Antivirus Will Not update??
Solved/Closed
Jacob
-
May 13, 2010 at 04:10 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 17, 2010 at 05:11 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - May 17, 2010 at 05:11 PM
Related:
- Antivirus Will Not update??
- Stinger antivirus - Download - Antivirus
- Ps3 update - Guide
- Play store update - Guide
- Kingsoft antivirus - Download - Antivirus
- Eset antivirus download - Download - Antivirus
2 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 13, 2010 at 04:27 PM
May 13, 2010 at 04:27 PM
Hello Jacob,
Sticky wicket isn't it?
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, paste the log here and report to me on how your system is behaving.
Good luck
Ambucias
Sticky wicket isn't it?
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, paste the log here and report to me on how your system is behaving.
Good luck
Ambucias
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 15, 2010 at 07:41 AM
May 15, 2010 at 07:41 AM
Hello Jacob
Thank you for the log.
No wonder you had a problem.
Okay read carefully and follow the instructions hereunder (oh boy I'm starting to wrote like a lawyer!)
1. Open your task manager, processes tab.
2. Locate and terminate the following process:
C:\Program Files\Application Updater\ApplicationUpdater.exe
3. Close the task manager
4. Request another Hyjackthis scan, not log this time.
5. Once the scan is over, please check the following items:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O17 - HKLM\System\CS1\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS3\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS4\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS5\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS6\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS7\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS8\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS9\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
6. Once all checked, click on "Fix checked"
7. Close Hyjackthis.
8. Check your Internet lan connection, if necessary in check "Use a proxy for this connection.
9. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
10. Reboot, get on the net and tell me that you appreciate all this typing I have done for you as I have multiple cramps.
Good luck
Thank you for the log.
No wonder you had a problem.
Okay read carefully and follow the instructions hereunder (oh boy I'm starting to wrote like a lawyer!)
1. Open your task manager, processes tab.
2. Locate and terminate the following process:
C:\Program Files\Application Updater\ApplicationUpdater.exe
3. Close the task manager
4. Request another Hyjackthis scan, not log this time.
5. Once the scan is over, please check the following items:
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O17 - HKLM\System\CS1\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS3\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS4\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS5\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS6\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS7\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS8\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O17 - HKLM\System\CS9\Services\Tcpip\..\{15304570-09FA-44E0-AFEC-D0713871D269}: NameServer = 218.248.255.212,218.248.255.139
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
6. Once all checked, click on "Fix checked"
7. Close Hyjackthis.
8. Check your Internet lan connection, if necessary in check "Use a proxy for this connection.
9. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
10. Reboot, get on the net and tell me that you appreciate all this typing I have done for you as I have multiple cramps.
Good luck
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 15, 2010 at 04:52 PM
May 15, 2010 at 04:52 PM
You are totally welcome.
The pleasure was all mine and...I think I will keep it!:)))
Thank you for your feedback patience and perseverance.
As I always say, to make a better world, pass it on to the next.
The pleasure was all mine and...I think I will keep it!:)))
Thank you for your feedback patience and perseverance.
As I always say, to make a better world, pass it on to the next.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 16, 2010 at 04:03 PM
May 16, 2010 at 04:03 PM
Well, I think that you should completely uninstall your antivirus and reinstall it then open command prompt and run chkdsk
Last but not least download and install Spybot Search and Destroy. Run a scan with it. When installing Spybot, uncheck the Tea-Timer component, not unly it is unnecessary but it may interfere with the antivirus programme which incidently failed you.
If you have any other antivirus applications other than the main one, I also suggest that you uninstall them. You have no many scanning engines running at the same time which consume resources and may conflict with one another.
Finally, I recommend that you run a online scan with F-Secure
http://www.f-secure.com/en_EMEA/security/tools/online-scanner/
This should keep you busy for awhile. Please report to me with a final Hyjackthis log.
Courage! We will get through this or I will eat my socks.
Catch you later
Last but not least download and install Spybot Search and Destroy. Run a scan with it. When installing Spybot, uncheck the Tea-Timer component, not unly it is unnecessary but it may interfere with the antivirus programme which incidently failed you.
If you have any other antivirus applications other than the main one, I also suggest that you uninstall them. You have no many scanning engines running at the same time which consume resources and may conflict with one another.
Finally, I recommend that you run a online scan with F-Secure
http://www.f-secure.com/en_EMEA/security/tools/online-scanner/
This should keep you busy for awhile. Please report to me with a final Hyjackthis log.
Courage! We will get through this or I will eat my socks.
Catch you later
May 14, 2010 at 01:43 AM
Thanks
May 14, 2010 at 03:04 AM
Thanks in advance
ComboFix 10-05-13.03 - Abc 05/14/2010 13:00:51.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.758.214 [GMT 5.5:30]
Running from: e:\down\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Abc\muiru.exe
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\system32\_000239_.tmp.dll
c:\windows\system32\driVERs\mwoipg.sys
c:\windows\system32\ialmuARA.dll
c:\windows\system32\ialmuARB.dll
c:\windows\system32\ialmuCHS.dll
c:\windows\system32\ialmuCHT.dll
c:\windows\system32\ialmuCSY.dll
c:\windows\system32\ialmuDAN.dll
c:\windows\system32\ialmuDEU.dll
c:\windows\system32\ialmudlg.exe
c:\windows\system32\ialmuELL.dll
c:\windows\system32\ialmuENG.dll
c:\windows\system32\ialmuESP.dll
c:\windows\system32\ialmuFIN.dll
c:\windows\system32\ialmuFRA.dll
c:\windows\system32\ialmuFRC.dll
c:\windows\system32\ialmuHEB.dll
c:\windows\system32\ialmuHUN.dll
c:\windows\system32\ialmuITA.dll
c:\windows\system32\ialmuJPN.dll
c:\windows\system32\ialmuKOR.dll
c:\windows\system32\ialmuNLD.dll
c:\windows\system32\ialmuNOR.dll
c:\windows\system32\ialmuPLK.dll
c:\windows\system32\ialmuPTB.dll
c:\windows\system32\ialmuPTG.dll
c:\windows\system32\ialmuRUS.dll
c:\windows\system32\ialmuSVE.dll
c:\windows\system32\ialmuTHA.dll
c:\windows\system32\ialmuTRK.dll
c:\windows\system32\igfxrara.lrc
c:\windows\system32\igfxrchs.lrc
c:\windows\system32\igfxrcht.lrc
c:\windows\system32\igfxrcsy.lrc
c:\windows\system32\igfxrdan.lrc
c:\windows\system32\igfxrdeu.lrc
c:\windows\system32\igfxrell.lrc
c:\windows\system32\igfxrenu.lrc
c:\windows\system32\igfxresp.lrc
c:\windows\system32\igfxrfin.lrc
c:\windows\system32\igfxrfra.lrc
c:\windows\system32\igfxrheb.lrc
c:\windows\system32\igfxrhun.lrc
c:\windows\system32\igfxrita.lrc
c:\windows\system32\igfxrjpn.lrc
c:\windows\system32\igfxrkor.lrc
c:\windows\system32\igfxrnld.lrc
c:\windows\system32\igfxrnor.lrc
c:\windows\system32\igfxrplk.lrc
c:\windows\system32\igfxrptb.lrc
c:\windows\system32\igfxrptg.lrc
c:\windows\system32\igfxrrus.lrc
c:\windows\system32\igfxrsve.lrc
c:\windows\system32\igfxrtha.lrc
c:\windows\system32\igfxrtrk.lrc
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\vsjitdebuggerBACK.exe.exe
c:\windows\Yhufua.exe
c:\windows\Yhufub.exe
c:\windows\Yhufuc.exe
c:\windows\Yhufud.exe
c:\windows\Yhufue.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Legacy_mwoipg
-------\Service_mwoipg
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.
2010-05-13 13:27 . 2010-05-13 13:46 44520 ----a-w- c:\windows\system32\drivers\extit.sys
2010-05-13 12:58 . 2010-05-13 12:58 -------- d-----w- c:\program files\Exterminate It!
2010-05-13 11:51 . 2010-05-13 11:51 -------- d-----w- C:\FOUND.069
2010-05-13 03:18 . 2010-05-13 03:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-05-13 02:50 . 2010-05-13 02:50 -------- d-----w- C:\FOUND.068
2010-05-12 21:22 . 2010-02-27 15:16 3691384 ----a-w- c:\documents and settings\Abc\Application Data\Simply Super Software\Trojan Remover\gvwC69.exe
2010-05-12 21:16 . 2010-01-22 04:25 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-12 21:16 . 2010-01-22 04:26 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-12 21:16 . 2010-01-22 04:26 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-12 21:16 . 2010-01-22 04:26 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-12 21:16 . 2009-10-27 20:06 1152444 ----a-w- c:\windows\UDB.zip
2010-05-12 21:16 . 2008-11-26 06:38 131 ----a-w- c:\windows\IDB.zip
2010-05-12 20:27 . 2010-02-05 03:47 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-12 20:27 . 2010-03-29 04:36 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-12 20:27 . 2009-11-23 08:24 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-12 20:27 . 2010-04-08 08:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-12 20:27 . 2010-05-12 20:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-12 20:27 . 2010-05-12 20:27 -------- d-----w- c:\documents and settings\Abc\Application Data\PC Tools
2010-05-12 20:27 . 2010-05-12 20:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
2010-05-12 18:15 . 2010-05-12 18:15 -------- d-----w- C:\Temp
2010-05-12 18:13 . 2010-05-14 07:43 117760 ----a-w- c:\documents and settings\Abc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 18:12 . 2010-05-12 18:12 -------- d-----w- C:\FOUND.067
2010-05-12 18:06 . 2010-05-12 18:06 -------- d-----w- C:\FOUND.066
2010-05-10 05:30 . 2010-05-10 05:30 -------- d-----w- c:\documents and settings\Abc\Application Data\PlayFirst
2010-05-10 05:30 . 2010-05-10 05:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-05-09 12:12 . 2010-05-09 12:12 70 ----a-w- c:\windows\GPlrLanc.dat
2010-05-09 12:12 . 2010-05-09 12:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Indiagames GoD
2010-05-09 12:12 . 2001-09-04 21:53 56320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Indiagames GoD\Setup.exe
2010-05-09 12:12 . 2010-05-09 12:12 -------- d-----w- C:\Remote Programs
2010-05-09 12:12 . 2009-07-12 10:43 53314 ------w- c:\windows\ExentInfo.exe
2010-05-09 12:11 . 2010-05-09 12:11 -------- d-----w- c:\program files\Indiagames GoD
2010-05-08 18:01 . 2010-05-08 18:01 -------- d-----w- c:\program files\Passware
2010-05-08 17:51 . 2010-05-08 17:51 -------- d-----w- c:\program files\RAR Password Cracker
2010-05-07 16:16 . 2010-05-07 16:16 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.004\Application Data\Xfire
2010-05-06 18:43 . 2010-05-06 18:43 -------- d-----w- c:\documents and settings\Abc\Application Data\Xfire
2010-05-05 14:34 . 2010-05-05 14:34 -------- d-----w- C:\FOUND.065
2010-05-04 06:30 . 2009-06-30 04:07 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-03 17:51 . 2010-05-03 17:52 52224 ----a-w- c:\documents and settings\Abc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-03 16:38 . 2010-05-03 16:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 20:12 . 2006-06-19 06:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-02 20:12 . 2006-05-25 09:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-02 20:12 . 2005-08-25 19:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-02 20:12 . 2002-03-05 18:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-02 20:12 . 2003-02-02 13:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-02 20:12 . 2010-05-02 20:12 -------- d-----w- c:\documents and settings\Abc\Application Data\Simply Super Software
2010-05-02 20:12 . 2010-05-02 20:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-05-01 04:27 . 2010-05-01 04:27 -------- d-----w- c:\windows\vbSkinner
2010-05-01 04:02 . 2010-05-01 04:02 -------- d-----w- c:\program files\PFConfig
2010-04-30 20:12 . 2010-04-30 20:12 -------- d-----w- c:\documents and settings\Abc\Application Data\GameRanger
2010-04-30 07:27 . 2010-04-30 07:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Scrabble2009
2010-04-30 07:06 . 2009-02-24 13:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-04-30 07:06 . 2010-04-30 07:06 -------- d-----w- c:\program files\MagicDisc
2010-04-29 14:52 . 2010-04-29 14:52 -------- d-----w- C:\FOUND.064
2010-04-28 09:21 . 2010-04-28 09:21 -------- d-----w- c:\documents and settings\Abc\Application Data\Malwarebytes
2010-04-28 09:16 . 2010-03-29 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 09:16 . 2010-04-28 09:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-28 09:16 . 2010-03-29 19:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 07:23 . 2010-04-28 07:28 562996 ----a-w- c:\documents and settings\Abc\Application Data\IDM\DwnlData\Abc\SoftonicEN_vlc-1.0.5-win32_211\SoftonicEN_vlc-1.0.5-win32.exe
2010-04-27 14:25 . 2010-04-27 14:25 -------- d-----w- C:\FOUND.063
2010-04-26 21:30 . 2010-04-26 21:30 1216176 ----a-w- c:\documents and settings\Abc\Application Data\GameRanger\GameRanger\GameRanger.exe
2010-04-25 10:56 . 2010-04-25 10:56 -------- d-----w- C:\FOUND.062
2010-04-24 01:55 . 2010-04-24 01:55 -------- d-----w- C:\FOUND.061
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- C:\FOUND.060
2010-04-21 20:14 . 2010-04-21 20:14 -------- d-----w- C:\FOUND.059
2010-04-21 03:45 . 2010-04-21 03:45 -------- d-----w- C:\FOUND.058
2010-04-19 14:08 . 2010-04-19 14:08 -------- d-----w- C:\TC
2010-04-16 20:30 . 2010-04-16 20:30 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-15 19:47 . 2010-04-15 19:47 -------- d-----w- c:\program files\Common Files\Motive
2010-04-15 19:12 . 2010-04-15 19:12 -------- d-----w- C:\FOUND.057
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 05:28 . 2010-01-16 13:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-01 11:03 . 2006-02-28 06:30 29392 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-04-26 20:50 . 2009-11-21 09:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-15 19:48 . 2010-04-15 19:48 2232 ----a-w- c:\windows\java\Packages\Data\LRPRDB1B.DAT
2010-04-15 19:48 . 2010-04-15 19:48 155995 ----a-w- c:\windows\java\Packages\RXJ9VLRB.ZIP
2010-04-15 19:48 . 2010-04-15 19:48 2678 ----a-w- c:\windows\java\Packages\Data\1RJLFVV5.DAT
2010-04-15 19:48 . 2010-04-15 19:48 2678 ----a-w- c:\windows\java\Packages\Data\LV5F3T3T.DAT
2010-04-15 19:48 . 2010-04-15 19:48 2678 ----a-w- c:\windows\java\Packages\Data\XZP7HBNT.DAT
2010-04-15 19:48 . 2010-04-15 19:48 2678 ----a-w- c:\windows\java\Packages\Data\3ZT3VX7X.DAT
2010-04-15 19:48 . 2010-04-15 19:48 2678 ----a-w- c:\windows\java\Packages\Data\2AFFZD7L.DAT
2010-04-15 19:48 . 2010-04-15 19:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Motive
2010-04-10 21:12 . 2010-04-10 21:11 -------- d-----w- c:\documents and settings\Abc\Application Data\Mchid
2010-04-10 21:12 . 2010-04-10 21:11 -------- d-----w- c:\documents and settings\Abc\Application Data\Livestation
2010-04-10 21:11 . 2010-04-10 20:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-10 21:11 . 2010-04-10 20:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-10 20:57 . 2010-04-10 20:42 234 ----a-w- c:\documents and settings\Abc\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-04-10 20:43 . 2010-04-10 20:42 -------- d-----w- c:\documents and settings\Abc\Application Data\TVU networks
2010-04-10 20:43 . 2010-04-10 20:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TVU Networks
2010-04-03 20:40 . 2010-04-03 20:40 -------- d-----w- c:\program files\Clean Ram
2010-04-03 11:45 . 2010-04-03 11:45 -------- d-----w- c:\documents and settings\Abc\Application Data\DAEMON Tools Lite
2010-04-03 11:45 . 2010-04-03 11:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
2010-03-30 12:47 . 2010-03-30 12:47 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-24 12:43 . 2010-03-24 12:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2010-03-23 08:38 . 2010-03-23 08:38 -------- d-----w- c:\program files\Boson Software
2010-03-23 08:38 . 2010-03-23 08:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Boson Software
2010-03-23 06:57 . 2010-03-23 06:57 -------- d-----w- c:\program files\PowerISO
2010-03-23 06:51 . 2010-03-23 06:50 -------- d-----w- c:\program files\MagicISO
2010-03-22 17:40 . 2009-11-20 07:30 23376 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-21 06:34 . 2010-03-21 06:34 -------- d-----w- c:\program files\Panda Security
2010-03-20 14:40 . 2010-03-20 14:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-03-20 14:40 . 2010-03-20 14:40 -------- d-----w- c:\documents and settings\Abc\Application Data\SUPERAntiSpyware.com
2010-03-09 14:37 . 2010-03-07 14:41 16 ----a-w- c:\windows\popcinfo.dat
2010-02-18 23:52 . 2010-02-18 23:52 48816 ----a-w- c:\documents and settings\Abc\Application Data\GameRanger\GameRanger\Data\GameRangerLaunch.dll
2010-02-18 23:52 . 2010-02-18 23:52 155312 ----a-w- c:\documents and settings\Abc\Application Data\GameRanger\GameRanger\Data\GameRanger.dll
2009-12-11 18:03 . 2009-12-11 18:01 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
1998-12-09 03:23 . 1998-12-09 03:23 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 03:23 . 1998-12-09 03:23 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 03:23 . 1998-12-09 03:23 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 03:23 . 1998-12-09 03:23 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 03:23 . 1998-12-09 03:23 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 03:23 . 1998-12-09 03:23 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2010-03-25 202240]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"ISTray"="e:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-02-28 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 10:58 352256 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Abc^Start Menu^Programs^Startup^ihaupd32.exe]
[HKLM\~\startupfolder\C:^Documents and Settings^Abc^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Abc^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Abc^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nodenable
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 09:24 2343120 ----a-w- e:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 13:33 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-02-28 06:30 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 07:04 2772992 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2009-07-12 10:53 1958400 ------w- c:\program files\Indiagames GoD\GPlayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-21 07:04 136176 ----a-w- c:\documents and settings\Abc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 10:20 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-03-22 15:18 192512 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-04-02 11:35 2794928 ----a-w- e:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 05:02 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 05:06 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 05:05 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-03-09 03:10 1286608 ----a-w- e:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-05-16 05:28 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-05-16 05:28 213936 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-16 05:28 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-10-01 13:27 289576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
2009-12-11 15:12 4431872 ----a-w- e:\program files\Livestation\Livestation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 05:46 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 10:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 09:39 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
2010-03-26 11:18 2708312 ----a-w- e:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 10:47 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 10:52 577536 ----a-r- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-30 11:47 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-09-03 08:37 1576176 ----a-w- e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-28 08:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-02-27 14:47 1165192 ----a-w- e:\program files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- e:\program files\Winamp\5.56\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\games\\scrabble 2009\\ScrabblePCR.exe"=
"d:\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Documents and Settings\\Abc\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/4/2010 12:00 PM 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/13/2010 1:57 AM 218592]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [3/17/2010 10:27 AM 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [3/17/2010 10:24 AM 41680]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/8/2010 12:23 PM 380928]
R2 Browser Defender Update Service;Browser Defender Update Service;e:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [5/13/2010 2:46 AM 112592]
R2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
R2 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\pctsAuxs.exe [5/13/2010 1:57 AM 366840]
R2 X4HS32Ex;X4HS32Ex;c:\program files\Indiagames GoD\X4HS32Ex.sys [5/9/2010 5:41 PM 54816]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2/12/2010 8:34 PM 110096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/21/2009 2:43 PM 691696]
S3 Avgfwdx;Avgfwdx; [x]
S3 Avgfwfd;AVG network filter service; [x]
S3 E3dInst;E3dInst;c:\windows\system32\drivers\e3dinst.sys [3/7/2010 12:12 PM 4832]
S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [5/13/2010 6:57 PM 44520]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 8:34 PM 99152]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1532298954-1801674531-1004Core.job
- c:\documents and settings\Abc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-21 07:04]
2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bsnl.indiagames.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
IE: Download all links with IDM - e:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - e:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Abc\Application Data\Mozilla\Firefox\Profiles\610splxq.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.google.co.in
FF - component: c:\documents and settings\Abc\Application Data\Mozilla\Firefox\Profiles\610splxq.default\extensions\{04bd2b71-ec42-4848-8030-014740a6646c}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Abc\Application Data\Mozilla\Firefox\Profiles\610splxq.default\extensions\{04bd2b71-ec42-4848-8030-014740a6646c}\components\RadioWMPCore.dll
FF - component: c:\program files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Indiagames GoD\npExentCtl.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np_blinkx_plugin.dll
FF - plugin: e:\program files\VideoLAN\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 13:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-527237240-1532298954-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74759D79-B019-4122-6591-045776700DC0}*]
"bage"=hex:66,61,65,6a,6a,61,63,6f,6a,6a,6e,63,00,0b
[HKEY_USERS\S-1-5-21-527237240-1532298954-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F78C385E-F01B-B68C-4B81-EAA16803589C}*]
"abhmnkbjoghobaibpihegmnleiockchldn"=hex:65,62,68,6f,66,6a,70,6f,61,6b,66,6c,
68,6b,63,6a,68,69,68,70,61,6c,65,70,6c,69,67,6a,66,6c,6e,6e,66,65,6c,61,6b,\
"bbhmnkbjoghobaibpigehopbnlmpekjmmgbe"=hex:61,62,64,6f,67,67,68,6b,64,62,62,68,
64,6f,64,66,69,69,63,63,6d,66,6f,6b,66,67,69,65,63,65,68,6b,65,68,00,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{09dcfa36-992d-45f4-b9fe-ba1136a15c1d}]
@Denied: (Full) (Everyone)
"Model"=dword:00000025
"Therad"=dword:0000000f
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):85,1e,8e,79,f1,2a,aa,5e,f0,b8,b9,73,a7,68,5e,c6,f7,0a,0e,9f,95,
4c,f4,d0,8c,30,5f,de,c9,2c,96,91,3e,91,33,78,1e,b7,a2,aa,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1440)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\Abc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Abc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
- - - - - - - > 'explorer.exe'(240)
e:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
e:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Completion time: 2010-05-14 13:22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 07:52
Pre-Run: 6,610,616,320 bytes free
Post-Run: 6,524,633,088 bytes free
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
- - End Of File - - BB757E3FC000BD6FA606B7D37F1337BC
May 14, 2010 at 04:25 AM
Looks good. How is your system behaving now?
May 14, 2010 at 02:22 PM
May 14, 2010 at 04:26 PM
1. Your computer is slow?
2. You can't update your antivirus?
Please post a Hyjackthis log:
http://free.antivirus.com/hijackthis/