to find the log you asked for. I have looked on the c drive and desktop and ran search for combofix.txt, but it does not show up. It did find combofix2 and combofix-quarantined-files by the hundreds all with the same date and time of 4/1/2009 20:59. Suggestions?

Scot
Posted 7/6/2009 4:59 AM
#74924
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. We´ll try this scanner ->




[3]Please download DDS: [/3]https://download.bleepingcomputer.com/sUBs/dds.scr

to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/6/2009 5:21 PM
#74932
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
DDS (Ver_09-06-26.01) - NTFSx86
Run by Scot Stobbe at 11:15:10.26 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.846 [GMT -6:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\System32\svchost.exe -k BullGuard
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mlauncher.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Scot Stobbe\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [A00F523960.exe] c:\users\scotst~1\appdata\local\temp\_A00F523960.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [GoToMeeting] c:\program files\citrix\gotomeeting\366\g2mstart.exe "/Trigger RunAtLogon"
uRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~3.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\BGLsp.dll
Trusted Zone: localhost
DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230400500218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Posted 7/6/2009 5:22 PM
#74933
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-29 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-29 130936]
R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\afw.sys [2009-3-23 29208]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-29 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-29 108552]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-7-3 55504]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-3-23 305688]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2006-11-2 242176]

=============== Created Last 30 ================

2009-07-05 17:48 --ds---- C:\321
2009-07-05 17:48 318,976 a------- c:\windows\system32\CF26591.exe
2009-07-05 17:40 318,976 a------- c:\windows\system32\CF25056.exe
2009-07-05 17:33 318,976 a------- c:\windows\system32\CF22156.exe
2009-07-05 16:46 155,136 a------- c:\windows\PEV.exe
2009-07-05 16:46 318,976 a------- c:\windows\system32\CF13444.exe
2009-07-03 17:38 --d----- c:\programdata\BullGuard
2009-07-03 17:38 --d----- c:\progra~2\BullGuard
2009-07-03 17:38 --d----- c:\users\scotst~1\appdata\roaming\BullGuard
2009-07-03 17:37 55,504 a------- c:\windows\system32\drivers\BdFileSpy.sys
2009-07-03 17:37 --d----- c:\program files\BullGuard Ltd
2009-07-03 17:18 --d----- c:\program files\CCleaner
2009-07-02 15:19 --d----- c:\programdata\AVG Security Toolbar
2009-07-02 15:19 --d----- c:\progra~2\AVG Security Toolbar
2009-07-02 01:12 702,297 a------- c:\windows\unins000.exe
2009-07-02 01:12 30,325 a------- c:\windows\unins000.dat
2009-06-30 14:20 --d----- c:\program files\Belarc
2009-06-29 10:19 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-29 10:19 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-06-29 10:19 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-29 10:19 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 10:19 --d----- c:\windows\system32\drivers\Avg
2009-06-29 10:19 --d----- c:\program files\AVG
2009-06-29 10:17 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 10:17 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 10:17 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 10:10 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-29 10:10 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-29 10:10 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-29 10:10 --d----- c:\program files\common files\PC Tools
2009-06-29 10:10 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-29 10:10 --d----- c:\users\scotst~1\appdata\roaming\PC Tools
2009-06-29 10:10 --d----- c:\programdata\PC Tools
2009-06-29 10:10 --d----- c:\program files\Spyware Doctor
2009-06-29 10:10 --d----- c:\progra~2\PC Tools
2009-06-27 19:56 --d----- c:\program files\PHP
2009-06-27 15:39 --d----- c:\programdata\MySQL
2009-06-27 15:39 --d----- c:\program files\MySQL
2009-06-27 15:39 --d----- c:\progra~2\MySQL
2009-06-26 17:19 --d----- c:\programdata\Malwarebytes
2009-06-26 17:19 --d----- c:\progra~2\Malwarebytes
2009-06-23 19:34 26,496 a------- c:\windows\system32\drivers\RimSerial.sys
2009-06-23 16:18 --d----- c:\users\scotst~1\appdata\roaming\Dimdim
2009-06-23 16:18 --d----- c:\program files\Dimdim
2009-06-23 16:18 100,232 a------- c:\users\scot stobbe\DimdimSetup.exe
2009-06-18 14:53 54,272 a------- c:\windows\system32\MSIVXswkspmkcxrxpxtxiyuqpbxhawrbqjjor.dll
2009-06-18 14:53 25,600 a------- c:\windows\system32\MSIVXbsvcrwuulrtcfptgitrlxssoeatsjqye.dll
2009-06-18 14:53 4 a------- c:\windows\system32\MSIVXcount
2009-06-18 14:52 77,824 a------- c:\windows\system32\drivers\MSIVXcpxpwtrnofmbprbtdbseckkpeqevcuib.sys
2009-06-16 03:14 --d----- c:\programdata\WindowsSearch
2009-06-14 21:33 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-14 21:27 --d----- c:\programdata\Tarma Installer
2009-06-14 21:27 --d----- c:\program files\Yontoo Layers Client for Internet Explorer
2009-06-14 21:27 --d----- c:\progra~2\Tarma Installer
2009-06-14 13:02 --d----- C:\PerfLogs
2009-06-13 13:19 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-13 13:19 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-13 13:19 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-13 13:19 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-13 13:19 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 11:44 --d----- c:\users\scot stobbe\CancerAnswer
2009-06-11 08:59 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-09 16:25 5,988,404 a------- c:\users\scot stobbe\LSIAB_System.zip
2009-06-09 16:18 --d----- c:\users\scot stobbe\LSIAB_System

==================== Find3M ====================

2009-07-03 17:38 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-03 17:38 86,016 a------- c:\windows\inf\infstor.dat
2009-07-03 17:38 51,200 a------- c:\windows\inf\infpub.dat
2009-06-14 13:13 174 a--sh--- c:\program files\desktop.ini
2009-06-14 13:02 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-14 09:26 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-14 09:26 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-28 16:55 1,864,091 a------- c:\users\scot stobbe\z26286en.exe
2009-05-08 23:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 23:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 11:49 60,744 a------- c:\users\scot stobbe\g2mdlhlpx.exe
2009-04-28 04:51 87,376 a------- c:\windows\system32\BGLsp.dll
2009-04-23 06:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 06:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-22 12:55 29,480 a------- c:\windows\system32\msxml3a.dll
2009-04-13 14:16 1,548 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-04-13 03:05 269,312 a------- c:\windows\system32\es.dll
2009-04-13 03:03 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-13 03:03 988,216 a------- c:\windows\system32\winload.exe
2009-04-13 03:03 927,288 a------- c:\windows\system32\winresume.exe
2009-04-13 03:03 318,464 a------- c:\windows\system32\rstrui.exe
2009-04-13 03:03 40,960 a------- c:\windows\system32\srclient.dll
2009-04-13 03:03 378,368 a------- c:\windows\system32\srcore.dll
2009-04-13 03:03 19,000 a------- c:\windows\system32\kd1394.dll
2009-04-13 03:03 14,848 a------- c:\windows\system32\srdelayed.exe
2009-04-13 03:03 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-04-13 03:03 615,992 a------- c:\windows\system32\ci.dll
2009-04-12 03:46 61,440 a------- c:\windows\system32\winipsec.dll
2009-04-12 03:46 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-04-12 03:46 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-12 03:46 272,896 a------- c:\windows\system32\polstore.dll
2009-04-12 03:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-04-12 03:44 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-04-12 03:44 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-04-12 03:35 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-12 03:32 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-04-12 03:31 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-04-12 03:31 2,048 a------- c:\windows\system32\msxml3r.dll
2009-04-12 03:26 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-12 03:26 7,680 a------- c:\windows\system32\spwmp.dll
2009-04-12 03:26 4,096 a------- c:\windows\system32\dxmasf.dll
2009-04-12 03:22 2,927,104 a------- c:\windows\explorer.exe
2009-04-12 03:13 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-04-12 03:13 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-12 03:13 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-04-12 03:10 443,392 a------- c:\windows\system32\win32spl.dll
2009-04-12 03:10 37,888 a------- c:\windows\system32\printcom.dll
2009-04-12 03:08 14,848 a------- c:\windows\system32\wshrm.dll
2009-04-12 03:07 268,288 a------- c:\windows\system32\schannel.dll
2009-04-12 03:07 2,868,736 a------- c:\windows\system32\mf.dll
2009-04-12 03:07 98,816 a------- c:\windows\system32\mfps.dll
2009-04-12 03:07 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-04-12 03:07 24,576 a------- c:\windows\system32\mfpmp.exe
2009-04-12 03:07 2,048 a------- c:\windows\system32\mferror.dll
2009-04-12 03:07 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-04-12 03:07 94,720 a------- c:\windows\system32\logagent.exe
2009-04-12 03:06 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-12 03:06 84,480 a------- c:\windows\system32\INETRES.dll
2009-04-12 03:05 1,645,568 a------- c:\windows\system32\connect.dll
2009-04-12 03:05 1,314,816 a------- c:\windows\system32\quartz.dll
2009-04-12 03:02 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-12 03:02 2,048 a------- c:\windows\system32\msxml6r.dll
2009-04-10 20:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-04-10 20:44 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-04-10 20:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-04-10 20:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-04-10 20:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-04-10 20:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-04-10 20:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-10 20:44 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-04-10 20:44 1,695,744 a------- c:\windows\system32\gameux.dll
2009-04-10 20:43 2,048 a------- c:\windows\system32\tzres.dll
2009-04-10 20:29 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-10 20:27 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-10 20:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-10 20:27 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-10 20:13 22,668 a------- c:\windows\system32\emptyregdb.dat
2009-04-08 22:36 282,110 a------- c:\program files\Windows.Vista.Activator.X64.-degenking.rar
2009-03-31 14:54 51,622,242 a------- c:\program files\ACEMCP603PRO.exe
2006-11-02 06:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
1999-05-07 05:22 8,944 a------- c:\windows\inf\USBSCAN.SYS

============= FINISH: 11:18:12.90 ===============
Posted 7/6/2009 5:22 PM
#74934
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control & Encoder
AVG 8.0
Belarc Advisor 8.1
bitcontrol® MPEG Video Decoder v3.0
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8110 smartphone
Broadcom 802.11 Wireless LAN Adapter
BullGuard 8.7
Camtasia Studio 6
CCleaner (remove only)
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Connect
CyberLink PowerDVD 8
CyberView X - SF v1.15
eFax Messenger
EPSON Scan
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.1.0.366
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Quick Launch Buttons 6.30 J1
ImagXpress
InstallMgr
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
kuler
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MoneyTrax Inc. Circle of Wealth® System
Move Media Player
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
MySQL Server 5.1
neroxml
PDF Settings CS4
Photoshop Camera Raw
PHP 5.2.10
Pixel Bender Toolkit
QuickTime
Registry Mechanic 8.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
Screencaster Plug-in for IE
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sonic Activation Module
Spyware Doctor 6.0
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VideoLAN VLC media player 0.8.6c
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Sound Schemes
WinRAR archiver
Yontoo Layers Client for Internet Explorer 1.03.02

==== Event Viewer Messages From Past Week ========

7/5/2009 17:49:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
7/5/2009 17:49:24, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/5/2009 17:24:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD afw AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6 ws2ifsl
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2009 17:24:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/5/2009 17:24:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/5/2009 17:24:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/5/2009 17:23:48, Error: EventLog [6008] - The previous system shutdown at 5:17:42 PM on 7/5/2009 was unexpected.
7/5/2009 10:42:20, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.85 for the Network Card with network address 00C09FB9516C has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
7/5/2009 10:33:18, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 00C09FB9516C has been denied by the DHCP server 192.168.0.3 (The DHCP Server sent a DHCPNACK message).
7/3/2009 17:44:56, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service has not been started.
7/3/2009 17:10:16, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.209 for the Network Card with network address 00C09FB9516C has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 22:12:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.
7/2/2009 13:33:07, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 11:15:11, Error: EventLog [6008] - The previous system shutdown at 11:10:09 AM on 7/2/2009 was unexpected.
7/2/2009 00:13:45, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/1/2009 21:30:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.199 for the Network Card with network address 00C09FB9516C has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
7/1/2009 21:30:31, Error: EventLog [6008] - The previous system shutdown at 9:26:44 PM on 7/1/2009 was unexpected.
7/1/2009 18:05:09, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00904BF4EF5D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/30/2009 18:12:14, Error: EventLog [6008] - The previous system shutdown at 6:10:03 PM on 6/30/2009 was unexpected.
6/30/2009 17:42:39, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.188 for the Network Card with network address 00C09FB9516C has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
6/30/2009 15:01:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.107 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 192.168.5.10 (The DHCP Server sent a DHCPNACK message).
6/30/2009 12:11:46, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.97 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/30/2009 12:06:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 192.168.5.10 (The DHCP Server sent a DHCPNACK message).
6/29/2009 13:43:05, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/29/2009 13:35:14, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.7 for the Network Card with network address 00904BF4EF5D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/29/2009 11:10:05, Error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 10:33:09, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
6/29/2009 10:28:54, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2009 10:26:33, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2009 10:25:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
6/29/2009 10:24:21, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable.
6/29/2009 10:24:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
6/29/2009 10:24:21, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable.
6/29/2009 10:19:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/29/2009 10:05:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/29/2009 09:46:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr sptd Wanarpv6
6/29/2009 09:46:13, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2009 09:45:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/29/2009 09:45:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2009 09:45:10, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
6/29/2009 09:45:10, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
6/29/2009 09:45:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/29/2009 09:45:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/29/2009 09:44:21, Error: Application Popup [876] - Driver DLACDBHM.SYS has been blocked from loading.
6/29/2009 09:44:16, Error: sptd [4] - Driver detected an internal error in its data structures for .

==== End Of File ===========================
Posted 7/7/2009 5:16 AM
#74939
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
It looks like you have two active virus programs running.

"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection[3].
[/3]Not more."

Remove/uninstall from " Programs and Features " in controlpanel:

AVG8 or Bullguard





Please download https://swandog46.geekstogo.com/avenger2/download.php

by Swandog46 to your Desktop.

Click on Avenger.zip to open the file

Extract avenger2.exe to your desktop





Start Avenger






[code]
Files to delete:
c:\windows\system32\MSIVXswkspmkcxrxpxtxiyuqpbxhawrbqjjor.dll
c:\windows\system32\MSIVXbsvcrwuulrtcfptgitrlxssoeatsjqye.dll

c:\windows\system32\MSIVXcount
c:\windows\system32\drivers\MSIVXcpxpwtrnofmbprbtdbseckkpeqevcuib.sys
[/code]
Copy/Paste all the text in the above codebox box into the main window

Click Execute



The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)



On reboot, it will briefly open a black command window on your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avenger’s actions.



This log file will be located at C:\avenger.txt



Post C:\avenger.txt in next reply



If you can run combofix, please do, and pst that log as well.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/7/2009 8:08 PM
#74947
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
Touch,

Thanks so much for all your help and hanging in there with me to beat this thing.

I uninstalled bullguard for now. I was using a trial version because AVG did not seem to do its job.

I attempted to run combofix. It seems not to have worked. It also said AVG was an active scanner even though I closed it. Do I need to do something else to make it so it won't scan?

Here is the Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
https://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\MSIVXswkspmkcxrxpxtxiyuqpbxhawrbqjjor.dll" not found!
Deletion of file "c:\windows\system32\MSIVXswkspmkcxrxpxtxiyuqpbxhawrbqjjor.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\MSIVXbsvcrwuulrtcfptgitrlxssoeatsjqye.dll" not found!
Deletion of file "c:\windows\system32\MSIVXbsvcrwuulrtcfptgitrlxssoeatsjqye.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\MSIVXcount" deleted successfully.

Error: file "c:\windows\system32\drivers\MSIVXcpxpwtrnofmbprbtdbseckkpeqevcuib.sys" not found!
Deletion of file "c:\windows\system32\drivers\MSIVXcpxpwtrnofmbprbtdbseckkpeqevcuib.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.
Posted 7/8/2009 8:42 AM
#74959
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
No, we´ll try a "dig deeper" scanner ->




Click here: https://www.gmer.net/

and download the installer for Gmer to your desktop, then click that file to run Gmer.

(scroll down, and click on – Download Exe – Button)


If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/9/2009 6:34 AM
#74997
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
Touch,

I wasn't sure if this was what you meant. After the initial scan the tab said "rootkit/malware". I didn't want to take any chances so I stopped there. If this is not what you meant, let me know and I will go ahead with the scan.

Also, I do not recognize any of the symptoms I was having before. Is it possible you already got them all?

Thanks again for your help.

GMER 1.0.15.14972 - https://www.gmer.net
Rootkit scan 2009-07-09 00:31:13
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Posted 7/9/2009 11:13 AM
#75002
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks like it. However I´ll suggest you run a cleanup scan ->



Please download Malwarebytes' Anti-Malware:

https://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Click here: https://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

to download HJTinstall.exe

Save HJTinstall.exe to your desktop.

Double click on the HJTinstall.exe icon on your desktop.

By default it will install to C:\Program Files\Trend Micro\Hijack This.

Click I accept

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click Save to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

DO NOT have Hijack This fix anything yet.

Most of what it finds will be harmless or even required.



Post hijackthis log along with Malwarebytes' Anti-Malware log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/10/2009 7:26 PM
#75054
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
Malware bytes took over 6 hours to scan... Here are the logs for it and HiJack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21, on 7/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\366\g2mlauncher.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Movie Maker\MOVIEMK.exe
C:\Users\Scot Stobbe\Desktop\FIX\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [A00F523960.exe] C:\Users\SCOTST~1\AppData\Local\Temp\_A00F523960.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe "/Trigger RunAtLogon"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (11.5)) - https://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - https://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - https://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230400500218
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - https://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b802b7828740) (gupdate1c9b802b7828740) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 14017 bytes

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/9/2009 18:28:45
mbam-log-2009-07-09 (18-28-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 296712
Time elapsed: 6 hour(s), 34 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Posted 7/11/2009 5:37 AM
#75068
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks clean to me. How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/11/2009 5:58 PM
#75083
User avatar

ibgolfn Member

Date Joined Nov 2016
Total Posts: 9
It is running very well. I am getting no symptoms. Thank you so much. I wish I could do something to show my appreciation. Scot
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, July 2, 2022, 12:38 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
49 Guest(s), 0 Registered Member(s) are currently online.