silvercat

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

0 Neutral

About silvercat

  • Rank
    Advanced Member
  1. I'm not sure if I can open it some other way. I think the writing is on the wall and I'm going to have to re-install the os. We have spent 3 days on this and at this point, reinstalling the os seems far less daunting a task. Thank you for your time and help. We really gave it a good try.
  2. The ComboFix ran fine. But now that it has rebooted, I cant open notepad. Whenever I try, it does not open and I get another Avira warning.
  3. Okay I am taking a deep breath. I did NOT type the whole thing in. I only typed in what was in the quotation marks. I wasted more time. I typed it in exactly as you said and now the ComboFix is running. I'll paste the log as soon as it comes up.
  4. Rawe, This evening I will have help to re-install the operating system. I really think this is too far broken. And I am worried too about something getting left behind that is looking for passwords. Not sure if I feel safe to operate as usual on it. Perhaps a clean slate would be best?
  5. I typed that in and a window popped up and said " Windows cannot find C:\Documents"
  6. I first tried the option of creating the script before going into safe mode. I tried to reboot three times and still don't get a desktop. So I tried the second option. I copied it on my good pc, then booted the bad pc into safe mode to transfer the file and I see there is no icon for CFScript or ComboFix in safe mode.
  7. I booted into safe mode but couldn't figure out how to copy and paste into notebook what you posted here. Since I can't browse the internet in safe mode to open this page. And I can't copy it from my other computer where I see it.
  8. I said there are 2 .txt logs in ComboFix. Here is the other one: ComboFix 08-04-13.1 - Ann 2008-04-14 8:55:11.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238 [GMT -4:00] Running from: C:\Documents and Settings\Ann\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ann\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe C:\WINDOWS\system32\Com\heih.exe C:\WINDOWS\SYSTEM32\Com\heii4.exe C:\WINDOWS\SYSTEM32\Com\man24.exe C:\WINDOWS\SYSTEM32\Com\SVCHOST.EXE C:\WINDOWS\SYSTEM32\interne.exe C:\WINDOWS\SYSTEM32\notepde.exe C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\SYSTEM32\rgfjmq.dll C:\WINDOWS\SYSTEM32\ssave.exe C:\WINDOWS\SYSTEM32\sysave.exe C:\WINDOWS\SYSTEM32\ttjj5.ini C:\WINDOWS\TEMP\Pandrv.sys C:\WINDOWS\Temp\rtdrvmon.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\608769MM.DLL C:\WINDOWS\cmdbcs.exe C:\WINDOWS\Fonts\gjcscss.dll C:\WINDOWS\Fonts\gjcuaxw.fon C:\WINDOWS\SHAProc.exe C:\WINDOWS\system32\cedafb.dll C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe C:\WINDOWS\SYSTEM32\Com\man24.exe C:\WINDOWS\system32\com\smss.exe C:\WINDOWS\SYSTEM32\Com\SVCHOST.EXE C:\WINDOWS\system32\gjcscyc.dll C:\WINDOWS\system32\hfjg.dll C:\WINDOWS\SYSTEM32\interne.exe C:\WINDOWS\system32\mseion.sys C:\WINDOWS\system32\msepbe.dll C:\WINDOWS\SYSTEM32\notepde.exe C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\SYSTEM32\rgfjmq.dll C:\WINDOWS\system32\rhs.dll C:\WINDOWS\system32\SHAProc.dat C:\WINDOWS\SYSTEM32\ssave.exe C:\WINDOWS\SYSTEM32\sysave.exe C:\WINDOWS\SYSTEM32\ttjj5.ini C:\WINDOWS\system32\ywg32.dll C:\WINDOWS\system32\ywtlgfl.dll C:\WINDOWS\Temp\rtdrvmon.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PANDRV -------\Legacy_SECCTRL -------\Legacy_ZGHS1234 -------\Service_Pandrv -------\Service_secctrl -------\Service_zghs1234 ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-14 07:52 . 2008-04-14 07:52 15,850 --a------ C:\WINDOWS\SYSTEM32\gjcsczc.exe 2008-04-13 22:51 . 2008-04-12 19:17 <DIR> d-------- C:\SDFix 2008-04-13 22:38 . 2008-04-13 22:38 52,665 ---hs---- C:\WINDOWS\SYSTEM32\baidu.exe 2008-04-13 21:52 . 2008-04-13 21:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-04-13 17:53 . 2008-04-13 17:53 <DIR> d-------- C:\Program Files\Avira 2008-04-13 17:53 . 2008-04-13 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-12 15:08 . 2008-04-12 15:08 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-12 14:48 . 2008-04-12 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-12 14:45 . 2008-04-12 14:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Documents and Settings\Ann\Application Data\Malwarebytes 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-12 01:34 . 2008-04-12 01:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\View22 2008-03-16 19:38 . 2006-05-02 14:37 1,706,800 --a------ C:\WINDOWS\SYSTEM32\gdiplus.dll 2008-03-14 20:43 . 2008-03-14 20:57 <DIR> d-------- C:\Program Files\View22 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 20:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-13 20:58 --------- d-----w C:\Program Files\Symantec 2008-04-13 20:54 --------- d-----w C:\Program Files\Norton AntiVirus 2008-04-13 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-12 18:12 --------- d-----w C:\Program Files\Google 2008-04-12 17:25 --------- d-----w C:\Program Files\Dell AIO Printer A920 2008-03-27 23:30 --------- d-----w C:\Documents and Settings\Ann\Application Data\WeatherBug 2008-03-25 22:32 --------- d-----w C:\Documents and Settings\Ann\Application Data\U3 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-02-15 09:07 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe 2005-01-06 06:55 172 ---ha-w C:\Documents and Settings\Ann\hpothb07.dat 2005-01-06 06:55 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2004-12-10 00:53 0 ---ha-w C:\Documents and Settings\Emily\hpothb07.dat 2004-12-08 22:50 67,160 ----a-w C:\Program Files\Aim.exe 2006-10-19 02:47 81,920 --sh--w C:\WINDOWS\SoundMan.exe . ((((((((((((((((((((((((((((( [email protected]_16.00.30.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-13 19:55:24 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-04-14 13:00:13 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-04-14 02:38:23 53,248 --sh--w C:\WINDOWS\SYSTEM32\Com\CONIME.EXE + 2008-04-14 11:52:29 28,809 ----a-w C:\WINDOWS\SYSTEM32\Com\heii21.exe + 2007-04-16 15:52:53 17,195 ------w C:\WINDOWS\SYSTEM32\crugd.dll + 2007-08-09 17:04:11 40,768 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys + 2007-07-18 18:22:19 21,312 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys + 2007-09-07 16:05:19 62,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys + 2007-03-01 14:34:36 28,352 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys + 2008-04-14 13:00:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_280.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-25 20:08 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 02:05 127035] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2007-02-12 17:40 380928] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38 221184] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 94208 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-02 09:58 185896] "SoundMan"="SoundMan.exe" [2006-10-18 22:47 81920 C:\WINDOWS\SoundMan.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-19 22:14:17 221247] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-25 20:08:58 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 20:07:24 593920] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1)
  9. there are two txt logs in C:ComboFix this one is titled "pend". I imagine that is for 'pending' and is the last one that ComboFix did not complete. I can't figure out how to disconnect this computer from the internet without also disconnect the other one which I'm running my business on, so I can't have it disconnected for more than a few minutes. .:\\(0!|0\) C:\\WINDOWS\\system32\\(0!|0\) C:\\WINDOWS\\system32\\config\\(0!|0\) C:\\WINDOWS\\system32\\csrss.exe\\(0!|0\) C:\\WINDOWS\\system32\\drivers\\(0!|0\) C:\\WINDOWS\\system32\\hal.dll\\(0!|0\) C:\\WINDOWS\\system32\\lsass.exe\\(0!|0\) C:\\WINDOWS\\system32\\ntdll.dll\\(0!|0\) C:\\WINDOWS\\system32\\services.exe\\(0!|0\) C:\\WINDOWS\\system32\\smss.exe\\(0!|0\) C:\\WINDOWS\\system32\\svchost.exe\\(0!|0\) C:\\WINDOWS\\system32\\userinit.exe\\(0!|0\) C:\\WINDOWS\\system32\\wbem\\(0!|0\) C:\\WINDOWS\\system32\\winlogon.exe\\(0!|0\) C:\\boot.ini\\(0!|0\) C:\\ntdetect.com\\(0!|0\) C:\\ntldr\\(0!|0\) C:\\WINDOWS\\(0!|0\) C:\\WINDOWS\\explorer.exe\\(0!|0\) Also, I want to tell you that every mouse click requires 30 seconds to a minute for the computer to respond. It has also frozen a few times and then comes back.
  10. I rebooted twice, the second time the desktop came back. I was greeted with 16 warning windows from Avira. I finally got the ComboFix log but it took forever for each step this poor thing is slow to the point of almost non functional. I had to connect to the internet to copy and paste this log in here. The log FINALLY: Driver:: Pandrv secctrl zghs1234 File:: C:\WINDOWS\SYSTEM32\rgfjmq.dll C:\WINDOWS\SYSTEM32\notepde.exe C:\WINDOWS\SYSTEM32\ssave.exe C:\WINDOWS\SYSTEM32\ttjj5.ini C:\WINDOWS\SYSTEM32\interne.exe C:\WINDOWS\SYSTEM32\sysave.exe C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe C:\WINDOWS\SYSTEM32\Com\heii4.exe C:\WINDOWS\SYSTEM32\Com\man24.exe C:\WINDOWS\SYSTEM32\Com\man24.exe C:\WINDOWS\Temp\rtdrvmon.exe C:\WINDOWS\system32\Com\heih.exe C:\WINDOWS\SYSTEM32\Com\SVCHOST.EXE C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\TEMP\Pandrv.sys Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{a11725a0-8be3-44ae-b51c-7c0aced01f6c}"=- "{3171a1d3-76ea-4dd0-b4ed-fe6da4e445a4}"=- "{c4bf46a2-1c05-427d-992f-4e24f7d57f68}"=- "{396f1715-e494-4aeb-8c0e-7c98486b3fd1}"=- "{29fab913-d0cd-477b-a3f0-3d7c3a90379b}"=- "{79dae25e-7bee-4484-bb1a-f30c45d535d9}"=- "{432a9d34-f494-4382-9c6f-ae1ed5181f1c}"=- "{5136d0e5-bad9-4d8e-9b62-7492bf467388}"=- "{84143967-B645-4BFF-B873-DA1DC886E9A7}"=- "{3FA10261-B890-F432-A453-69F1023513F3}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Loader.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccEvtMgr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSetApp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSetMgr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctfmon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FWMon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsvc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McAgent.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctskshd.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdmgr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLveUpdate.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAqent.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscan.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.EXE.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32"=-
  11. I think it was like that for 45 minutes so I booted and there is no desktop, just screen wallpaper. Guess that means Combofix wasn't finished. What should I do with no desktop?? (I'm starting to think about re-installing the os at this point - what do you think?)
  12. I just now pulled the internet plug. How do I disable Avira 'permanently'? I only clicked on the icon on the task bar and turned it off. It stalled because I clicked on the warnings. The ComboFix window started again, now it says Preparing Log Report and Recovery in progress, but it has been that way for about 15 minutes so I'm not sure if it's stalled again or if it takes that long.
  13. Hi, We all needed some zzz's Okay I did what you said but my combofix seems to have stalled. Probably because the Avira turns itself back on when the Combofix reboots the computer and the Avira gave warning windows. Currently the Combofix says "please wait" for the last 15 minutes. I'm not sure what to do. Yes, I have another computer on to get instructions, etc.
  14. Hi Rawe, I have an updated ComboFix log which I am pasting below. I downloaded the SDFix however when the script box came up and I was to type in "Y" to start it, it wouldn't accept my Y. Oh btw my clock got fixed on that last ComboFix run Those pop ups have started again ComboFix log: ComboFix 08-04-13.1 - Ann 2008-04-13 22:30:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.146 [GMT -4:00] Running from: C:\Documents and Settings\Ann\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ann\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\b3b4f3ed7898127171.bat C:\b3b4f3ed7898138843.bat C:\d2b282ef026d142656.bat C:\d2b282ef026d152890.bat C:\d2b282ef026d156140.bat C:\d2b282ef026d167156.bat C:\d2b282ef026d6514546.bat C:\Por.aed C:\WINDOWS\SYSTEM32\comr3260.dll C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\SYSTEM32\qwehem.dll C:\WINDOWS\SYSTEM32\ttjj2.ini C:\WINDOWS\SYSTEM32\wpsrjy.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\_uninsep.bat C:\b3b4f3ed7898127171.bat C:\b3b4f3ed7898138843.bat C:\d2b282ef026d142656.bat C:\d2b282ef026d152890.bat C:\d2b282ef026d156140.bat C:\d2b282ef026d167156.bat C:\d2b282ef026d6514546.bat C:\Program Files\Internet Explorer\PLUGINS\SysWin7s.Jmp C:\WINDOWS\Fonts\gjcscss.dll C:\WINDOWS\Fonts\gjcuaxw.fon C:\WINDOWS\system32\ayWLVWLV1002.dll C:\WINDOWS\system32\ayWLVWLV1002.exe C:\WINDOWS\system32\ayWTZWTZ1036.dll C:\WINDOWS\system32\ayWTZWTZ1036.exe C:\WINDOWS\system32\drivers\msosmsfpfis64.sys C:\WINDOWS\system32\mseion.sys C:\WINDOWS\system32\msepbe.dll C:\WINDOWS\system32\msosmhfp.dat C:\WINDOWS\system32\SHAProc.dat C:\WINDOWS\system32\sperls.dll C:\WINDOWS\system32\ttBAIBAI1056.dll C:\WINDOWS\system32\ttBAIBAI1056.exe C:\WINDOWS\system32\ttCBDCBD1047.dll C:\WINDOWS\system32\ttCBDCBD1047.exe C:\WINDOWS\system32\ttDABDAB1058.dll C:\WINDOWS\system32\ttDABDAB1058.exe C:\WINDOWS\SYSTEM32\ttjj2.ini C:\WINDOWS\system32\ttKAFKAF1060.exe C:\WINDOWS\system32\ttQACQAC1035.exe C:\WINDOWS\system32\ttVUFVUF1011.dll C:\WINDOWS\system32\ttVUFVUF1011.exe C:\WINDOWS\system32\txSULSUL1033.exe C:\WINDOWS\system32\ywg32.dll C:\WINDOWS\system32\ywtlgfl.dll . ---- Previous Run ------- . C:\_uninsep.bat C:\Program Files\internet explorer\plugins\SysWin7s.Jmp C:\Program Files\internet explorer\plugins\WinSys8v.Sys C:\WINDOWS\mfchlp32.exe C:\WINDOWS\msimms32.exe C:\WINDOWS\system32\ayWLVWLV1002.dll C:\WINDOWS\system32\ayWLVWLV1002.exe C:\WINDOWS\system32\ayWTZWTZ1036.dll C:\WINDOWS\system32\ayWTZWTZ1036.exe C:\WINDOWS\system32\cyoegx.dll C:\WINDOWS\system32\DbgHlp32.dll C:\WINDOWS\system32\dnjhsh.dll C:\WINDOWS\system32\drivers\msosmsfpfis64.sys C:\WINDOWS\system32\drivers\secdrv.sys C:\WINDOWS\system32\etgejw.dll C:\WINDOWS\system32\jqoglu.dll C:\WINDOWS\system32\mfchlp32.dll C:\WINDOWS\system32\msimms32.dll C:\WINDOWS\system32\msoscqit.dat C:\WINDOWS\system32\msoscqit00.dll C:\WINDOWS\system32\msosmhfp.dat C:\WINDOWS\system32\msosmhfp00.dll C:\WINDOWS\system32\msosmhfp01.dll C:\WINDOWS\system32\pvnrzl.dll C:\WINDOWS\system32\qtbknt.dll C:\WINDOWS\system32\ttBAIBAI1056.dll C:\WINDOWS\system32\ttBAIBAI1056.exe C:\WINDOWS\system32\ttCBDCBD1047.dll C:\WINDOWS\system32\ttCBDCBD1047.exe C:\WINDOWS\system32\ttDABDAB1058.dll C:\WINDOWS\system32\ttDABDAB1058.exe C:\WINDOWS\system32\ttKAFKAF1059.dll C:\WINDOWS\system32\ttKAFKAF1059.exe C:\WINDOWS\system32\ttKAFKAF1060.dll C:\WINDOWS\system32\ttKAFKAF1060.exe C:\WINDOWS\system32\ttNNBNNB1047.dll C:\WINDOWS\system32\ttNNBNNB1047.exe C:\WINDOWS\system32\ttQACQAC1035.dll C:\WINDOWS\system32\ttQACQAC1035.exe C:\WINDOWS\system32\ttVUFVUF1011.dll C:\WINDOWS\system32\ttVUFVUF1011.exe C:\WINDOWS\system32\txSULSUL1033.dll C:\WINDOWS\system32\txSULSUL1033.exe C:\WINDOWS\system32\yikzzl.dll C:\WINDOWS\WINSvr32.exE . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MHFP -------\Legacy_MSFPFIS64 -------\Service_cqit -------\Service_mhfp -------\Service_msfpfis64 -------\Legacy_Secdrv -------\Secdrv -------\Legacy_MHFP -------\Legacy_MSFPFIS64 -------\Service_mhfp -------\Service_msfpfis64 ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-13 21:52 . 2008-04-13 21:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2008-04-13 17:53 . 2008-04-13 17:53 <DIR> d-------- C:\Program Files\Avira 2008-04-13 17:53 . 2008-04-13 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-13 16:45 . 2008-04-13 16:45 41,228 --a------ C:\WINDOWS\SYSTEM32\rgfjmq.dll 2008-04-13 16:44 . 2008-04-13 16:44 3,537 ---hs---- C:\WINDOWS\SYSTEM32\notepde.exe 2008-04-13 16:09 . 2008-04-13 16:09 3,721 ---hs---- C:\WINDOWS\SYSTEM32\ssave.exe 2008-04-13 16:06 . 2008-04-13 16:06 3 --a------ C:\WINDOWS\SYSTEM32\ttjj5.ini 2008-04-12 15:08 . 2008-04-12 15:08 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-12 14:48 . 2008-04-12 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-12 14:45 . 2008-04-12 14:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Documents and Settings\Ann\Application Data\Malwarebytes 2008-04-12 11:06 . 2008-04-12 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-12 01:34 . 2008-04-12 01:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec 2008-03-16 19:38 . 2008-03-16 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\View22 2008-03-16 19:38 . 2006-05-02 14:37 1,706,800 --a------ C:\WINDOWS\SYSTEM32\gdiplus.dll 2008-03-14 20:43 . 2008-03-14 20:57 <DIR> d-------- C:\Program Files\View22 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-13 20:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-13 20:58 --------- d-----w C:\Program Files\Symantec 2008-04-13 20:54 --------- d-----w C:\Program Files\Norton AntiVirus 2008-04-13 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-12 18:12 --------- d-----w C:\Program Files\Google 2008-04-12 17:25 --------- d-----w C:\Program Files\Dell AIO Printer A920 2008-03-27 23:30 --------- d-----w C:\Documents and Settings\Ann\Application Data\WeatherBug 2008-03-25 22:32 --------- d-----w C:\Documents and Settings\Ann\Application Data\U3 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll 2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll 2008-02-15 09:07 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe 2005-01-06 06:55 172 ---ha-w C:\Documents and Settings\Ann\hpothb07.dat 2005-01-06 06:55 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2004-12-10 00:53 0 ---ha-w C:\Documents and Settings\Emily\hpothb07.dat 2004-12-08 22:50 67,160 ----a-w C:\Program Files\Aim.exe 2006-10-19 02:47 81,920 --sh--w C:\WINDOWS\SoundMan.exe 2006-12-14 19:29 20,480 --sh--w C:\WINDOWS\SYSTEM32\interne.exe 2006-03-06 01:01 16,384 --sh--w C:\WINDOWS\SYSTEM32\sysave.exe . ((((((((((((((((((((((((((((( [email protected]_16.00.30.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-13 19:55:24 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT + 2008-04-14 02:35:19 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT - 2008-04-12 18:16:00 39,765 ----a-w C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe + 2008-04-13 20:37:24 39,765 ----a-w C:\WINDOWS\SYSTEM32\Com\AtiSrvn.exe + 2008-04-14 01:58:47 17,490 ----a-w C:\WINDOWS\SYSTEM32\Com\heii4.exe - 2008-04-12 18:15:48 4,537 ----a-w C:\WINDOWS\SYSTEM32\Com\man24.exe + 2008-04-13 20:37:14 4,537 ----a-w C:\WINDOWS\SYSTEM32\Com\man24.exe + 2007-08-09 17:04:11 40,768 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys + 2007-07-18 18:22:19 21,312 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys + 2007-09-07 16:05:19 62,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys + 2007-03-01 14:34:36 28,352 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys + 2008-04-14 02:35:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_480.dat + 2008-04-14 02:36:27 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-25 20:08 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 02:05 127035] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2007-02-12 17:40 380928] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38 221184] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 94208 C:\WINDOWS\KHALMNPR.Exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-02 09:58 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-29 19:52 155648] "SoundMan"="SoundMan.exe" [2006-10-18 22:47 81920 C:\WINDOWS\SoundMan.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-06-19 22:14:17 221247] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-25 20:08:58 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-25 20:07:24 593920] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{a11725a0-8be3-44ae-b51c-7c0aced01f6c}"= C:\WINDOWS\system32\ayWTZWTZ1036.dll [ ] "{3171a1d3-76ea-4dd0-b4ed-fe6da4e445a4}"= C:\WINDOWS\system32\ttDABDAB1058.dll [ ] "{c4bf46a2-1c05-427d-992f-4e24f7d57f68}"= C:\WINDOWS\system32\ttNNBNNB1047.dll [ ] "{396f1715-e494-4aeb-8c0e-7c98486b3fd1}"= C:\WINDOWS\system32\ttCBDCBD1047.dll [ ] "{29fab913-d0cd-477b-a3f0-3d7c3a90379b}"= C:\WINDOWS\system32\ttVUFVUF1011.dll [ ] "{79dae25e-7bee-4484-bb1a-f30c45d535d9}"= C:\WINDOWS\system32\ttQACQAC1035.dll [ ] "{432a9d34-f494-4382-9c6f-ae1ed5181f1c}"= C:\WINDOWS\system32\ayWLVWLV1002.dll [ ] "{5136d0e5-bad9-4d8e-9b62-7492bf467388}"= C:\WINDOWS\system32\ttKAFKAF1060.dll [ ] "{84143967-B645-4BFF-B873-DA1DC886E9A7}"= C:\WINDOWS\system32\cedafb.dll [ ] "{3FA10261-B890-F432-A453-69F1023513F3}"= C:\WINDOWS\system32\gjcscyc.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Loader.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccEvtMgr.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSetApp.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSetMgr.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctfmon.exe] Debugger=SoundMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FWMon.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsvc.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\McAgent.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mctskshd.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdmgr.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLveUpdate.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAqent.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rtvscan.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe] Debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.EXE.exe] debugger=svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe] debugger=svchost.exe [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2005-08-02 15:33 159832 C:\Program Files\Common Files\AOL\1126815630\ee\AOLHostManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-02-23 16:45 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp] --a------ 2005-03-31 20:10 290816 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] --a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2004-04-11 22:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-03-29 19:52 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-09 07:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"= "C:\\Program Files\\mirc\\mIRC\\backup\\mirc.exe"= "\\\\KIDS\\C\\Program Files\\AIM95\\aim.exe"= "C:\\Program Files\\aim.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Messenger\\MSMSGS.EXE"= "C:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= "C:\\WINDOWS\\SYSTEM32\\MMC.EXE"= "C:\\Program Files\\Common Files\\AOL\\1126815630\\ee\\AOLServiceHost.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\WINDOWS\\system32"=\\Com\\heih.exe R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R3 s3legacy;s3legacy;C:\WINDOWS\system32\DRIVERS\s3legacy.sys [2001-08-17 14:57] S2 Pandrv;Pandrv;C:\WINDOWS\TEMP\Pandrv.sys [] S2 secctrl;Security Control;c:\windows\system32\rundll32.exe comr3260.dll,scan [] S2 zghs1234;Provisioning Transaction Service;C:\WINDOWS\system32\Com\heih.exe [2008-04-13 22:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece9bdec-322e-11db-946c-00038a000015}] \Shell\AutoRun\command - E:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder "2008-04-14 02:38:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 22:35:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\SYSTEM32\LEXBCES.EXE C:\WINDOWS\SYSTEM32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SYSTEM32\wdfmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\SYSTEM32\Com\SVCHOST.EXE C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\SYSTEM32\qoq.exe C:\WINDOWS\SYSTEM32\IMAPI.EXE . ************************************************************************** . Completion time: 2008-04-13 22:40:10 - machine was rebooted [Ann] ComboFix-quarantined-files.txt 2008-04-14 02:40:02 Pre-Run: 54,088,577,024 bytes free Post-Run: 54,079,459,328 bytes free . 2008-04-12 06:05:20 --- E O F ---