Everything looks fine in these logs? I just want to make sure

chibicitiberiu · Aug 19, 2008

I ran HiJack This and this is the log

Code:

Logfile of HijackThis v1.99.1
Scan saved at 5:59:56 PM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: RDS & RCS.lnk = ?
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46744CA6-8636-4F3E-8AAA-F6E163C240CC}: NameServer = 213.154.124.1 193.231.252.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Is it clean?

Also here is the ComboFix log:

Code:

ComboFix 08-08-18.05 - Tiberiu 2008-08-19 17:54:24.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1062 [GMT 3:00]
Running from: D:\WebDownloads\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Tiberiu\UserData
C:\Documents and Settings\Tiberiu\UserData\3U3C5VQE\YL[1].xml
C:\Documents and Settings\Tiberiu\UserData\index.dat

.
(((((((((((((((((((((((((   Files Created from 2008-07-19 to 2008-08-19  )))))))))))))))))))))))))))))))
.

2008-08-19 17:53 . 2008-08-19 17:54	<DIR>	d--------	C:\327882R2FWJFW
2008-08-19 17:18 . 2008-08-19 17:18	<DIR>	d--------	C:\HijackThis
2008-08-19 16:15 . 2008-08-19 16:16	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\Cakewalk
2008-08-19 16:14 . 2008-08-19 16:14	118,784	--a------	C:\WINDOWS\dsdxirmv.exe
2008-08-19 16:05 . 2006-02-24 10:00	487,424	--a------	C:\WINDOWS\system32\msvcp70.dll
2008-08-19 16:05 . 2006-11-30 15:49	368,640	--a------	C:\WINDOWS\system32\ReWire.dll
2008-08-19 16:05 . 2006-02-24 10:00	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll
2008-08-19 16:05 . 2004-04-13 14:48	233,472	--a------	C:\WINDOWS\system32\REX Shared Library.dll
2008-08-19 16:04 . 2008-08-19 16:13	<DIR>	d--------	C:\Program Files\Cakewalk
2008-08-19 16:04 . 2008-08-19 16:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-08-19 16:04 . 2008-08-19 17:04	<DIR>	d--------	C:\Cakewalk Projects
2008-08-19 15:55 . 2008-08-19 15:55	<DIR>	d--------	C:\Program Files\PowerISO
2008-08-19 13:24 . 2005-07-25 09:13	1,201,664	-ra------	C:\WINDOWS\system32\xgusb.cpl
2008-08-19 13:24 . 2005-07-25 09:13	14,464	-ra------	C:\WINDOWS\system32\drivers\ymidusb.sys
2008-08-19 13:06 . 2008-08-19 13:11	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\Anvil Studio
2008-08-19 13:05 . 2008-08-19 13:06	<DIR>	d--------	C:\Program Files\Anvil Studio
2008-08-19 08:08 . 2008-08-19 08:08	<DIR>	d--------	C:\Documents and Settings\User\Application Data\VMware
2008-08-18 13:02 . 2008-08-18 13:02	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\Styler
2008-08-18 12:55 . 2008-08-18 12:55	8,294,454	--a------	C:\WINDOWS\startup.bmp
2008-08-18 12:55 . 2008-04-14 05:42	218,624	--a------	C:\WINDOWS\system32\uxtheme.backup
2008-08-18 12:50 . 2008-08-18 12:56	<DIR>	d--------	C:\WINDOWS\VistaMizer
2008-08-16 21:17 . 2008-08-16 21:17	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-16 17:25 . 2008-08-16 17:25	<DIR>	d--------	C:\Program Files\QuickTime
2008-08-16 17:10 . 2007-02-20 16:04	2,463,976	--a------	C:\WINDOWS\system32\NPSWF32.dll
2008-08-16 17:10 . 2007-02-20 16:04	190,696	--a------	C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-08-16 17:04 . 2008-08-16 17:04	<DIR>	d--------	C:\Program Files\Bonjour
2008-08-16 17:00 . 2008-08-16 17:00	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-08-15 16:57 . 2003-06-25 16:05	266,360	--a------	C:\WINDOWS\system32\TweakUI.exe
2008-08-15 16:57 . 2002-06-21 15:09	160,217	--a------	C:\WINDOWS\system32\PowerToysLicense.rtf
2008-08-15 16:56 . 2008-08-15 17:14	<DIR>	d--------	C:\WINDOWS\Downloaded Installations
2008-08-15 16:54 . 2008-08-15 16:54	<DIR>	d--------	C:\WINDOWS\system32\Futuremark
2008-08-13 12:57 . 2008-08-19 17:38	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\VMware
2008-08-13 12:56 . 2008-08-19 17:38	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-13 12:55 . 2008-03-03 20:11	436,784	--a------	C:\WINDOWS\system32\vnetlib.dll
2008-08-13 12:55 . 2008-03-03 20:12	150,064	--a------	C:\WINDOWS\system32\vmnat.exe
2008-08-13 12:55 . 2008-03-03 20:13	121,392	--a------	C:\WINDOWS\system32\vmnetdhcp.exe
2008-08-13 12:55 . 2008-03-03 20:10	50,992	-ra------	C:\WINDOWS\system32\vmnetbridge.dll
2008-08-13 12:55 . 2008-03-03 20:10	28,592	-ra------	C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-08-13 12:55 . 2008-03-03 20:14	25,136	--a------	C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-08-13 12:55 . 2008-03-03 20:13	20,912	--a------	C:\WINDOWS\system32\drivers\VMkbd.sys
2008-08-13 12:55 . 2008-03-03 20:10	17,712	-ra------	C:\WINDOWS\system32\drivers\vmnet.sys
2008-08-13 12:55 . 2008-03-03 20:10	16,816	-ra------	C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-08-13 12:55 . 2008-03-03 20:10	13,104	-ra------	C:\WINDOWS\system32\vnetinst.dll
2008-08-13 12:54 . 2008-08-19 17:38	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\VMware
2008-08-13 12:53 . 2008-08-13 12:53	<DIR>	d--------	C:\Program Files\VMware
2008-08-13 12:53 . 2008-08-13 12:53	<DIR>	d--------	C:\Program Files\Common Files\VMware
2008-08-13 11:03 . 2008-08-13 11:03	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-08-13 09:19 . 1999-12-17 09:13	86,016	--a------	C:\WINDOWS\unvise32.exe
2008-08-13 07:53 . 2008-04-11 22:04	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 07:53 . 2008-05-01 17:33	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 16:11 . 2008-08-12 16:11	<DIR>	d--------	C:\Program Files\NeoSpeech
2008-08-12 16:08 . 2008-08-12 21:29	<DIR>	d--------	C:\Program Files\TextAloud
2008-08-12 13:22 . 	<DIR>		C:\WINDOWS\Mafia
2008-08-12 13:22 . 	<DIR>		C:\Program Files\Mafia
2008-08-11 22:21 . 2008-08-11 22:21	<DIR>	d--------	C:\Documents and Settings\User\Application Data\ATI
2008-08-11 22:20 . 2008-08-11 22:20	<DIR>	d--------	C:\Documents and Settings\User
2008-08-11 11:25 . 2008-08-11 11:25	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\vlc
2008-08-10 21:00 . 2008-08-10 21:00	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-10 16:27 . 2008-08-10 16:27	<DIR>	d--------	C:\Program Files\VideoLAN
2008-08-09 22:51 . 2008-08-09 22:51	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-08-09 16:49 . 2008-06-13 14:05	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-09 16:48 . 2008-05-08 17:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-09 16:45 . 2008-08-13 17:27	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2008-08-09 16:43 . 2008-08-09 16:43	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-09 16:29 . 2008-08-09 16:29	<DIR>	d--------	C:\Program Files\Yahoo!
2008-08-09 13:15 . 2008-08-09 13:15	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\ATI
2008-08-09 13:15 . 2008-08-09 13:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ATI
2008-08-09 12:36 . 2008-08-09 12:36	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-09 12:33 . 2008-08-16 17:55	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-08-09 12:07 . 2008-08-09 12:16	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2008
2008-08-09 12:07 . 2008-08-09 12:07	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 12:07 . 2008-08-09 12:07	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\TuneUp Software
2008-08-09 12:07 . 2008-08-09 12:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-09 12:07 . 2008-08-09 12:16	355,584	--a------	C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-09 12:07 . 2008-05-29 09:28	28,416	--a------	C:\WINDOWS\system32\uxtuneup.dll
2008-08-09 12:06 . 2008-08-09 12:06	<DIR>	d--------	C:\Program Files\CheMax
2008-08-09 11:45 . 2008-08-09 11:45	<DIR>	d--------	C:\Program Files\uTorrent
2008-08-09 11:45 . 2008-08-19 17:48	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\uTorrent
2008-08-09 11:42 . 2008-08-09 11:42	<DIR>	d--------	C:\WINDOWS\Logs
2008-08-09 11:32 . 2008-08-09 11:32	<DIR>	d--------	C:\WINDOWS\system32\Lang
2008-08-09 11:32 . 2008-08-09 11:32	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav
2008-08-09 11:32 . 2008-08-09 11:32	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav
2008-08-09 11:32 . 2008-08-09 11:32	60,416	--a------	C:\WINDOWS\ALCFDRTM.VER
2008-08-09 11:32 . 2008-08-09 11:32	60,416	--a------	C:\WINDOWS\ALCFDRTM.EXE
2008-08-09 11:30 . 2008-08-09 11:30	0	--a------	C:\WINDOWS\ativpsrm.bin
2008-08-09 11:28 . 2008-08-09 11:28	<DIR>	d--------	C:\Program Files\Realtek AC97
2008-08-09 11:26 . 2008-08-09 11:26	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\HP
2008-08-09 11:23 . 2008-08-09 11:23	<DIR>	d--------	C:\Program Files\Common Files\HP
2008-08-09 11:23 . 2008-08-09 11:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\HP
2008-08-09 11:21 . 2008-08-09 11:21	<DIR>	d--------	C:\Program Files\Hewlett-Packard
2008-08-09 11:20 . 2008-08-09 11:20	<DIR>	d--------	C:\Program Files\Common Files\Hewlett-Packard
2008-08-09 11:19 . 2005-10-14 22:42	46,592	--a------	C:\WINDOWS\system32\hpzll43a.dll
2008-08-09 11:18 . 2008-08-09 11:18	<DIR>	d--------	C:\Program Files\Windows Media Connect 2
2008-08-09 11:17 . 2008-08-09 11:23	<DIR>	d--------	C:\Program Files\HP
2008-08-09 11:17 . 2008-04-14 00:15	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-09 11:17 . 2008-04-14 00:15	32,128	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-09 11:17 . 2008-04-14 00:15	26,368	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 11:17 . 2008-04-14 00:17	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-09 11:17 . 2008-04-14 00:17	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-09 11:16 . 2008-08-09 11:16	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-08-09 11:16 . 2008-08-09 11:17	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-08-09 11:16 . 2008-08-09 11:26	110,055	--a------	C:\WINDOWS\hpoins08.dat
2008-08-09 11:16 . 2005-10-28 04:24	49,664	--a------	C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-09 11:16 . 2005-10-28 04:24	21,568	--a------	C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-09 11:16 . 2005-10-28 04:24	16,496	--a------	C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-09 11:16 . 2006-01-24 09:15	7,577	---------	C:\WINDOWS\hpomdl08.dat
2008-08-09 11:14 . 2005-10-29 02:11	614,400	--a------	C:\WINDOWS\system32\hpotscl2.dll
2008-08-09 11:14 . 2005-10-29 02:11	602,112	--a------	C:\WINDOWS\system32\hpowiax2.dll
2008-08-09 11:14 . 2005-10-28 04:23	282,624	--a------	C:\WINDOWS\system32\HPZc3212.dll
2008-08-09 11:14 . 2005-10-29 02:11	254,026	--a------	C:\WINDOWS\system32\hpovst09.dll
2008-08-09 11:14 . 2005-09-10 02:28	98,304	--a------	C:\WINDOWS\system32\hpzjsn01.dll
2008-08-09 11:14 . 2005-03-22 15:48	77,824	--a------	C:\WINDOWS\system32\hpzids01.dll
2008-08-09 11:07 . 2008-08-09 11:07	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-08-09 11:07 . 2008-08-09 11:07	<DIR>	d--------	C:\Program Files\Vimicro
2008-08-09 11:07 . 2008-08-09 11:07	<DIR>	d--------	C:\Documents and Settings\Tiberiu\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 14:39	---------	d-----w	C:\Program Files\Mozilla Thunderbird
2008-08-18 09:55	218,624	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-08-16 19:48	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-08-09 14:27	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-09 07:47	97,928	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-09 07:47	76,040	----a-w	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-09 07:47	12,936	----a-w	C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-09 07:47	10,520	----a-w	C:\WINDOWS\system32\avgrsstx.dll
2008-08-09 07:46	---------	d-----w	C:\Program Files\ATI Technologies
2008-08-09 07:45	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-09 07:37	---------	d-----w	C:\Documents and Settings\Tiberiu\Application Data\Thunderbird
2008-08-09 07:31	---------	d-----w	C:\Program Files\AVG
2008-08-09 07:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-09 07:15	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2008-08-09 07:15	---------	d-----w	C:\Documents and Settings\Tiberiu\Application Data\DAEMON Tools
2008-08-09 07:07	---------	d-----w	C:\Program Files\microsoft frontpage
2008-07-07 20:26	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-07 07:40	56,108	----a-w	C:\WINDOWS\system32\drivers\scdemu.sys
2008-07-04 06:33	3,230,720	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48	9,490,432	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25	421,888	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23	309,248	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14	184,320	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14	143,360	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13	139,264	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12	561,152	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06	253,952	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00	3,786,144	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49	2,140,672	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34	48,640	----a-w	C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30	348,160	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29	32,768	----a-w	C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28	53,248	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25	5,439,488	----a-w	C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22	565,248	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-07-03 18:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-06-24 16:43	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09	811,008	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51	361,600	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40	138,496	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08	225,856	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-30 11:19	507,400	----a-w	C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 11:18	238,088	----a-w	C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 11:17	65,032	----a-w	C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 11:17	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 11:11	467,984	----a-w	C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 11:11	3,850,760	----a-w	C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 11:11	1,491,992	----a-w	C:\WINDOWS\system32\D3DCompiler_38.dll
.

------- Sigcheck -------

2008-04-21 09:24  666624  26f240c250e5b4b395cb4b178ba75437	C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 17:54  666624  972299b7241ec325d8c7e5638c884925	C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2004-08-04 15:00  656384  c0823fc5469663ba63e7db88f9919d70	C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2008-04-14 05:42  666112  7a4f775abb2f1c97def3e73afa2faedd	C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2008-04-21 09:44  666112  2b0c24aa747a93a28987b6d65a4a74bc	C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-23 18:09  811008  900c6b9859eafb53b120e7e0ecd34899	C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-23 18:09  811008  900c6b9859eafb53b120e7e0ecd34899	C:\WINDOWS\system32\wininet.dll
2008-06-23 18:09  811008  900c6b9859eafb53b120e7e0ecd34899	C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 18:09  666112  f12fbb673de9cc802c5dc518fe99aa2f	C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 15:00  502272  01c3346c241652f43aed8e2149881bfe	C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42  547328  a55b8899d2ea2e800061bcfd456e34dc	C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42  547328  a55b8899d2ea2e800061bcfd456e34dc	C:\WINDOWS\system32\winlogon.exe
2008-04-14 05:42  507904  ed0ef0a136dec83df69f04118870003e	C:\WINDOWS\VistaMizer\old\winlogon.exe

2004-08-04 15:00  2015232  fb142b7007ca2eea76966c6c5cc12150	C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 00:01  2280960  c8e7aeeef81d5fe655ccf69e8217beb3	C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01  2280960  c8e7aeeef81d5fe655ccf69e8217beb3	C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 00:01  2023936  7f653a89f6e89e3ae0d49830eece35d4	C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2004-08-04 15:00  2148352  626309040459c3915997ef98ec1c8d40	C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 00:54  2402304  f129fb11f0871750888aebc3f7b3ce7d	C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:54  2402304  f129fb11f0871750888aebc3f7b3ce7d	C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 00:54  2145280  40f8880122a030a7e9e1fedea833b33d	C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 05:42  1551872  c26978d5f821a7330439dd7f0aaaf678	C:\WINDOWS\explorer.exe
2004-08-04 15:00  1032192  a0732187050030ae399b241436565e64	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 05:42  1551872  c26978d5f821a7330439dd7f0aaaf678	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42  1033728  12896823fb95bfb3dc9b46bcaedc9923	C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 15:00  15360  24232996a38c0b0cf151c2140ae29fc8	C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42  25088  b5e8782d4af1b3756f38e11e7c157bbe	C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42  25088  b5e8782d4af1b3756f38e11e7c157bbe	C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3	C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 25088]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 15:11 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-09 10:47 1235736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 17:54 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10 55856]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 10:34 167936]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 25088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Downloads\\Counter-Strike 1.6 + Half-Life\\hl.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-09 10:47]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-09 10:47]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 20:13]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 10:47]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-09 10:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-09 12:16]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

chibicitiberiu · Aug 19, 2008

(part 2)

Code:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc1da3e2-6705-11dd-823d-00138f83cfba}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs
.
Contents of the 'Scheduled Tasks' folder

2008-08-19 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BigDog303 - C:\WINDOWS\VM303_STI.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tiberiu\Application Data\Mozilla\Firefox\Profiles\6f3uo42y.default\
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 17:56:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

*****************************************
.
Completion time: 2008-08-19 17:57:39
ComboFix-quarantined-files.txt  2008-08-19 14:57:16

Pre-Run: 34,650,599,424 bytes free
Post-Run: 34,639,802,368 bytes free

317	--- E O F ---	2008-08-13 14:28:03

There is anything I should worry about in these logs?

cohen · Aug 19, 2008

What did you run first, hijackthis or combo fix???

Thanks.

chibicitiberiu · Aug 20, 2008

combofix than hijack this

cohen · Aug 20, 2008

Well i can see nothing.....

chibicitiberiu · Aug 20, 2008

So it's all clear, i don't have malicious software.

Thanks for help.

cohen · Aug 20, 2008

But can you pls download the latest hijackthis, and post a fresh hijackthis log.

chibicitiberiu · Aug 20, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:24 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Domino.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RDS & RCS.lnk = ?
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46744CA6-8636-4F3E-8AAA-F6E163C240CC}: NameServer = 213.154.124.1 193.231.252.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5707 bytes

chibicitiberiu · Aug 20, 2008

and in this last log there is a change: i changed my antivirus (instead of AVG is now Kaspersky)

Everything looks fine in these logs? I just want to make sure

chibicitiberiu

New Member

Attachments

chibicitiberiu

New Member

cohen

New Member

chibicitiberiu

New Member

cohen

New Member

chibicitiberiu

New Member

cohen

New Member

chibicitiberiu

New Member

chibicitiberiu

New Member