PCTech Forums

[BrownGuy]

Hey everybody, im kinda new to this site. Oh well, my computer has been lately acting up and freezing during the boot process, it used to only freeze once in a while at the Welcome screen, but now days, it freezes before that, it just goes black after the Windows XP loading screen. Im running Windows XP Media Center Edition 2002 Service Pack 3. 2.8 GHz Pentiu 4 CPU, 2.25 GB of Ram. I also have a hijack this log below...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:55 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\SDMan.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\OWNER\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Sabre Task Tray Icon] C:\SABRE\Sabstart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{25F77A71-9B1E-474D-A7D4-340E2F3DD049}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\DOCUME~1\OWNER\LOCALS~1\Temp\10731711156mmx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE

--
End of file - 6021 bytes

Can somebody help me and tell me what I need to do to fix the computer? If you need any more information, I will be glad to provide it! Hope to hear from somebody soon.

[Gecko]

BrownGuy,

I see at least one malware running but that doesn't mean it is the cause of the booting problem. Let fix the malware and take it from there.

Please download combofix to your desktop.

Double click combofix.exe and follow the prompts.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.

[BrownGuy]

Hey, I tried to install ComboFix, but after i double click it and click Run, nothing comes up at all. I have Malware Bytes and I'll post a log of it below. I will keep trying to make ComboFix run and install it, in the meantime, if there is anything in the Malware Byte's log thats looks fishy to u, let me know what to do. If you have any ideas as to why ComboFix.exe wont run, let me know.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/3/2009 6:33:41 PM
mbam-log-2009-08-03 (18-33-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142229
Time elapsed: 17 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Gecko]

BrownGuy,

Some of the newer infections are "Combofix aware" and stop it from running.
To avoid this try renaming combofix.exe to cbf.exe and see if it will run then.

If that doesn't work I have other tools that we can try.

Interesting that Malware Bytes found a root kit though.
Do you have any more information on what root kit it was or maybe the file name?
Did that improve the running and booting of the system?

[BrownGuy]

Well, heres the combofix report, i changed it to cbf.exe and it worked fine. Thx.

ComboFix 09-08-03.04 - OWNER 08/03/2009 23:49.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2294.1911 [GMT -5:00]
Running from: c:\documents and settings\OWNER\Desktop\cbf.exe.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\sv.ini
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\UACfqquxewulhbqltqnt.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACarnqhcrvkbodgqpow.db
c:\windows\system32\UACbftpsbeumytaoykqt.dll
c:\windows\system32\UACfmqrgwrtevdlvreko.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmpydgwimumsnmoyqp.dll
c:\windows\system32\UACmtweufvxdorgodrnw.dll
c:\windows\system32\UAConlxejbgckxaxravx.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACvsmkmsrsntjwlepab.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 04:26 . 2009-08-03 04:28 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\ThumbnailCache4R
2009-08-01 17:47 . 2009-08-03 22:59 -------- d-----w- c:\program files\Reimage
2009-07-26 20:38 . 2009-07-26 21:07 -------- d-----w- c:\documents and settings\OWNER\.housecall6.6
2009-07-23 05:36 . 2009-07-23 05:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-22 01:52 . 2009-07-22 01:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\vlc
2009-07-22 01:51 . 2009-07-22 01:51 -------- d-----w- c:\program files\VideoLAN
2009-07-22 01:34 . 2009-07-22 01:34 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2009-07-22 01:29 . 2009-07-22 01:29 -------- d-----w- c:\program files\QuickTime
2009-07-22 01:29 . 2009-07-22 01:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-22 01:29 . 2009-07-22 01:29 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Apple
2009-07-22 01:28 . 2009-07-22 01:28 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Apple Computer
2009-07-22 01:02 . 2009-07-22 01:02 0 ----a-w- c:\documents and settings\OWNER\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-07-22 00:41 . 2009-07-23 03:10 -------- d-----w- c:\documents and settings\OWNER\Application Data\FrostWire
2009-07-18 12:57 . 2009-07-18 12:57 -------- d-----w- c:\program files\Dell
2009-07-18 12:51 . 2009-07-29 03:23 -------- d-----w- c:\windows\ie8updates
2009-07-18 12:47 . 2009-07-18 13:12 -------- d-----w- c:\windows\system32\LogFiles
2009-07-18 00:52 . 2009-07-18 00:52 -------- d-sh--w- c:\documents and settings\OWNER\PrivacIE
2009-07-18 00:51 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-18 00:51 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-18 00:51 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-18 00:50 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-18 00:48 . 2009-07-18 00:48 -------- d-sh--w- c:\documents and settings\OWNER\IECompatCache
2009-07-18 00:48 . 2009-07-18 00:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 00:47 . 2009-07-18 00:47 -------- d-sh--w- c:\documents and settings\OWNER\IETldCache
2009-07-11 16:44 . 2009-06-15 19:26 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\10852184
2009-07-10 02:29 . 2009-07-10 02:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-10 01:28 . 2009-07-10 01:28 -------- d-----w- c:\program files\AC3Filter
2009-07-10 01:17 . 2009-07-10 01:17 -------- d-----w- c:\documents and settings\OWNER\Application Data\DivX
2009-07-10 01:12 . 2009-07-10 01:14 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Google
2009-07-10 01:12 . 2009-07-17 01:29 -------- d-----w- c:\program files\Google
2009-07-10 01:12 . 2009-07-10 01:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-10 01:12 . 2009-07-10 01:13 -------- d-----w- c:\program files\DivX
2009-07-10 01:09 . 2009-07-10 01:11 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\ApplicationHistory
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\scripting
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\l2schemas
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\en
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\bits
2009-07-10 00:36 . 2009-07-10 00:44 -------- d-----w- c:\windows\ServicePackFiles
2009-07-09 23:05 . 2009-07-09 23:05 -------- d--h--r- c:\documents and settings\OWNER\Application Data\SecuROM
2009-07-09 23:05 . 2009-07-09 23:05 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-09 22:53 . 2009-07-09 22:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2009-07-09 22:50 . 2009-07-09 22:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-09 22:50 . 2009-07-09 22:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\DAEMON Tools Pro
2009-07-09 02:42 . 2009-08-03 04:38 -------- d-----w- c:\documents and settings\All Users\Dl_cats
2009-07-09 02:42 . 2009-07-09 02:42 -------- d-----w- C:\logs
2009-07-09 02:41 . 2007-04-28 15:41 40960 ----a-w- c:\windows\system32\dldtvs.dll
2009-07-09 02:41 . 2007-12-12 22:32 360448 ----a-w- c:\windows\system32\dldtcoin.dll
2009-07-09 02:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-09 02:41 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-07-09 02:41 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-07-09 02:41 . 2008-02-21 21:41 782336 ----a-w- c:\windows\system32\dldtdrs.dll
2009-07-09 02:41 . 2008-02-19 23:25 81920 ----a-w- c:\windows\system32\dldtcaps.dll
2009-07-09 02:41 . 2007-11-13 20:13 69632 ----a-w- c:\windows\system32\dldtcnv4.dll
2009-07-08 19:18 . 2009-07-29 20:24 -------- d-----w- c:\documents and settings\OWNER\Application Data\gtk-2.0
2009-07-08 19:18 . 2009-07-08 19:25 -------- d-----w- c:\documents and settings\OWNER\.thumbnails
2009-07-08 19:16 . 2009-07-29 20:26 -------- d-----w- c:\documents and settings\OWNER\.gimp-2.6
2009-07-08 19:16 . 2009-07-08 19:16 -------- d-----w- c:\documents and settings\OWNER\.gegl-0.0
2009-07-08 02:47 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-08 02:47 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-08 02:47 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-07-08 02:47 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-07-08 02:46 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-08 02:46 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-07-08 02:46 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-07-08 02:46 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-07-08 02:46 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-07-08 02:46 . 2005-11-16 20:35 112128 ----a-w- c:\windows\system32\staco.dll
2009-07-08 02:46 . 2005-11-16 20:36 1047816 ----a-w- c:\windows\system32\drivers\sthda.sys
2009-07-08 02:46 . 2005-11-16 20:35 172032 ----a-w- c:\windows\system32\stacapi.dll
2009-07-08 02:46 . 2009-07-08 02:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 02:46 . 2009-07-08 02:46 -------- d-----w- c:\program files\SigmaTel
2009-07-08 02:46 . 2009-07-08 02:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-07 21:21 . 2009-07-07 21:21 0 ----a-w- c:\windows\nsreg.dat
2009-07-07 21:21 . 2009-07-07 21:21 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Mozilla
2009-07-07 20:38 . 2009-07-07 20:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-07-07 20:37 . 2009-07-08 08:03 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Adobe
2009-07-07 20:37 . 2009-07-11 16:37 21944 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 20:34 . 2009-07-26 20:20 -------- d-----w- c:\program files\Bonjour
2009-07-07 20:28 . 2009-07-07 20:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-07 20:06 . 2009-07-07 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-07 20:01 . 2009-07-07 20:01 -------- d-----w- c:\program files\uTorrent
2009-07-07 20:01 . 2009-07-30 05:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\uTorrent
2009-07-06 19:59 . 2006-12-07 15:45 110592 ----a-w- c:\documents and settings\OWNER\Application Data\U3\temp\cleanup.exe
2009-07-06 19:48 . 2006-12-07 15:45 3096576 ---ha-w- c:\documents and settings\OWNER\Application Data\U3\temp\Launchpad Removal.exe
2009-07-06 19:48 . 2009-08-04 03:08 -------- d-----w- c:\documents and settings\OWNER\Application Data\U3
2009-07-06 19:45 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\documents and settings\OWNER\.jsapi
2009-07-06 18:39 . 2005-04-05 19:59 57344 ----a-w- c:\windows\system32\OadpUtil.dll
2009-07-06 18:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-06 18:34 . 2009-07-06 18:36 -------- d-----w- c:\windows\Pronto
2009-07-06 18:34 . 2009-07-06 18:34 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 05:54 . 2009-06-30 22:19 -------- d-----w- c:\program files\Yahoo!
2009-07-26 23:14 . 2009-06-30 18:35 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-23 18:58 . 2009-07-23 18:58 1400208 -c--a-w- c:\documents and settings\All Users\SPL1.tmp
2009-07-18 13:46 . 2009-06-16 02:40 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dell Imaging Toolbox
2009-07-18 12:57 . 2009-07-09 02:40 -------- d-----w- c:\program files\Dell V305
2009-07-18 00:50 . 2009-07-01 12:49 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-18 00:49 . 2009-06-30 22:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 18:36 . 2009-06-15 13:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-06-15 13:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 16:42 . 2008-09-19 05:32 1 ----a-w- c:\documents and settings\OWNER\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-01 17:11 . 2009-07-01 17:11 -------- d-----w- c:\program files\Intel
2009-07-01 12:49 . 2009-07-01 12:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-01 12:48 . 2009-06-30 22:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:48 . 2009-06-30 22:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 23:21 . 2009-06-30 23:21 -------- d-----w- c:\documents and settings\OWNER\Application Data\OpenOffice.org
2009-06-30 23:21 . 2009-06-30 22:18 -------- d-----w- c:\program files\Filzip
2009-06-30 22:23 . 2009-06-30 22:23 -------- d-----w- c:\program files\JRE
2009-06-30 22:23 . 2009-06-30 22:23 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-30 22:23 . 2009-06-30 22:22 -------- d-----w- c:\program files\Java
2009-06-30 22:22 . 2009-06-30 22:22 -------- d-----w- c:\program files\Common Files\Java
2009-06-30 22:20 . 2009-06-30 22:20 -------- d-----w- c:\program files\MSECache
2009-06-30 22:19 . 2009-06-30 22:19 2232 ----a-w- c:\windows\java\Packages\Data\FN3NNFVH.DAT
2009-06-30 22:19 . 2009-06-30 22:19 155995 ----a-w- c:\windows\java\Packages\SCHNHFHR.ZIP
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\QH37JDJ7.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\RXRPJV7X.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\CCZFDRDB.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\5JFP3JN7.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\4L3H7FDB.DAT
2009-06-30 22:19 . 2009-06-30 22:19 -------- d-----w- c:\program files\CCleaner
2009-06-30 22:19 . 2009-06-30 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Yahoo!
2009-06-30 22:17 . 2009-06-30 22:14 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVGTOOLBAR
2009-06-30 22:16 . 2009-06-30 22:16 -------- d-----w- c:\program files\Comodo
2009-06-30 22:14 . 2009-06-30 22:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-15 18:52 . 2009-06-15 18:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2009-06-15 13:43 . 2009-06-15 13:43 -------- d-----w- c:\program files\System
2009-06-15 13:37 . 2009-06-15 13:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-06-03 19:09 . 2006-03-15 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 21:56 . 2009-07-10 01:13 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-10 01:13 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-06-30 18:28 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-13 21:56 . 2009-07-10 01:13 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-10 01:13 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:56 . 2009-07-10 01:13 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:32 . 2006-03-15 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-20 02:46 . 2009-07-07 21:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 15:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 12:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OADP Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OADP Utility.lnk
backup=c:\windows\pss\OADP Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sabre Printing Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sabre Printing Start.lnk
backup=c:\windows\pss\Sabre Printing Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sabre Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sabre Server.lnk
backup=c:\windows\pss\Sabre Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\SABRE\\Apps\\OADP\\OadpUtil.exe"=
"c:\\WINDOWS\\sabserv.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\Program Files\\Dell V305\\dldtlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/30/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/30/2009 5:14 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2009 5:14 PM 298776]
R2 CfgSrvc;Config Service Helper;c:\windows\system32\CfgSrvc.exe [7/6/2009 1:38 PM 55296]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 HsspConfig;HSSP Configuration Module;c:\windows\system32\CfgSrvc.exe [7/6/2009 1:38 PM 55296]
R2 SabrePrint;Sabre Printing Module;c:\sabre\Apps\OADP\Oadp.exe [7/6/2009 1:39 PM 512000]
R2 SDMan;Sabre Device Manager;c:\windows\sdman.exe [7/6/2009 1:38 PM 106496]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [7/8/2009 9:41 PM 99568]
S3 cpuz128;cpuz128;\??\c:\docume~1\OWNER\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\OWNER\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [6/30/2009 2:04 PM 21376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {25F77A71-9B1E-474D-A7D4-340E2F3DD049} = 192.168.1.1,192.168.1.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} - hxxps://my.sabre.com/jars/TMinReqX.dll
FF - ProfilePath - c:\docume~1\OWNER\APPLIC~1\Mozilla\Firefox\Profiles\581dkrto.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 23:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Bonjour\MDNSRE~1.EXE
c:\windows\system32\dldtcoms.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-08-04 23:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 04:59

Pre-Run: 65,692,499,968 bytes free
Post-Run: 65,621,381,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

343 --- E O F --- 2009-07-31 23:13


As for any more info on the root kit from Malware, i have no clue at all... Srry. Hope this helps.

[Gecko]

BrownGuy,

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\docume~1\OWNER\LOCALS~1\Temp\cpuz_x32.sys
C:\DOCUME~1\OWNER\LOCALS~1\Temp\10731711156mmx.dll
Folder::
Registry::

Now drag then drop the CFScript file onto cbf.exe


This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

[BrownGuy]

Heres the Combofix report.

ComboFix 09-08-03.04 - OWNER 08/04/2009 9:10.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2294.1877 [GMT -5:00]
Running from: c:\documents and settings\OWNER\Desktop\cbf.exe.exe
Command switches used :: c:\documents and settings\OWNER\My Documents\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 04:26 . 2009-08-03 04:28 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\ThumbnailCache4R
2009-08-01 17:47 . 2009-08-03 22:59 -------- d-----w- c:\program files\Reimage
2009-07-26 20:38 . 2009-07-26 21:07 -------- d-----w- c:\documents and settings\OWNER\.housecall6.6
2009-07-23 05:36 . 2009-07-23 05:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-22 01:52 . 2009-07-22 01:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\vlc
2009-07-22 01:51 . 2009-07-22 01:51 -------- d-----w- c:\program files\VideoLAN
2009-07-22 01:34 . 2009-07-22 01:34 -------- d-----w- c:\documents and settings\OWNER\Application Data\Apple Computer
2009-07-22 01:29 . 2009-07-22 01:29 -------- d-----w- c:\program files\QuickTime
2009-07-22 01:29 . 2009-07-22 01:29 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-22 01:29 . 2009-07-22 01:29 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Apple
2009-07-22 01:28 . 2009-07-22 01:28 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Apple Computer
2009-07-22 01:02 . 2009-07-22 01:02 0 ----a-w- c:\documents and settings\OWNER\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-07-22 00:41 . 2009-07-23 03:10 -------- d-----w- c:\documents and settings\OWNER\Application Data\FrostWire
2009-07-18 12:57 . 2009-07-18 12:57 -------- d-----w- c:\program files\Dell
2009-07-18 12:51 . 2009-07-29 03:23 -------- d-----w- c:\windows\ie8updates
2009-07-18 12:47 . 2009-07-18 13:12 -------- d-----w- c:\windows\system32\LogFiles
2009-07-18 00:52 . 2009-07-18 00:52 -------- d-sh--w- c:\documents and settings\OWNER\PrivacIE
2009-07-18 00:51 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-18 00:51 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-18 00:51 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-18 00:50 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-18 00:48 . 2009-07-18 00:48 -------- d-sh--w- c:\documents and settings\OWNER\IECompatCache
2009-07-18 00:48 . 2009-07-18 00:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 00:47 . 2009-07-18 00:47 -------- d-sh--w- c:\documents and settings\OWNER\IETldCache
2009-07-11 16:44 . 2009-06-15 19:26 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\10852184
2009-07-10 02:29 . 2009-07-10 02:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-10 01:28 . 2009-07-10 01:28 -------- d-----w- c:\program files\AC3Filter
2009-07-10 01:17 . 2009-07-10 01:17 -------- d-----w- c:\documents and settings\OWNER\Application Data\DivX
2009-07-10 01:12 . 2009-07-10 01:14 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Google
2009-07-10 01:12 . 2009-07-17 01:29 -------- d-----w- c:\program files\Google
2009-07-10 01:12 . 2009-07-10 01:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-10 01:12 . 2009-07-10 01:13 -------- d-----w- c:\program files\DivX
2009-07-10 01:09 . 2009-07-10 01:11 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\ApplicationHistory
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\scripting
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\l2schemas
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\en
2009-07-10 00:43 . 2009-07-10 00:43 -------- d-----w- c:\windows\system32\bits
2009-07-10 00:36 . 2009-07-10 00:44 -------- d-----w- c:\windows\ServicePackFiles
2009-07-09 23:05 . 2009-07-09 23:05 -------- d--h--r- c:\documents and settings\OWNER\Application Data\SecuROM
2009-07-09 23:05 . 2009-07-09 23:05 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-09 22:53 . 2009-07-09 22:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2009-07-09 22:50 . 2009-07-09 22:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-09 22:50 . 2009-07-09 22:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\DAEMON Tools Pro
2009-07-09 02:42 . 2009-08-03 04:38 -------- d-----w- c:\documents and settings\All Users\Dl_cats
2009-07-09 02:42 . 2009-07-09 02:42 -------- d-----w- C:\logs
2009-07-09 02:41 . 2007-04-28 15:41 40960 ----a-w- c:\windows\system32\dldtvs.dll
2009-07-09 02:41 . 2007-12-12 22:32 360448 ----a-w- c:\windows\system32\dldtcoin.dll
2009-07-09 02:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-09 02:41 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-07-09 02:41 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-07-09 02:41 . 2008-02-21 21:41 782336 ----a-w- c:\windows\system32\dldtdrs.dll
2009-07-09 02:41 . 2008-02-19 23:25 81920 ----a-w- c:\windows\system32\dldtcaps.dll
2009-07-09 02:41 . 2007-11-13 20:13 69632 ----a-w- c:\windows\system32\dldtcnv4.dll
2009-07-08 19:18 . 2009-07-29 20:24 -------- d-----w- c:\documents and settings\OWNER\Application Data\gtk-2.0
2009-07-08 19:18 . 2009-07-08 19:25 -------- d-----w- c:\documents and settings\OWNER\.thumbnails
2009-07-08 19:16 . 2009-07-29 20:26 -------- d-----w- c:\documents and settings\OWNER\.gimp-2.6
2009-07-08 19:16 . 2009-07-08 19:16 -------- d-----w- c:\documents and settings\OWNER\.gegl-0.0
2009-07-08 02:47 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-08 02:47 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-08 02:47 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-07-08 02:47 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-07-08 02:46 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-08 02:46 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-07-08 02:46 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-07-08 02:46 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-07-08 02:46 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-07-08 02:46 . 2005-11-16 20:35 112128 ----a-w- c:\windows\system32\staco.dll
2009-07-08 02:46 . 2005-11-16 20:36 1047816 ----a-w- c:\windows\system32\drivers\sthda.sys
2009-07-08 02:46 . 2005-11-16 20:35 172032 ----a-w- c:\windows\system32\stacapi.dll
2009-07-08 02:46 . 2009-07-08 02:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 02:46 . 2009-07-08 02:46 -------- d-----w- c:\program files\SigmaTel
2009-07-08 02:46 . 2009-07-08 02:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-07 21:21 . 2009-07-07 21:21 0 ----a-w- c:\windows\nsreg.dat
2009-07-07 21:21 . 2009-07-07 21:21 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Mozilla
2009-07-07 20:38 . 2009-07-07 20:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-07-07 20:37 . 2009-07-08 08:03 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Adobe
2009-07-07 20:37 . 2009-07-11 16:37 21944 ----a-w- c:\documents and settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 20:34 . 2009-07-26 20:20 -------- d-----w- c:\program files\Bonjour
2009-07-07 20:28 . 2009-07-07 20:28 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-07 20:06 . 2009-07-07 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-07 20:01 . 2009-07-07 20:01 -------- d-----w- c:\program files\uTorrent
2009-07-07 20:01 . 2009-07-30 05:48 -------- d-----w- c:\documents and settings\OWNER\Application Data\uTorrent
2009-07-06 19:59 . 2006-12-07 15:45 110592 ----a-w- c:\documents and settings\OWNER\Application Data\U3\temp\cleanup.exe
2009-07-06 19:48 . 2006-12-07 15:45 3096576 ---ha-w- c:\documents and settings\OWNER\Application Data\U3\temp\Launchpad Removal.exe
2009-07-06 19:48 . 2009-08-04 03:08 -------- d-----w- c:\documents and settings\OWNER\Application Data\U3
2009-07-06 19:45 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-06 18:42 . 2009-07-06 18:42 -------- d-----w- c:\documents and settings\OWNER\.jsapi
2009-07-06 18:39 . 2005-04-05 19:59 57344 ----a-w- c:\windows\system32\OadpUtil.dll
2009-07-06 18:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-06 18:34 . 2009-07-06 18:36 -------- d-----w- c:\windows\Pronto
2009-07-06 18:34 . 2009-07-06 18:34 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 05:54 . 2009-06-30 22:19 -------- d-----w- c:\program files\Yahoo!
2009-07-26 23:14 . 2009-06-30 18:35 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-23 18:58 . 2009-07-23 18:58 1400208 -c--a-w- c:\documents and settings\All Users\SPL1.tmp
2009-07-18 13:46 . 2009-06-16 02:40 -------- d-----w- c:\documents and settings\OWNER\Application Data\Dell Imaging Toolbox
2009-07-18 12:57 . 2009-07-09 02:40 -------- d-----w- c:\program files\Dell V305
2009-07-18 00:50 . 2009-07-01 12:49 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-18 00:49 . 2009-06-30 22:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 18:36 . 2009-06-15 13:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-06-15 13:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 16:42 . 2008-09-19 05:32 1 ----a-w- c:\documents and settings\OWNER\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-01 17:11 . 2009-07-01 17:11 -------- d-----w- c:\program files\Intel
2009-07-01 12:49 . 2009-07-01 12:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-01 12:48 . 2009-06-30 22:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:48 . 2009-06-30 22:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 23:21 . 2009-06-30 23:21 -------- d-----w- c:\documents and settings\OWNER\Application Data\OpenOffice.org
2009-06-30 23:21 . 2009-06-30 22:18 -------- d-----w- c:\program files\Filzip
2009-06-30 22:23 . 2009-06-30 22:23 -------- d-----w- c:\program files\JRE
2009-06-30 22:23 . 2009-06-30 22:23 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-30 22:23 . 2009-06-30 22:22 -------- d-----w- c:\program files\Java
2009-06-30 22:22 . 2009-06-30 22:22 -------- d-----w- c:\program files\Common Files\Java
2009-06-30 22:20 . 2009-06-30 22:20 -------- d-----w- c:\program files\MSECache
2009-06-30 22:19 . 2009-06-30 22:19 2232 ----a-w- c:\windows\java\Packages\Data\FN3NNFVH.DAT
2009-06-30 22:19 . 2009-06-30 22:19 155995 ----a-w- c:\windows\java\Packages\SCHNHFHR.ZIP
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\QH37JDJ7.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\RXRPJV7X.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\CCZFDRDB.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\5JFP3JN7.DAT
2009-06-30 22:19 . 2009-06-30 22:19 2678 ----a-w- c:\windows\java\Packages\Data\4L3H7FDB.DAT
2009-06-30 22:19 . 2009-06-30 22:19 -------- d-----w- c:\program files\CCleaner
2009-06-30 22:19 . 2009-06-30 22:19 -------- d-----w- c:\documents and settings\OWNER\Application Data\Yahoo!
2009-06-30 22:17 . 2009-06-30 22:14 -------- d-----w- c:\documents and settings\OWNER\Application Data\AVGTOOLBAR
2009-06-30 22:16 . 2009-06-30 22:16 -------- d-----w- c:\program files\Comodo
2009-06-30 22:14 . 2009-06-30 22:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-15 18:52 . 2009-06-15 18:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\Malwarebytes
2009-06-15 13:43 . 2009-06-15 13:43 -------- d-----w- c:\program files\System
2009-06-15 13:37 . 2009-06-15 13:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-06-03 19:09 . 2006-03-15 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 21:56 . 2009-07-10 01:13 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-13 21:56 . 2009-07-10 01:13 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-13 21:56 . 2009-06-30 18:28 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-05-13 21:56 . 2009-07-10 01:13 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-13 21:56 . 2009-07-10 01:13 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-13 21:56 . 2009-07-10 01:13 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-07 15:32 . 2006-03-15 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-20 02:46 . 2009-07-07 21:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 15:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 12:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OADP Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\OADP Utility.lnk
backup=c:\windows\pss\OADP Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sabre Printing Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sabre Printing Start.lnk
backup=c:\windows\pss\Sabre Printing Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sabre Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sabre Server.lnk
backup=c:\windows\pss\Sabre Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\SABRE\\Apps\\OADP\\OadpUtil.exe"=
"c:\\WINDOWS\\sabserv.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\Program Files\\Dell V305\\dldtlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/30/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/30/2009 5:14 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2009 5:14 PM 298776]
R2 CfgSrvc;Config Service Helper;c:\windows\system32\CfgSrvc.exe [7/6/2009 1:38 PM 55296]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 HsspConfig;HSSP Configuration Module;c:\windows\system32\CfgSrvc.exe [7/6/2009 1:38 PM 55296]
R2 SabrePrint;Sabre Printing Module;c:\sabre\Apps\OADP\Oadp.exe [7/6/2009 1:39 PM 512000]
R2 SDMan;Sabre Device Manager;c:\windows\sdman.exe [7/6/2009 1:38 PM 106496]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [7/8/2009 9:41 PM 99568]
S3 cpuz128;cpuz128;\??\c:\docume~1\OWNER\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\OWNER\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 DM9USB;ST268 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [6/30/2009 2:04 PM 21376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: {25F77A71-9B1E-474D-A7D4-340E2F3DD049} = 192.168.1.1,192.168.1.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} - hxxps://my.sabre.com/jars/TMinReqX.dll
FF - ProfilePath - c:\docume~1\OWNER\APPLIC~1\Mozilla\Firefox\Profiles\581dkrto.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 09:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Completion time: 2009-08-04 9:16
ComboFix-quarantined-files.txt 2009-08-04 14:16
ComboFix2.txt 2009-08-04 04:59

Pre-Run: 65,679,921,152 bytes free
Post-Run: 65,668,980,736 bytes free

301 --- E O F --- 2009-07-31 23:13


Heres the HijackThis Log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:33 AM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\OWNER\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{25F77A71-9B1E-474D-A7D4-340E2F3DD049}: NameServer = 192.168.1.1,192.168.1.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE

--
End of file - 5347 bytes

[Gecko]

BrownGuy,

Your logs look claen.

So how's it running now?

[BrownGuy]

So far so good, booting up just fine, no problems, Thx 4 all ur help.