Help reading logs
Page 1 of 5 123 ... LastLast
Results 1 to 15 of 61

Thread: Help reading logs

  1. March 14th, 2010, 04:16 PM #1
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    Help reading logs

    I tried running the virus scans suggested and could not get them to complete. Attached below are the logs from Malwarebytes and GMER. I will post the Hijack this log next


    Malwarebytes' Anti-Malware 1.44
    Database version: 3865
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/13/2010 4:31:59 PM
    mbam-log-2010-03-13 (16-31-59).txt

    Scan type: Quick Scan
    Objects scanned: 124274
    Time elapsed: 10 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Reply With Quote Reply With Quote
  2. March 14th, 2010, 04:18 PM #2
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    GMER

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-03-14 00:10:43
    Windows 5.1.2600 Service Pack 3
    Running: 7rmn0sq1.exe; Driver: C:\DOCUME~1\Ray\LOCALS~1\Temp\kwayafoc.sys
    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA3932FC0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA392FC80]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA394A170]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA3933580]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA3947900]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA3947B10]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA394BB10]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA3933670]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA3930210]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA394A9F0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA394A7A0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA3947280]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA394AF10]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA394AF90]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA3930070]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA3949180]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA3948F40]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA394B6F0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA394B150]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA3932BE0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA394B540]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA3933190]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA3930440]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA394A4E0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA3948200]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA3948080]
    Reply With Quote Reply With Quote
  3. March 14th, 2010, 04:19 PM #3
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    second part of GMER log (too big for one post)

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501C5C 12 Bytes [80, 35, 93, A3, 00, 79, 94, ...] {XOR BYTE [0x7900a393], 0x94; MOV [0xa3947b10], EAX}
    ? srescan.sys The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A3935E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A3935E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A3935E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A3935E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A3937B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A3935E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A3938260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A3937930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM\aim.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.
    Reply With Quote Reply With Quote
  4. March 14th, 2010, 04:20 PM #4
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    Hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:10:42 PM, on 3/14/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Driver Fetch\2.1.0.0\DriverFetch.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MP3Bar - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files\Fiesta Download Manager\mp3bar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Driver Fetch] "C:\Program Files\Driver Fetch\2.1.0.0\DriverFetch.exe" --start-trayed
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1258940716859
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductA...eX_Control.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-29-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 11285 bytes
    Reply With Quote Reply With Quote
  6. March 14th, 2010, 06:43 PM #5
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    What are the issues?
    My Home Page
    Reply With Quote Reply With Quote
  7. March 14th, 2010, 07:59 PM #6
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236
    Erratic performance. I will try to connect to the INTERNET and the page takes forever to load. If I close the browser and go into the same page it will load fine or experience that same problem. I think the same thing happen with my mail handler. Its strange because it seems like everything work great sometimes and then things don't respond
    Reply With Quote Reply With Quote
  8. March 14th, 2010, 08:05 PM #7
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    What type of connection do you have? What is the advertised speed?
    What are your numbers from here: http://www.speedtest.net/

    What browser/version? Did you try different browser?
    My Home Page
    Reply With Quote Reply With Quote
  9. March 14th, 2010, 08:35 PM #8
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    Speed test

    IE and Firefox seem to both have trouble. I tried Opera and it seems to work fine. I ran the test in IE and could not get it to work. I ran it in firefox and the same. When I ran it in Opera it worked great. Attached is the result

    Reply With Quote Reply With Quote
  11. March 14th, 2010, 08:59 PM #9
    Train
    Train is offline Friend of Site Staff
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,391
    What does your plan say you should get?

    Are you wired or wireless?
    Reply With Quote Reply With Quote
  12. March 14th, 2010, 09:14 PM #10
    crunchie's Avatar
    crunchie
    crunchie is offline Single dad
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Quote Originally Posted by techforay View Post
    IE and Firefox seem to both have trouble. I tried Opera and it seems to work fine. I ran the test in IE and could not get it to work. I ran it in firefox and the same. When I ran it in Opera it worked great. Attached is the result
    Once the problem is fixed, stick with Opera anyway .
    Reply With Quote Reply With Quote
  13. March 14th, 2010, 09:47 PM #11
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    What does your plan say you should get?
    We need to know this to establish, if you have connection problem, or browser(s) problems.
    My Home Page
    Reply With Quote Reply With Quote
  14. March 15th, 2010, 08:35 PM #12
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236

    speed

    My plan says 1.5 mbps down and 1.0 up. Just for additional information when the page locks up I check the performance in my task manager and it is not showing much happening
    Reply With Quote Reply With Quote
  15. March 15th, 2010, 08:39 PM #13
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236
    addition information. When I attempted to post the above post the page locked up. I closed and went to Opera to repost and the above post was already there.
    Reply With Quote Reply With Quote
  16. March 15th, 2010, 08:43 PM #14
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    My Home Page
    Reply With Quote Reply With Quote
  17. March 15th, 2010, 10:02 PM #15
    techforay
    techforay is offline Virtual Intern
    Join Date
    Jun 2004
    Posts
    236
    ComboFix 10-03-15.04 - Ray 03/15/2010 18:36:57.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1369 [GMT -7:00]
    Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Ray\LOCALS~1\Temp\IadHide3.dll
    c:\documents and settings\Ray\Local Settings\Temp\IadHide3.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
    .

    2010-03-14 17:19 . 2010-03-14 17:19 -------- d-----w- c:\program files\Trend Micro
    2010-03-14 00:09 . 2010-03-14 00:09 -------- d-----w- c:\documents and settings\Ray\Application Data\Malwarebytes
    2010-03-14 00:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-14 00:09 . 2010-03-14 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-14 00:09 . 2010-03-14 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-14 00:09 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-13 21:43 . 2010-03-13 21:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-13 05:10 . 2010-03-13 05:10 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\ATI
    2010-03-13 05:10 . 2010-03-13 05:10 -------- d-----w- c:\documents and settings\Ray\Application Data\ATI
    2010-03-13 05:10 . 2010-03-13 05:10 126 ----a-w- c:\documents and settings\Ray\Local Settings\Application Data\fusioncache.dat
    2010-03-13 05:05 . 2010-03-13 05:05 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2010-03-13 04:33 . 2010-03-13 04:33 -------- d-----w- c:\program files\DIFX
    2010-03-13 04:33 . 2006-07-02 06:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
    2010-03-13 04:13 . 2010-03-13 04:51 -------- d-----w- c:\program files\Setup Files
    2010-03-13 04:11 . 2010-03-13 04:11 -------- d-----w- c:\program files\MSI
    2010-02-27 18:36 . 2010-02-27 18:36 -------- d-----w- c:\documents and settings\Ray\Application Data\Leadertech
    2010-02-27 18:36 . 2010-02-27 18:36 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\Logishrd
    2010-02-27 18:36 . 2010-03-13 04:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-02-27 18:36 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2010-02-27 18:34 . 2010-03-13 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
    2010-02-27 18:28 . 2010-03-13 04:06 -------- d-----w- c:\program files\Common Files\LogiShrd
    2010-02-27 18:28 . 2010-02-27 18:29 -------- d-----w- c:\documents and settings\Ray\Application Data\Logishrd
    2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- c:\documents and settings\Ray\Application Data\Blitware
    2010-02-27 18:20 . 2010-02-27 18:20 -------- d-----w- c:\program files\Driver Fetch
    2010-02-24 07:43 . 2010-02-27 01:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-24 03:44 . 2009-05-18 22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-02-24 03:44 . 2008-04-17 21:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-02-24 03:43 . 2010-02-24 03:43 -------- d-----w- c:\program files\iPod
    2010-02-24 03:43 . 2010-02-24 03:44 -------- d-----w- c:\program files\iTunes
    2010-02-24 03:42 . 2010-02-24 03:42 -------- d-----w- c:\program files\QuickTime
    2010-02-24 00:26 . 2010-02-24 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
    2010-02-24 00:26 . 2010-03-13 05:09 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\ApplicationHistory
    2010-02-24 00:26 . 2010-02-24 00:26 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\Broderbund Software
    2010-02-23 01:22 . 2004-10-08 01:16 35840 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
    2010-02-23 01:22 . 2010-02-23 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund Software
    2010-02-23 01:21 . 2010-02-23 02:50 -------- d-----w- c:\program files\Web Publish
    2010-02-23 01:21 . 2003-07-08 19:45 970752 ----a-w- c:\windows\system32\cdintf210.dll
    2010-02-23 01:17 . 2010-02-23 01:17 -------- d-----w- c:\program files\Common Files\Broderbund
    2010-02-23 01:17 . 2010-02-24 00:28 -------- d-----w- c:\program files\The Print Shop 21
    2010-02-23 01:15 . 2010-02-23 01:15 -------- d-----w- c:\windows\system32\URTTEMP
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\documents and settings\Ray\Application Data\acccore
    2010-02-21 02:46 . 2010-02-21 02:48 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\AIM
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\AOL
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\program files\AIM
    2010-02-21 02:46 . 2010-02-21 02:46 -------- d-----w- c:\program files\Common Files\AOL
    2010-02-21 02:42 . 2001-08-18 06:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
    2010-02-21 02:42 . 2001-08-18 06:36 61952 ----a-w- c:\windows\system32\Icam4EXT.dll
    2010-02-21 02:42 . 2001-08-17 22:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
    2010-02-21 02:42 . 2001-08-17 22:06 154496 ----a-w- c:\windows\system32\drivers\Icam4USB.sys
    2010-02-21 02:42 . 2001-08-18 06:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
    2010-02-21 02:42 . 2001-08-18 06:36 91136 ----a-w- c:\windows\system32\icam4com.dll
    2010-02-21 02:42 . 2008-04-14 13:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-02-21 02:42 . 2008-04-14 13:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-02-17 05:42 . 2010-03-08 00:39 -------- d-----w- c:\documents and settings\Ray\Application Data\gtk-2.0
    2010-02-17 05:41 . 2010-03-11 09:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Fiesta Download Manager
    2010-02-17 05:41 . 2010-02-17 05:41 -------- d-----w- c:\program files\Fiesta Download Manager
    2010-02-16 21:00 . 2010-02-16 21:00 -------- d-----w- c:\program files\MSXML 4.0
    2010-02-15 21:02 . 2010-02-15 21:02 -------- d-----w- c:\documents and settings\Ray\Application Data\Canon
    2010-02-15 21:00 . 2006-03-29 14:05 32768 ------w- c:\windows\system32\IJRMF.exe
    2010-02-15 21:00 . 2010-02-15 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
    2010-02-15 21:00 . 2010-02-15 21:00 -------- d-----w- c:\documents and settings\Ray\Application Data\ScanSoft
    2010-02-15 21:00 . 2010-02-15 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2010-02-15 21:00 . 2010-02-15 21:00 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2010-02-15 20:59 . 2010-02-15 20:59 -------- d-----w- c:\program files\ScanSoft
    2010-02-15 20:58 . 2010-02-15 20:58 -------- d-----w- c:\program files\ArcSoft
    2010-02-15 20:58 . 1995-08-01 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2010-02-15 20:57 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
    2010-02-14 17:08 . 2010-02-24 03:24 -------- d-----w- c:\program files\Microsoft
    2010-02-14 17:07 . 2010-02-14 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-02-14 16:55 . 2010-02-14 16:55 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\Opera
    2010-02-14 16:55 . 2010-02-14 16:55 -------- d-----w- c:\program files\Opera
    2010-02-14 16:48 . 2010-02-14 16:48 0 ----a-w- c:\windows\nsreg.dat
    2010-02-14 16:48 . 2010-02-14 16:48 -------- d-----w- c:\documents and settings\Ray\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-16 01:47 . 2009-12-05 02:09 -------- d-----w- c:\documents and settings\Ray\Application Data\Skype
    2010-03-15 00:29 . 2010-03-15 00:26 1925088 ----a-w- c:\documents and settings\Ray\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-03-14 21:18 . 2010-03-14 21:17 7001384 ----a-w- c:\documents and settings\Ray\Application Data\Blitware\DriverFetch\updates\2.2.0.4\driverfetch_setup.exe
    2010-03-13 23:31 . 2009-11-28 06:07 -------- d-----w- c:\program files\PokerStars
    2010-03-13 21:43 . 2010-03-13 21:43 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-03-13 21:43 . 2010-03-13 21:43 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-03-13 21:43 . 2010-03-13 21:43 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-03-13 21:43 . 2009-11-23 05:09 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-03-13 21:43 . 2009-11-23 05:09 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-13 21:43 . 2009-11-23 05:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-13 05:04 . 2009-11-22 17:11 -------- d-----w- c:\program files\ATI Technologies
    2010-03-13 04:06 . 2010-03-13 04:06 53248 ----a-r- c:\documents and settings\Ray\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-03-13 04:05 . 2009-11-23 00:47 -------- d-----w- c:\program files\Logitech
    2010-03-12 14:02 . 2009-12-16 14:37 9312649 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-03-11 15:38 . 2010-03-11 15:40 1921024 ----a-w- c:\windows\Internet Logs\xDB3.tmp
    2010-03-03 20:12 . 2010-03-03 20:11 7099448 ----a-w- c:\documents and settings\Ray\Application Data\Blitware\DriverFetch\updates\2.2.0.3\driverfetch_setup.exe
    2010-03-03 18:12 . 2010-03-03 18:11 7100472 ----a-w- c:\documents and settings\Ray\Application Data\Blitware\DriverFetch\updates\2.2.0.1\driverfetch_setup.exe
    2010-03-03 02:13 . 2010-03-03 01:56 7098784 ----a-w- c:\documents and settings\Ray\Application Data\Blitware\DriverFetch\updates\2.2.0.0\driverfetch_setup.exe
    2010-02-27 18:36 . 2010-02-27 18:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-02-27 18:34 . 2009-11-23 00:47 -------- d-----w- c:\program files\Common Files\Logitech
    2010-02-27 18:33 . 2009-11-22 17:11 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-27 18:28 . 2009-12-05 17:10 -------- d-----w- c:\documents and settings\Ray\Application Data\Logitech
    2010-02-27 18:15 . 2009-12-05 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
    2010-02-27 01:25 . 2009-11-28 05:40 116664 -c-ha-w- c:\windows\system32\mlfcache.dat
    2010-02-24 03:43 . 2009-11-23 05:42 -------- d-----w- c:\program files\Common Files\Apple
    2010-02-24 03:42 . 2009-11-23 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-02-23 02:05 . 2009-11-22 16:52 344272 -c--a-w- c:\documents and settings\Ray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-21 00:08 . 2009-12-05 02:26 -------- d-----w- c:\documents and settings\Ray\Application Data\skypePM
    2010-02-16 02:41 . 2010-02-16 02:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-02-15 21:00 . 2009-11-22 17:11 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-02-15 20:58 . 2009-11-23 05:25 -------- d-----w- c:\program files\Canon
    2010-02-13 23:38 . 2010-02-13 23:38 -------- d-----w- c:\documents and settings\Ray\Application Data\ieSpell
    2010-02-13 23:05 . 2010-02-13 23:05 -------- d-----w- c:\program files\ieSpell
    2010-02-13 15:52 . 2009-11-27 22:08 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-13 15:36 . 2010-02-13 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
    2010-02-13 15:32 . 2010-02-13 15:32 -------- d-----w- c:\documents and settings\Ray\Application Data\TomTom
    2010-02-13 15:32 . 2010-02-13 15:32 -------- d-----w- c:\program files\TomTom International B.V
    2010-02-13 15:32 . 2010-02-13 15:32 -------- d-----w- c:\program files\TomTom HOME 2
    2010-02-10 00:17 . 2010-02-08 01:21 -------- d-----w- c:\documents and settings\Ray\Application Data\licenses
    2010-02-08 01:22 . 2010-02-08 01:21 -------- d-----w- c:\documents and settings\Ray\Application Data\PCMM2009
    2010-02-08 01:21 . 2010-02-08 01:21 -------- d-----w- c:\documents and settings\Ray\Application Data\PCMM2010
    2010-02-06 23:53 . 2010-02-06 23:53 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-01-20 23:52 . 2010-01-20 23:53 1556992 ----a-w- c:\windows\Internet Logs\xDB2.tmp
    2010-01-19 05:07 . 2010-01-19 05:14 1555456 ----a-w- c:\windows\Internet Logs\xDB1.tmp
    2010-01-05 19:10 . 2010-01-05 19:10 64080 ----a-w- c:\documents and settings\Ray\Application Data\Logishrd\SetClean\NonElevatedDll.dll
    2009-12-31 16:50 . 2001-08-23 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-26 00:33 . 2009-12-26 00:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-12-21 19:14 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43 . 2009-11-22 16:16 343040 ----a-w- c:\windows\system32\mspaint.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-10-17 02:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
    "{F6BD6330-76F8-44d9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-02-12 222208]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CLASSES_ROOT\clsid\{f6bd6330-76f8-44d9-b775-87614e2d8374}]
    [HKEY_CLASSES_ROOT\ToolBand.MP3Bar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{09082C8C-70CA-4077-AFBB-C2F85AFC7438}]
    [HKEY_CLASSES_ROOT\ToolBand.MP3Bar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
    "{F6BD6330-76F8-44D9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-02-12 222208]
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules