|
|
#21
17th Oct 2008, 12:38
| ||||||||||||
| ||||||||||||
| am back again  DrWeb scanner found nothingLogfile of random's system information tool 1.04 (written by random/random) Run by peter's PC at 2008-10-17 20:35:45 Microsoft Windows XP Professional Service Pack 3 System drive C: has 48 GB (62%) free of 76 GB Total RAM: 767 MB (53% free) RSIT - results one txt page as you said would happen too. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:36:24, on 17/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Styler\Styler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\peter's PC\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\peter's PC.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [MBM 5] "C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Styler.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 4577 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MBM 5"=C:\PROGRAM FILES\MOTHERBOARD MONITOR 5\MBM5.EXE [2004-06-12 594944] "C-Media Mixer"=Mixer.exe /startup [] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-09 1235736] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] C:\Documents and Settings\peter's PC\Start Menu\Programs\Startup Styler.lnk - C:\Documents and Settings\peter's PC\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-03-19 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSMHelp"=01000000 "NoResolveSearch"=1 "NoResolveTrack"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Steam\SteamApps\andy_birk\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\andy_birk\day of defeat source\hl2.exe:*:Enabled:hl2" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\RelevantKnowledge\rlvknlg.exe"="C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTALC\ica.exe"="C:\Program Files\iTALC\ica.exe:*:Enabled:iTALC Client Application (ICA)" ======File associations====== .bat - edit - C:\WINDOWS\system32\Notepad2.exe %1 .cmd - edit - C:\WINDOWS\system32\Notepad2.exe %1 .inf - open - C:\WINDOWS\system32\Notepad2.exe %1 .ini - open - C:\WINDOWS\system32\Notepad2.exe %1 .js - edit - C:\WINDOWS\system32\Notepad2.exe %1 .reg - edit - C:\WINDOWS\system32\Notepad2.exe %1 .txt - open - C:\WINDOWS\system32\Notepad2.exe %1 .vbs - edit - C:\WINDOWS\system32\Notepad2.exe %1 ======List of files/folders created in the last 1 months====== 2008-10-17 16:27:03 ----D---- C:\rsit 2008-10-17 11:44:56 ----D---- C:\Program Files\Enigma Software Group 2008-10-16 21:52:07 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-16 21:52:00 ----D---- C:\Program Files\SUPERAntiSpyware 2008-10-16 21:52:00 ----D---- C:\Documents and Settings\peter's PC\Application Data\SUPERAntiSpyware.com 2008-10-16 21:51:37 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-16 20:34:45 ----D---- C:\Program Files\EsetOnlineScanner 2008-10-16 14:10:16 ----SHD---- C:\RECYCLER 2008-10-16 03:49:33 ----A---- C:\WINDOWS\e2eSoft.ini 2008-10-16 01:55:56 ----A---- C:\WINDOWS\eSellerateEngine.dll 2008-10-16 01:55:41 ----D---- C:\Program Files\Common Files\DeskShare Shared 2008-10-16 01:55:40 ----A---- C:\WINDOWS\system32\Unicows.dll 2008-10-16 01:55:36 ----D---- C:\Program Files\Deskshare 2008-10-16 01:00:45 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-10-15 22:23:43 ----D---- C:\WINDOWS\RegisteredPackages 2008-10-15 16:52:39 ----D---- C:\Documents and Settings\peter's PC\Application Data\iTALC 2008-10-14 02:03:24 ----D---- C:\Program Files\Tomb Raider - Anniversary 2008-10-14 01:54:05 ----D---- C:\WINDOWS\system32\DirectX 2008-10-13 17:13:53 ----A---- C:\WINDOWS\system32\ptpusd.dll 2008-10-13 17:13:53 ----A---- C:\WINDOWS\system32\ptpusb.dll 2008-10-13 04:59:58 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2008-10-13 04:59:58 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2008-10-13 04:59:45 ----D---- C:\Program Files\OpenLibraries 2008-10-11 13:16:18 ----D---- C:\Program Files\NCH Software 2008-10-11 01:53:11 ----D---- C:\Program Files\Tiny Utilities 2008-10-11 01:11:37 ----D---- C:\Documents and Settings\peter's PC\Application Data\.ZMatrix 2008-10-11 01:11:33 ----A---- C:\WINDOWS\ZMatrixSS.ini 2008-10-11 01:11:31 ----D---- C:\Program Files\ZMatrix 2008-10-10 21:49:11 ----A---- C:\WINDOWS\exitwx.exe 2008-10-10 12:58:34 ----D---- C:\Program Files\VirtualDJ 2008-10-10 12:58:18 ----A---- C:\WINDOWS\nurtab.bat 2008-10-09 16:35:51 ----D---- C:\Program Files\PD Artist 2008-10-09 16:35:25 ----A---- C:\WINDOWS\ST5UNST.EXE 2008-10-09 13:36:15 ----D---- C:\Program Files\vLite 2008-10-08 22:29:56 ----A---- C:\WINDOWS\system32\TweakUI.exe 2008-10-08 16:23:44 ----A---- C:\WINDOWS\system32\J_LOG_regsvr32.TXT 2008-10-07 13:57:55 ----A---- C:\WINDOWS\system32\UNWISE.EXE 2008-10-06 13:10:22 ----D---- C:\Documents and Settings\peter's PC\Application Data\InstallShield 2008-10-05 01:52:36 ----D---- C:\WINDOWS\temp 2008-10-05 01:05:54 ----D---- C:\Program Files\Common Files\NSV 2008-09-29 20:32:52 ----A---- C:\WINDOWS\system32\WMV9VCM.DLL 2008-09-29 20:32:51 ----A---- C:\WINDOWS\system32\TSCCVID.DLL 2008-09-22 15:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-09-22 15:11:10 ----D---- C:\Documents and Settings\peter's PC\Application Data\NCH Swift Sound 2008-09-21 21:21:41 ----A---- C:\WINDOWS\uninstall.exe ======List of files/folders modified in the last 1 months====== 2008-10-17 20:34:23 ----D---- C:\Program Files\Mozilla Firefox 2008-10-17 20:28:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-17 20:27:35 ----A---- C:\WINDOWS\system32\Notepad2.ini 2008-10-17 20:23:33 ----RD---- C:\Downloads 2008-10-17 19:57:16 ----D---- C:\WINDOWS\Prefetch 2008-10-17 18:18:46 ----D---- C:\WINDOWS 2008-10-17 18:18:45 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-17 17:30:45 ----D---- C:\WINDOWS\system32 2008-10-17 12:36:20 ----D---- C:\WINDOWS\system32\drivers 2008-10-17 12:09:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-17 11:44:56 ----RD---- C:\Program Files 2008-10-17 08:14:30 ----SHD---- C:\System Volume Information 2008-10-17 08:14:30 ----D---- C:\WINDOWS\system32\Restore 2008-10-17 04:50:00 ----ASH---- C:\boot.ini 2008-10-17 04:50:00 ----A---- C:\WINDOWS\win.ini 2008-10-17 04:50:00 ----A---- C:\WINDOWS\system.ini 2008-10-17 04:49:58 ----D---- C:\WINDOWS\pss 2008-10-17 03:46:00 ----SHD---- C:\WINDOWS\Installer 2008-10-17 03:40:15 ----D---- C:\Program Files\PeerGuardian2 2008-10-16 21:51:37 ----D---- C:\Program Files\Common Files 2008-10-16 20:59:04 ----HD---- C:\$AVG8.VAULT$ 2008-10-16 20:34:24 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-16 20:25:04 ----SD---- C:\Documents and Settings\peter's PC\Application Data\Microsoft 2008-10-16 20:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-10-16 17:28:47 ----D---- C:\Program Files\Stardock 2008-10-16 16:11:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-16 14:17:41 ----RD---- C:\Documents and Settings 2008-10-16 14:06:23 ----D---- C:\WINDOWS\AppPatch 2008-10-16 13:52:48 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-10-16 05:40:22 ----D---- C:\WINDOWS\WinSxS 2008-10-16 05:26:14 ----AC---- C:\WINDOWS\system32\MsiExec.exe.log 2008-10-16 04:58:34 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-16 03:41:45 ----D---- C:\WINDOWS\system32\dllcache 2008-10-16 03:41:36 ----HD---- C:\WINDOWS\inf 2008-10-16 03:25:21 ----D---- C:\Documents and Settings\peter's PC\Application Data\LimeWire 2008-10-15 23:03:17 ----D---- C:\Program Files\movie maker 2008-10-15 22:18:35 ----D---- C:\WINDOWS\SoftwareDistribution 2008-10-15 20:24:17 ----D---- C:\Program Files\Common Files\Download Manager 2008-10-15 19:34:11 ----RD---- C:\My Recordings 2008-10-14 17:48:33 ----A---- C:\WINDOWS\CMMIXER.INI 2008-10-14 02:29:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-14 02:26:11 ----RSD---- C:\WINDOWS\assembly 2008-10-13 19:30:11 ----D---- C:\Program Files\Steam 2008-10-13 05:14:07 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-12 02:24:37 ----D---- C:\Program Files\RocketDock 2008-10-12 01:41:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-11 18:12:19 ----A---- C:\WINDOWS\mixerdef.ini 2008-10-11 01:11:32 ----RSD---- C:\WINDOWS\Fonts 2008-10-09 20:13:19 ----D---- C:\Program Files\Folder Lock 2008-10-09 17:47:15 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-10-09 01:38:45 ----RD---- C:\Program Files\Common Files\Services 2008-10-09 01:36:05 ----D---- C:\Documents and Settings\peter's PC\Application Data\vghd 2008-10-09 01:08:43 ----D---- C:\Program Files\MotoKit 2008-10-09 01:07:52 ----D---- C:\Program Files\DivX 2008-10-08 11:17:30 ----D---- C:\WINDOWS\system32\NtmsData 2008-10-07 10:33:13 ----D---- C:\WINDOWS\system32\spool 2008-10-06 13:45:55 ----D---- C:\WINDOWS\system32\oobe 2008-10-06 13:45:55 ----D---- C:\WINDOWS\system32\mui 2008-10-06 13:45:54 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-10-06 13:45:54 ----D---- C:\WINDOWS\system32\LogFiles 2008-10-06 13:45:53 ----D---- C:\WINDOWS\system32\Adobe 2008-10-06 07:53:00 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-10-04 01:18:56 ----D---- C:\Program Files\Styler 2008-10-03 12:31:16 ----A---- C:\WINDOWS\wininit.ini 2008-10-03 12:17:28 ----D---- C:\Program Files\Adobe 2008-10-03 12:17:22 ----D---- C:\Program Files\Common Files\Adobe 2008-10-03 11:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-03 11:09:15 ----D---- C:\Documents and Settings\peter's PC\Application Data\Adobe 2008-09-30 15:06:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-27 01:41:32 ----D---- C:\Documents and Settings\peter's PC\Application Data\dvdcss 2008-09-25 07:26:57 ----D---- C:\Program Files\Common Files\SpeechEngines 2008-09-21 01:12:56 ----D---- C:\WINDOWS\Debug 2008-09-18 20:39:13 ----D---- C:\Documents and Settings\peter's PC\Application Data\OpenOffice.org2 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-03-19 37760] R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-04-19 8704] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-02 26824] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-03-07 14592] R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys [] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-11 17801] R2 NvNdis;NVIDIA NDIS IO Control Driver; \??\C:\WINDOWS\system32\Drivers\NvNdis.sys [] R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys [] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-07 10368] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-03-19 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-10-11 9856] R3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-03-07 12800] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-07 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-07 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-07 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-03-07 17152] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-03-07 20608] S1 DVDRC;DVDRC; C:\WINDOWS\System32\drivers\DVDRC.sys [] S1 efbDisk;efbDisk; C:\WINDOWS\system32\drivers\efbDisk.sys [] S2 StudioPro;StudioPro webcam; C:\WINDOWS\system32\DRIVERS\StudioPro.sys [] S3 agcp8g7s;agcp8g7s; C:\WINDOWS\system32\drivers\agcp8g7s.sys [] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [] S3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-04-19 14336] S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-07 17024] S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784] S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176] S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680] S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-07 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-07 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-07 10880] S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SIoctl;SIoctl; \??\c:\windows\system32\drivers\sioctl.sys [] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-03-07 32768] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-07 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-07 15232] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-07 15104] S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-03-07 26112] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-07 26368] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-07 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] S2 WUSB54GSv2SVC;WUSB54GSv2SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-07 14336] S4 icas;iTALC Client; C:\Program Files\iTALC\ica.exe -service [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704] -----------------EOF----------------- ALL vista theme/affects terned off to rule out the graphics problem too :) AVG 8 still showing this black boxes > http://i124.photobucket.com/albums/p...untitled-4.jpg also some black boxes appear on spywear search and distroy and on my other scanners :)
__________________
__________________
My System: P*L*A*Z*M*A
|
|
#22
17th Oct 2008, 13:06
| |||
| |||
| Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [kill explorer] C:\Program Files\RelevantKnowledge C:\Program Files\Enigma Software Group EmptyTemp [start explorer] 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- Suspicious files to scan Please go to VirSCAN.org FREE on-line scan service (If more than one file needs scanned they must be done separately and logs posted for each one) 1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page. Code: C:\Documents and Settings\peter's PC\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Click on the Upload button. This will perform a scan across multiple different virus scanning engines. Your file will possibly be entered into a queue which normally takes less than a minute to clear. Important: Wait for all of the scanning engines to complete. 5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard. 6. Paste the contents of the Clipboard in your next reply. -- Next scan this file and add the results also. C:\Program Files\iTALC\ica.exe
__________________  |
|
#23
17th Oct 2008, 13:16
| |||
| |||
| doing all above now and will come back when done thanks for your help so farjust done a spybot search and destroy why i was waitin for your reply and guess who shows up RelevantKnowledge   http://i124.photobucket.com/albums/p...untitled-5.jpg u was write about spy hunter too :) so had a search on google and i cant belive what http://www.ca.com/us/securityadvisor...x?id=453097949 post back in a min with your next results :)
__________________ |
|
#24
17th Oct 2008, 13:28
| |||
| |||
| RelevantKnowledge and SpyHunter are one and the same (bundled adware) so they need to be killed together. The next set of instructions will hopefully get rid of it for good.
__________________ |
|
#25
17th Oct 2008, 13:33
| |||
| |||
| OTMoveIt2 results also asked me to re boot to complete.. and i did Explorer killed successfully File/Folder C:\Program Files\RelevantKnowledge not found. C:\Program Files\Enigma Software Group moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\PETER'~1\LOCALS~1\Temp\Perflib_Perfdata_928.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10172008_211904 Files moved on Reboot... File C:\DOCUME~1\PETER'~1\LOCALS~1\Temp\Perflib_Perfdata_928.dat not found! File move failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. VirSCAN.org Scanned Report : Scanned time : 2008/10/17 21:26:23 (BST) Scanner results: All Scanners reported not find malware! File Name : _585b207a.exe File Size : 15086 byte File Type : MPEG sequence MD5 : 8588d2403599c1e7d1f6c9ea458ceb39 SHA1 : e6c3275b817aa4b13634ee5674f4fd0abbaea548 Online report : http://virscan.org/report/3f605fb8ef...68312dfdf.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.0.0.16 2008.10.16 2008-10-16 1.42 - AhnLab V3 2008.10.18.00 2008.10.18 2008-10-18 1.08 - AntiVir 7.9.0.5 7.0.7.56 2008-10-17 2.45 - Antiy 2.0.18 20081016.1488960 2008-10-16 0.12 - Arcavir 1.0.5 200810171137 2008-10-17 1.19 - Authentium 5.1.1 200810150216 2008-10-15 1.05 - AVAST! 3.0.1 081015-0 2008-10-15 0.00 - AVG 7.5.52.442 270.8.1/1730 2008-10-17 1.70 - BitDefender 7.60825.1885915 7.21312 2008-10-18 3.14 - CA (VET) 9.0.0.143 31.6.6154 2008-10-17 3.80 - ClamAV 0.94 8439 2008-10-17 0.00 - Comodo 2.11 2.0.0.678 2008-10-16 0.40 - CP Secure 1.1.0.715 2008.10.17 2008-10-17 6.21 - Dr.Web 4.44.0.9170 2008.10.17 2008-10-17 3.29 - ewido 4.0.0.2 2008.10.17 2008-10-17 2.88 - F-Prot 4.4.4.56 20081017 2008-10-17 1.04 - F-Secure 5.51.6100 2008.10.17.07 2008-10-17 0.03 - Fortinet 2.81-3.113 9.649 2008-10-17 0.15 - GData 19.1058/19.65 20081016 2008-10-16 2.59 - ViRobot 20081016 2008.10.16 2008-10-16 0.40 - Ikarus T3.1.01.44 2008.10.17.71669 2008-10-17 3.03 - JiangMin 11.0.706 2008.10.17 2008-10-17 1.25 - Kaspersky 5.5.10 2008.10.17 2008-10-17 0.02 - KingSoft 2008.9.8.18 2008.10.17.20 2008-10-17 0.65 - McAfee 5.3.00 5408 2008-10-17 2.10 - Microsoft 1.4005 2008.10.17 2008-10-17 3.94 - mks_vir 2.01 2008.10.17 2008-10-17 2.60 - Norman 5.93.01 5.93.00 2008-10-16 5.24 - Panda 9.05.01 2008.10.17 2008-10-17 2.22 - Trend Micro 8.700-1004 5.606.17 2008-10-17 0.02 - Quick Heal 9.50 2008.10.17 2008-10-17 1.87 - Rising 20.0 20.66.32.00 2008-10-16 0.26 - Sophos 2.79.0 4.34 2008-10-18 1.86 - Sunbelt 3.1.1730.1 2320 2008-10-16 0.43 - Symantec 1.3.0.24 20081017.003 2008-10-17 0.07 - nProtect 2008-10-17.00 2255828 2008-10-17 4.23 - The Hacker 6.3.1.0 v00117 2008-10-17 0.42 - VBA32 3.12.8.7 20081017.1313 2008-10-17 1.21 - VirusBuster 4.5.11.10 10.90.5/651677 2008-10-17 0.84 - cant find C:\Program Files\iTALC\ica.exe to scan it
__________________ |
|
#26
17th Oct 2008, 13:41
| |||
| |||
| Download Deckard's Association File Tool (DAFT) and save it to your desktop.
Please download, install, update and run CounterSpy Download CounterSpy (CounterSpy is a 15 day full featured evaluation, it can easily be uninstalled when we are done)
How is everything now?
__________________ |
|
#27
17th Oct 2008, 14:33
| |||
| |||
| Deckard's Association File Tool (DAFT) DAFT Log saved on 2008-10-17 21:46:18 ----------------------------------------------------------------------- All associations okay! print screen of black boxes. now also on counterspy http://i124.photobucket.com/albums/p...blackboxes.jpg post counterspy results when finished so far its only picked up messenger plus- adware bundler thats all i can tell you as thats all i can see
__________________ |
|
#28
17th Oct 2008, 14:55
| |||
| |||
| I'm becoming more convinced it's the custom fonts/transformation packs.
__________________ |
|
#29
17th Oct 2008, 15:06
| |||
| |||
| found nothing apart from messenger plus i had this transformation pack witch is called styler and iv never had a problem 1 year with it when i select safe mode there is no back boxes on my avg8 so its got to be something ruining on my pc ill do a scan in safe mode and see what that brings up :)
__________________ |
|
#30
17th Oct 2008, 15:08
| |||
| |||
| could i make a windows recovery disk that would repair eney windows files maybe?
__________________ |
 |
 |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| 32 Bits-maxint-16 Bits-2 Billion | arthur4future | General Software Chat | 0 | 14th Dec 2009 07:59 |
| Debugging BSOD's with WinDbg for Beginners Part 1: Getting all the Bits | Desertfish | Windows Operating Systems | 1 | 22nd Sep 2009 04:06 |
| Build a top range PC out using some of the bits i have of my old PC and ebay | JJroker | General Hardware Chat | 2 | 25th May 2009 02:00 |
| Help got a bad virus - running AVG8 | brad3314 | Virus, Spyware & Security | 11 | 9th Mar 2008 09:56 |
| HELP! Googled to bits | Googledtobitz | Off Topic Discussion | 5 | 17th Nov 2007 15:04 |
| Thread Tools | |
| |
