HelenGrace

Members
  • Content Count

    46
  • Joined

  • Last visited

Community Reputation

0 Neutral

About HelenGrace

  • Rank
    Advanced Member
  1. [quote name='CeciliaB' post='126474' date='May 1 2011, 10:21 AM']Hi HelenGrace, Are you using another antivirus program than Ad-Aware?[/quote] No only Ad Aware is the only on-access av. I use Outpost free firewall (the old 6.5 version w/ no av) and some on demand scanners MBAM and avz4.
  2. Good day, Recently I have noticed all Ad-Watch Live modules are off and when I turn them on or check them, when I open Ad-Aware again they go off again. The tray icon also does not show up anymore unless I manually start it. I look into task manager and AAWService.exe is there, although it does not seem to be using any amount of CPU - meaning zero. It used to be that it used up a lot, just before this situation where Ad-Watch does not go on anymore. Even before this the tray icon was'nt already showing up but I did not mind it as Ad-Watch Live modules were on and AAWService can be found in tsk mgr. Now, the Ad-Watch Lilve modules stay off, and WILL NOT turn on. My question is, is my computer still protected as long as AAWService can be found in tsk mgr or not? and what do I need to do to fix this. System: Intel Celeron 1.6 Ghz, 1 Gig RAM, XP SP3
  3. QUOTE 3 systems used w/ AA range from 1 - 1.6 Ghz cpu, 512 - 1 gig ram, all old XP SP3.That must be hard to run any modern antivirus program with only 512 MB RAM memory. These are within the AA system requirements: 733 Mhz CPU and 200 MB RAM. Even in 2 of the systems w/ 1 gig ram and 1.6 ghz CPU, the lingering probs are present. In one the tray icon has totally stopped appearing the past few days but aawservice is running in task mgr. Smthng definitely changed in the recent updates cz before I cud update within a limited acct in windows xp, now I can only update in an admin acct. Just waiting for the expiry then i'll decide to continue w/ AA or not.
  4. @ Voltron, Ive been using AA 9.x for about a year and I have to tell u the probs with updating (especially auto updating) and the tray icon timing out (or something) are still there. Maybe its a design flaw. I guess u already kno that u should use AA 9.x by itself and no other av or asw. 3 systems used w/ AA range from 1 - 1.6 Ghz cpu, 512 - 1 gig ram, all old XP SP3. If ur a real AA fanatic this cud be good enuf, but im one of many who would rather not be bothered by these things (thinking twice already jst no time though). For me AA grade for protection 8/10 for ease of use/stability 6/10. I want smthing at least 8/10 in both, although you cud do worse, much worse with some other products. And to further add, if u decide to use AA, 9.x is "much" better than 8.x IMO just use MBAM free with it cz it saved me frm sm that got thru AA.
  5. Hello, I've been using AA for several months in 3 computers, I have always updated manually, but recently I decided to set update to auto, I noticed that sometimes the AAWService does not turn on at startup even though it is set to automatically run in services. Sometimes it runs, soemtimes it doesnt, but its suppose to run no question, why doesn't it do so all the time? is this a bug? AA is now version 9. Hopefully somebody will confirm this cz its a BIG negative for AA.
  6. Good day A-A users, I just want to ask why the update process now takes kind of too long especially when the 'extended updates' are being installed and also why does the tray icon have to take so long to appear, sometimes it times out and does not appear anymore and for me it is very important since I update manually. Of course I could manually update another way but that is the fastest way and to me the tray icon not appearing should be a bug or something that needs to be adjusted. Thanks to A-A, its been good but I want it to be GREAT.
  7. Hello visitor, I have uninstalled and reinstalled sandboxie to the latest version 3.48 in the end since A-A Pro and sandboxie combined seem to cause the freezing everytime I close a sandboxed ie8, I just decided to remove sandboxie altogether and install google chrome, which already has a built-in sandbox. There is something about licensing in the 3.48 version of sandboxie which I dont quite understand and i just did not bother to understand it much since i stopped using it anyway. One thing I do like about A-A is that during update the computer is VERY USABLE. No feedback at all if indeed Sandboxie and A-A Pro combined result in the same freezing that I get everytime I close a sandboxed ie8 or was this just unique to my particular laptop? Thanks again for the help.
  8. Hello visitor, It's been some time but has the issue with sandboxie been fixed? visitor since u also use sandboxie, although different A-A version, I want to ask if recently you have had trouble using it cz in my case it has become unusable. Every time I open a sandboxed browser (ie8) I get an error but if I open ie8 without sandboxie its works fine. I don't know if this is somehow related to my prob(the temporary freeze when I close a sandboxed ie8) which I thought was somehow due to A-A. Also, I noticed during A-A updating the AAWService.exe stops running in Task Mgr, does this mean temporarily not being protected by A-A while it is updating?
  9. Hello again visitor and to everyone else, Its OK now, I did a clean install of the latest installer, also used Revo and AFC to help clean up. I had to repeat 3 times for it to finally go right, the install hung up the first 2 times and you really have to be patient cz it would seem to stall. Now I have 1 final question: in the free version is there a 'true' real-time scanner? or is it something like spybot s&d w/ teatimer disabled?(kind of on-access only) and if this is so is it on par with AVG Free, Avira Personnal or Avast Home as a stand-alone av? The kind of setup I like is to have 1 combined av/as/ar - real time, 1 firewall and a couple of on demand scanners(I already have MBAM and Hitman Pro), is A-A Free on par?
  10. Hello visitor, another pc, another prob w/ A-A. Okey since AAWTray.exe is being invoked by AAWService.exe what can be done in case AAWServices.exe fails to startup AAWTray.exe as is happening in this particular case? I have checked to show notification area icon. AAWTray.exe is responsible for showing the msg pop-ups and wher u can shut down A-A if needed, so its VERY important. I have reinstalled multiple times already. I had first installed the PRO trial version and it was ok then but I decided to try the FREE and thats when the tray icon did not show automatically anymore. This is a XP SP3 only A-A as realtime av have Hitman Pro and MBAM on demand. Now I reinstalled the PRO trial and AAWTray.exe does'nt come up anywhere, Processwatch, startup - NONE. I can make it run at startup thru registry but then after A-A updates and restarts the AAWTray.exe is not started again. Let me add that I used Revo at the highest setting to uninstall.
  11. Hello, I just installed A-A Free on one of our desktops and just noticed that when A-A starts the tray icon does not appear. It is checked to 'show notification area icon' and A-A is set to Advanced and manual update. Is it normal in Free version that only Ad-Watch Processes is on and the rest of Ad-Watch is off? How does A-A normally make AAWTray.exe start soon after AAWService.exe starts as it would normally? maybe its just something that could be fixed thru the registry. I dont want to go thru the process of uninstalling then reinstalling cause it seems to take a long time with A-A Free. There are no other on acces av installed on this desktop.
  12. [quote name='Rorschach112' post='121647' date='Aug 10 2010, 04:23 PM']post the logs[/quote] Here are the OTM and MBAM logs and also A-A Pro log, but I have to ask you if it is 'absolutely necessary to scan with the Kaspersky Online Scanner? I did not have time for it last nyt coz just the update would have gone more than 2 hrs. Is it absolutely necessary? or can we substitute some other faster way coz it is not very easy to get hold of the laptop and even more for a long period of time. All processes killed ====== PROCESSES ========== ========== SERVICES/DRIVERS ========== Service Seistpcw stopped successfully! Service Seistpcw deleted successfully! ========== REGISTRY ========== ========== FILES ========== [color="#A23BEC"]< ipconfig /flushdns /c >[/color] Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\i\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\i\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 5159635 bytes ->Flash cache emptied: 194162 bytes User: i ->Temp folder emptied: 299866 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 33286013 bytes ->Flash cache emptied: 556 bytes User: Junandrada ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 1016 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: opong %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19793 bytes %systemroot%\System32 .tmp files removed: 239121 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 920 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 38.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.15.0 log created on 08102010_194251 Files moved on Reboot... C:\Documents and Settings\i\Local Settings\Temp\~DF6103.tmp moved successfully. File C:\WINDOWS\temp\ZLT00b4f.TMP not found! Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4412 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/10/2010 8:45:18 PM mbam-log-2010-08-10 (20-45-18).txt Scan type: Quick scan Objects scanned: 168339 Time elapsed: 13 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile created: 8/10/2010 21:12:31 Ad-Aware version: 8.3.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: i *********************** Definitions database information *********************** Lavasoft definition file: 150.45 Genotype definition file version: 2010/08/10 07:47:53 Extended engine definition file: 6711.0 ******************************** Scan results: ********************************* Scan profile name: Smart Scan (ID: smart) Objects scanned: 17568 Objects detected: 0 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Scan and cleaning complete: Finished correctly after 586 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Smart Scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: strict, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Thu May 27 21:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Thu May 27 03:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Thu May 27 09:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Thu May 27 15:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Thu May 27 21:14:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: Carbon.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: ADORHO Processor name: AMD Turion(tm) 64 Mobile Technology ML-28 Processor identifier: x86 Family 15 Model 36 Stepping 2 Processor speed: ~1595MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 9218, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow] Physical memory available: 1183842304 bytes Physical memory total: 2011676672 bytes Virtual memory available: 1903812608 bytes Virtual memory total: 2147352576 bytes Memory load: 41% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 832 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 888 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 928 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 972 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 984 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1128 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1144 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1260 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1312 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1360 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1408 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1488 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1568 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1612 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 484 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 536 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 612 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 668 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 696 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 812 name: C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe owner: SYSTEM domain: NT AUTHORITY PID: 1712 name: C:\WINDOWS\Explorer.EXE owner: i domain: ADORHO PID: 216 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 260 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1372 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1984 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 2004 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2052 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: i domain: ADORHO PID: 2064 name: C:\Program Files\Panda USB Vaccine\USBVaccine.exe owner: i domain: ADORHO PID: 3568 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3648 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 2932 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: i domain: ADORHO PID: 3260 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: i domain: ADORHO Startup items: Name: ZoneAlarm Client imagepath: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: BthServ displayname: Bluetooth Support Service Name: btwdins displayname: Bluetooth Service Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HTTPFilter displayname: HTTP SSL Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: vsmon displayname: TrueVector Internet Monitor Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WudfSvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: WZCSVC displayname: Wireless Zero Configuration
  13. Hello to you Rorschach112, Thanks for the help and hope it's already clean. Here's the ComboFix log: ComboFix 10-08-02.01 - i 08/03/2010 11:13:30.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1397 [GMT 8:00] Running from: c:\documents and settings\i\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\install provider c:\program files\rose.jpg c:\windows\Fonts\wav.wav c:\windows\system32\ADMon.dll c:\windows\system32\CBUTTON.OCX c:\windows\system32\setting.ini c:\windows\system32\sfcos.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AIC32P -------\Service_aic32p -------\Service_nvmini -------\Legacy_ADMon -------\Service_ADMon ((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 ))))))))))))))))))))))))))))))) . 2010-07-21 17:04 . 2010-07-21 17:04 -------- d-----w- c:\documents and settings\i\Application Data\Template 2010-07-21 15:21 . 2010-07-21 15:41 -------- d-----w- c:\program files\Bing Bar Installer 2010-07-21 13:01 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2010-07-21 13:00 . 2001-08-17 14:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2010-07-21 13:00 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2010-07-21 13:00 . 2001-08-17 14:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2010-07-21 13:00 . 2001-08-17 14:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2010-07-21 13:00 . 2001-08-17 14:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2010-07-21 13:00 . 2001-08-17 04:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2010-07-21 13:00 . 2004-08-03 14:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2010-07-21 13:00 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys 2010-07-21 13:00 . 2004-08-03 14:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2010-07-21 12:59 . 2004-08-03 14:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys 2010-07-21 12:59 . 2001-08-17 04:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys 2010-07-21 12:59 . 2001-08-17 05:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys 2010-07-21 12:59 . 2001-08-17 14:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll 2010-07-21 12:59 . 2001-08-17 14:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-07-21 12:59 . 2004-08-04 13:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys 2010-07-21 12:59 . 2004-08-04 13:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll 2010-07-21 12:59 . 2001-08-17 05:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys 2010-07-21 12:59 . 2004-08-03 14:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys 2010-07-21 12:57 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2010-07-21 12:57 . 2001-08-17 05:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2010-07-21 12:57 . 2001-08-17 05:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys 2010-07-21 12:57 . 2001-08-17 05:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys 2010-07-21 12:57 . 2001-08-17 05:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys 2010-07-21 12:57 . 2001-08-17 05:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys 2010-07-21 12:57 . 2001-08-17 05:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys 2010-07-21 12:57 . 2001-08-17 05:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys 2010-07-21 12:57 . 2001-08-17 05:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys 2010-07-21 12:57 . 2004-08-03 14:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys 2010-07-21 12:57 . 2001-08-17 14:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll 2010-07-21 12:56 . 2001-08-17 14:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll 2010-07-21 12:56 . 2001-08-17 14:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll 2010-07-21 12:56 . 2001-08-17 14:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll 2010-07-21 12:56 . 2001-08-17 14:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll 2010-07-21 12:56 . 2001-08-17 05:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys 2010-07-21 12:56 . 2001-08-17 14:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll 2010-07-21 12:56 . 2001-08-17 14:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll 2010-07-21 12:56 . 2001-08-17 14:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll 2010-07-21 12:56 . 2001-08-17 14:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll 2010-07-21 12:56 . 2001-08-17 05:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys 2010-07-21 12:56 . 2001-08-17 05:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys 2010-07-21 12:56 . 2004-08-04 13:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe 2010-07-21 12:54 . 2001-08-17 04:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys 2010-07-21 12:53 . 2001-08-17 06:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys 2010-07-21 12:53 . 2001-08-17 06:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys 2010-07-21 12:53 . 2001-08-17 06:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys 2010-07-21 12:53 . 2001-08-17 06:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys 2010-07-21 12:53 . 2001-08-17 14:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll 2010-07-21 12:53 . 2001-08-17 05:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys 2010-07-21 12:53 . 2001-08-17 06:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2010-07-21 12:53 . 2001-08-17 14:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll 2010-07-21 12:53 . 2001-08-17 14:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll 2010-07-21 12:53 . 2001-08-17 14:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll 2010-07-21 12:53 . 2001-08-17 14:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll 2010-07-21 12:53 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys 2010-07-21 12:53 . 2001-08-17 14:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll 2010-07-21 12:52 . 2001-08-17 14:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll 2010-07-21 12:52 . 2001-08-17 04:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys 2010-07-21 12:52 . 2001-08-17 05:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys 2010-07-21 12:52 . 2001-08-17 04:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys 2010-07-21 12:52 . 2001-08-17 14:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll 2010-07-21 12:52 . 2004-08-04 13:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll 2010-07-21 12:52 . 2001-08-17 14:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll 2010-07-21 12:51 . 2001-08-17 05:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys 2010-07-21 12:51 . 2001-08-17 14:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll 2010-07-21 12:51 . 2001-08-17 06:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys 2010-07-21 12:51 . 2001-08-17 04:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys 2010-07-21 12:51 . 2001-08-17 14:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll 2010-07-21 12:49 . 2001-08-17 14:36 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll 2010-07-21 12:48 . 2001-08-17 04:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys 2010-07-21 12:48 . 2001-08-17 06:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll 2010-07-21 12:48 . 2001-08-17 04:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys 2010-07-21 12:48 . 2004-08-04 13:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll 2010-07-21 12:48 . 2001-07-21 06:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys 2010-07-21 12:47 . 2001-07-21 06:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys 2010-07-21 12:47 . 2001-08-17 04:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys 2010-07-21 12:47 . 2001-08-17 14:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll 2010-07-21 12:47 . 2001-08-17 04:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys 2010-07-21 12:47 . 2001-08-17 05:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys 2010-07-21 12:47 . 2001-08-17 05:48 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys 2010-07-21 12:47 . 2001-08-17 14:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll 2010-07-21 12:47 . 2001-08-17 05:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys 2010-07-21 12:47 . 2008-04-13 18:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys 2010-07-21 12:47 . 2001-08-17 05:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys 2010-07-21 12:47 . 2001-08-17 14:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll 2010-07-21 12:47 . 2001-08-17 05:51 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys 2010-07-21 12:46 . 2001-08-17 05:51 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys 2010-07-21 12:46 . 2001-08-17 05:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys 2010-07-21 12:46 . 2001-08-17 05:51 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys 2010-07-21 12:46 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys 2010-07-21 12:46 . 2001-08-17 14:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll 2010-07-21 12:46 . 2001-08-17 04:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys 2010-07-21 12:46 . 2001-08-17 06:56 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll 2010-07-21 12:46 . 2001-08-17 04:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys 2010-07-21 12:46 . 2001-08-17 06:56 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll 2010-07-21 12:46 . 2001-08-17 04:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys 2010-07-21 12:46 . 2001-08-17 06:56 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll 2010-07-21 12:44 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys 2010-07-21 12:43 . 2001-08-17 05:52 33152 ----a-w- c:\windows\system32\dllcache\ql10wnt.sys 2010-07-21 12:42 . 2001-08-17 14:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll 2010-07-21 12:41 . 2001-08-17 04:12 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys 2010-07-21 12:40 . 2001-08-17 04:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys 2010-07-21 12:40 . 2001-08-17 04:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys 2010-07-21 12:40 . 2001-08-17 04:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys 2010-07-21 12:40 . 2001-08-17 04:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys 2010-07-21 12:40 . 2001-08-17 14:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll 2010-07-21 12:40 . 2001-08-17 14:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2010-07-21 12:40 . 2001-08-17 04:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys 2010-07-21 12:40 . 2001-08-17 05:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys 2010-07-21 12:40 . 2001-08-17 05:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys 2010-07-21 12:40 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys 2010-07-21 12:40 . 2001-08-17 04:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys 2010-07-21 12:38 . 2001-08-17 04:11 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys 2010-07-21 12:38 . 2001-08-17 04:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys 2010-07-21 12:38 . 2001-08-17 05:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys 2010-07-21 12:38 . 2001-08-17 14:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll 2010-07-21 12:38 . 2001-08-17 05:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys 2010-07-21 12:38 . 2001-08-17 14:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll 2010-07-21 12:38 . 2001-08-17 05:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys 2010-07-21 12:38 . 2001-08-17 04:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys 2010-07-21 12:38 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys 2010-07-21 12:38 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys 2010-07-21 12:38 . 2001-08-17 05:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-03 03:19 . 2007-02-05 06:01 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-28 12:57 . 2005-04-30 05:17 -------- d-----w- c:\program files\Microsoft Money 2005 2010-07-28 12:54 . 2005-04-30 05:08 -------- d-----w- c:\program files\Common Files\Java 2010-07-28 12:07 . 2005-04-30 05:08 -------- d-----w- c:\program files\Java 2010-07-21 17:03 . 2010-07-21 17:03 0 ----a-w- c:\documents and settings\i\Application Data\wklnhst.dat 2010-07-21 16:11 . 2005-04-30 05:38 -------- d-----w- c:\program files\Google 2010-07-21 16:05 . 2006-03-02 07:50 -------- d-----w- c:\program files\Yahoo! 2010-07-21 12:38 . 2004-08-04 08:00 236544 ----a-w- c:\windows\system32\webcheck.dll.tmp 2010-07-21 12:37 . 2007-05-27 09:55 -------- d-----w- c:\program files\mIRC 2010-07-21 09:04 . 2009-06-20 15:11 33815632 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng_us.exe 2010-07-21 09:04 . 2009-01-11 02:37 33662272 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe 2010-07-18 09:58 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-18 06:18 . 2006-05-30 06:27 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-17 12:39 . 2010-07-17 12:39 388096 ----a-r- c:\documents and settings\i\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-17 09:59 . 2009-02-04 05:56 69632 ----a-w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe 2010-07-17 09:59 . 2008-12-29 23:38 602112 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe 2010-07-17 09:59 . 2009-06-06 02:08 32768 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us.exe 2010-07-17 09:59 . 2009-04-30 01:20 32768 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2152_us.exe 2010-07-17 09:59 . 2009-01-11 02:37 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-07-17 09:59 . 2009-01-11 02:37 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe 2010-07-17 09:59 . 2009-06-20 15:10 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-07-17 09:59 . 2009-06-20 15:10 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2010-07-17 09:59 . 2009-06-20 15:10 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2010-07-17 09:59 . 2008-01-18 19:07 113664 -c--a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 2010-07-17 07:17 . 2010-07-10 08:55 67584 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-07-17 03:27 . 2010-05-28 00:03 434176 ----a-w- c:\documents and settings\i\Application Data\Real\Update\setup3.10\setup.exe 2010-07-17 03:27 . 2010-07-10 08:30 487424 ----a-w- c:\documents and settings\i\Application Data\Real\RealPlayer\setup\AU_setup16.exe 2010-07-17 03:25 . 2009-01-11 02:37 70144 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe 2010-07-17 03:25 . 2009-06-20 15:10 70144 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2010-07-11 00:43 . 2010-05-27 11:54 106392 ----a-w- c:\documents and settings\i\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-11 00:01 . 2006-03-02 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo! 2010-07-11 00:01 . 2010-05-27 11:53 -------- d--h--r- c:\documents and settings\i\Application Data\yahoo! 2010-07-10 23:56 . 2005-08-06 08:45 -------- d-----w- c:\program files\Lavasoft 2010-07-10 13:20 . 2010-05-27 11:52 -------- d-----w- c:\documents and settings\i\Application Data\Apple Computer 2010-07-10 09:30 . 2007-07-05 02:41 -------- d-----w- c:\program files\Common Files\Apple 2010-07-10 08:57 . 2010-07-10 08:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-07-10 08:57 . 2010-07-10 08:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-07-10 08:57 . 2010-07-10 08:57 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-07-10 08:57 . 2010-07-10 08:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-07-10 08:57 . 2010-07-10 08:57 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-07-10 08:57 . 2010-07-10 08:57 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-07-10 08:57 . 2010-07-10 08:57 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-07-10 08:57 . 2010-07-10 08:57 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-07-10 08:57 . 2010-07-10 08:57 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-07-10 08:57 . 2006-11-04 03:25 -------- d-----w- c:\program files\Common Files\Real 2010-07-10 08:56 . 2006-11-04 03:25 -------- d-----w- c:\program files\Real 2010-07-10 08:53 . 2003-02-21 17:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-07-10 08:53 . 2003-03-19 09:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-07-10 07:54 . 2005-10-23 17:32 -------- d-----w- c:\program files\CCleaner 2010-07-10 06:52 . 2010-05-27 14:04 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-07-10 06:04 . 2010-07-10 06:04 503808 ----a-w- c:\documents and settings\i\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-123e77e2-n\msvcp71.dll 2010-07-10 06:04 . 2010-07-10 06:04 499712 ----a-w- c:\documents and settings\i\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-123e77e2-n\jmc.dll 2010-07-10 06:04 . 2010-07-10 06:04 348160 ----a-w- c:\documents and settings\i\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-123e77e2-n\msvcr71.dll 2010-07-10 06:01 . 2010-07-10 06:01 61440 ----a-w- c:\documents and settings\i\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7171596c-n\decora-sse.dll 2010-07-10 06:01 . 2010-07-10 06:01 12800 ----a-w- c:\documents and settings\i\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7171596c-n\decora-d3d.dll 2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 01:38 . 2010-05-27 13:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-12 03:03 . 2008-05-29 14:29 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-27 13:23 . 2010-05-27 13:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-18 08:35 . 2010-05-18 08:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 08:35 . 2010-05-18 08:35 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-05-18 08:35 . 2010-05-18 08:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\i\Start Menu\Programs\Startup\ PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2010-7-19 1287176] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^i^Start Menu^Programs^Startup^PandaUSBVaccine.lnk] path=c:\documents and settings\i\Start Menu\Programs\Startup\PandaUSBVaccine.lnk backup=c:\windows\pss\PandaUSBVaccine.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-07 07:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-05-13 12:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-02-17 21:01 233534 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2004-12-03 20:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2010-07-17 02:39 1200128 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 08:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-07-10 08:52 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2010-07-17 02:39 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "18572:TCP"= 18572:TCP:*:Disabled:BitComet 18572 TCP "18572:UDP"= 18572:UDP:*:Disabled:BitComet 18572 UDP "7629:TCP"= 7629:TCP:*:Disabled:BitComet 7629 TCP "7629:UDP"= 7629:UDP:*:Disabled:BitComet 7629 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2010 9:29 PM 64288] R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [8/6/2005 4:06 PM 21632] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/10/2010 3:18 PM 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/27/2010 9:46 PM 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/17/2010 9:10 PM 1352832] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [7/10/2010 3:18 PM 69936] R2 ViCAM;ViCAM;c:\windows\system32\drivers\Vicam.sys [7/1/2008 8:08 PM 25984] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 PM 231424] S3 gBTMouUsb16;USB 16-bit 4D Mouse Device Drv;c:\windows\system32\DRIVERS\gBTMouUsb16.sys --> c:\windows\system32\DRIVERS\gBTMouUsb16.sys [?] S3 Seistpcw;Seistpcw; [x] S3 VICAMUSB;3Com HomeConnect USB Camera;c:\windows\system32\drivers\VicamUsb.sys [7/1/2008 8:08 PM 38548] S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] ADMon REG_MULTI_SZ ADMon . Contents of the 'Scheduled Tasks' folder 2010-08-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-17 07:11] 2010-08-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-17 07:11] 2010-08-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-17 07:11] 2010-08-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-03-17 07:11] 2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34] 2010-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3991690283-1370122780-2469625051-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02] 2010-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3991690283-1370122780-2469625051-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02] 2010-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3991690283-1370122780-2469625051-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02] 2010-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3991690283-1370122780-2469625051-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-02 19:02] 2010-08-03 c:\windows\Tasks\User_Feed_Synchronization-{EC13484F-77CC-4E66-88D1-C92B8DE4F7D7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 20:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: {97941A97-712B-4D5D-9E02-DCE833B2266D} = 8.8.8.8 FF - ProfilePath - c:\documents and settings\i\Application Data\Mozilla\Firefox\Profiles\wmfp619v.default\ FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe MSConfigStartUp-LSBWatcher - c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-08-03 11:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2944) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-03 11:32:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-03 03:32 Pre-Run: 17,333,321,728 bytes free Post-Run: 17,240,248,320 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 568122B3903795F723ADA008A7D5A223
  14. Hello LS Andy, Thanks for replying, I always update A-A everyday so should be OK now. So same thing happened to you when avz is opened its indeed detected as W32.Bagle? What happened to the quarantined file known as W32.Bagle?