Forum Home
Press F1
 
Thread ID: 100200 2009-05-29 19:30:00 General clean-up tool needed argus (366) Press F1
Post ID Timestamp Content User
778190 2009-05-31 21:18:00 Speaking of Comodo, I was reading this the other day (forums.comodo.com).

You wont be able to download the screenshots from Comodo (there's 4 zip files), unless you register. Version 4, will include Time (www.youtube.com) Machine (en.wikipedia.org(Apple_software)). So, that'll be interesting to see, once it comes out 		Speedy Gonzales (78)
778191 2009-06-01 02:30:00 Avast is perfect as a "set and go" antivirus easy to use, and keep PCs safe.

It would help if the setup file downloaded properly :(

The initial file avast_home_setup.exe downloads setupeng.exe, but when the progress bar hits the end, I get a notice "There was an error while completing the setup process." I've tried at least three times; same result every time. This is the log (Personal info edited):

01.06.2009 13:06:01 general: Started: 01.06.2009, 13:06:01
01.06.2009 13:06:01 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
01.06.2009 13:06:01 system: Memory: 86% load. Phys:71884/523632K free, Page:606172/1279176K free, Virt:2071428/2097024K free
01.06.2009 13:06:01 system: Computer WinName: XXXXX
01.06.2009 13:06:01 system: Windows Net User: XXXXX\xxxxxx
01.06.2009 13:06:01 general: Old version: ffffffff (-1)
01.06.2009 13:06:01 system: Using temp: C:\DOCUME~1\XXXX~1\LOCALS~1\Temp\_av_inet.tm~a0270 4 (58875M free)
01.06.2009 13:06:02 internet: SYNCER: Type: use IE settings
01.06.2009 13:06:02 internet: SYNCER: Auth: another authentication, use WinInet
01.06.2009 13:06:02 general: Install check: Program folder does NOT exist in registry
01.06.2009 13:06:02 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
01.06.2009 13:06:07 general: progress thread start
01.06.2009 13:06:07 general: Destination: C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\_av_inet.tm~a027 04
01.06.2009 13:06:07 general: Starting download: www.avast.com
01.06.2009 13:08:22 general: Download finished from server download772.avast.com, result: 0x00000000, server response: 200
01.06.2009 13:08:22 general: C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\_av_inet.tm~a027 04\setupeng.exe, size: 34346616. md5: 41E9E1CF2505D79F26F4DF10B9FA1F1D, computemd5 returned 0x00000000, sig: 5C7F57228604358A2671A7BD5BD73FD5C3176FE61A71C108A4 B27DD3F396A8C680EDBBCE305CF9A0 returned 0x00000000
01.06.2009 13:08:22 general: Stats download772.avast.com, server response: 536870923
01.06.2009 13:08:23 general: POST result: 0x00000000, server response: 20

It would be nice if one day things just *worked*. That's one of the few things I liked about Norton!

BTW, when I had Norton removed and Avast not yet loaded, the improvement in startup performance appeared minimal; the initial welcome screen still persisted for about 30 secs, though the desktop icons appeared promptly.

On a second startup folowing the first failed download everything was as slow as ever. The "Welcome" screen showed for 30 secs and the blank wallpaper-only screen for three minutes before any desktop icons appeared.

To keep virus protection pro tem, I have installed Norton 360, which is supposed to be a bit lighter than NIS. Novisible performance improvement, but at least it installs.

I'm beginnign to suspect this is a deeper problem than just Norton. 		argus (366)
778192 2009-06-01 05:59:00 Try the standalone offline version of Avast!:
files.avast.com

And remove norton. Its rubbish. 		Blam (54)
778193 2009-06-01 06:20:00 For best results and quickest fix you should probably follow Pctek's advice. Agent_24 (57)
778194 2009-06-13 19:08:00 Try the standalone offline version of Avast!:
files.avast.com

And remove norton. Its rubbish.


Try the standalone offline version of Avast!:
files.avast.com

And remove norton. Its rubbish.

Tried that. seupeng still downloads corrupt.

This is the log:

13.06.2009 05:57:20 general: Started: 13.06.2009, 05:57:20
13.06.2009 05:57:20 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
13.06.2009 05:57:20 system: Memory: 71% load. Phys:147796/523632K free, Page:889736/1279544K free, Virt:2071428/2097024K free
13.06.2009 05:57:20 system: Computer WinName: XXXX
13.06.2009 05:57:20 system: Windows Net User: XXXX\xxxxx
13.06.2009 05:57:20 general: Old version: ffffffff (-1)
13.06.2009 05:57:20 system: Using temp: C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\_av_inet.tm~a036 08 (59134M free)
13.06.2009 05:57:20 internet: SYNCER: Type: use IE settings
13.06.2009 05:57:20 internet: SYNCER: Auth: another authentication, use WinInet
13.06.2009 05:57:20 general: Install check: Program folder does NOT exist in registry
13.06.2009 05:57:20 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
13.06.2009 05:57:37 internet: SYNCER: Type: use IE settings
13.06.2009 05:57:37 internet: SYNCER: Auth: another authentication, use WinInet
13.06.2009 05:57:37 general: Destination: C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\_av_inet.tm~a036 08
13.06.2009 05:57:37 general: Starting download: www.avast.com
13.06.2009 06:02:08 general: Download finished from server download691.avast.com, result: 0x00000000, server response: 200
13.06.2009 06:02:09 general: C:\DOCUME~1\XXXXX~1\LOCALS~1\Temp\_av_inet.tm~a036 08\setupeng.exe, size: 35272712. md5: 57A3A57B43E6BEAFA07BA83816CE9542, computemd5 returned 0x00000000, sig: 9E8D4D3F85839694D7D5D890A3E66C395FA9614E12EC41C08D 2A699485BA4CF361A55E486DDD8C19 returned 0x00000000
13.06.2009 06:02:09 general: Stats download691.avast.com, server response: 536870923
13.06.2009 06:02:10 general: POST result: 0x00000000, server response: 20

Tried downloading AVG - similar result.

In desperation, reinstalled Norton 360 - just so I have protection of some kind! Norton is now telling me my malware definitions are out of date and refusing to do the update properly. Again the file downloads corruptly (does not match CRC).

I suspect the real problem lies elsewhere, possibly with the integrity of my internet link. I'd hate to think something has got into my router (Netgear WG8614 - go on, tell me that's rubbish too :) It still won't help the problem).

Ironically, the original slow operation problem now seems to have partly cured itself. Boot up is now quite fast; icons come onto the screeen promptly. When I mouse over items on the start menu here is still a bit of a lag before the next-level menu displays.

When I open "MyComputer"itstill displays the animated flashlight for as long as a minute before showing the drive, etc icons.

In short, the original trouble has not cleared; insofar as it has cleared, I don't know what caused it to improve; and my major problem is now absence of a clearly up-to-date malware checker. I almost wish I had the slowness back!

I suspect something has infected my machine (or the router) and get the unpleasant feeling someone, somewhere is laughing.

Any suggestions? 		argus (366)
778195 2009-06-13 20:38:00 For the slow display my computer see this (www.technixupdate.com) notechyet (4479)
778196 2009-06-14 01:59:00 You probably still have malware, as malware will usualy try to corrupt Anti Virus/Malware downloads.

Disable then re-enable System restore, to clear old checkpoints, then create a check point and run Combofix

Follow this guide:www.bleepingcomputer.com

Hopefully it'll remove the nasties left.

Post the log here, Pancake may be able to have a quick look at it.

Blam 		Blam (54)
778197 2009-06-14 02:55:00 Format, reinstall. See the first reply to your original post.:badpc: plod (107)
778198 2009-06-14 06:41:00 You probably still have malware, as malware will usualy try to corrupt Anti Virus/Malware downloads .

Disable then re-enable System restore, to clear old checkpoints, then create a check point and run Combofix

Follow this guide: . bleepingcomputer . com/combofix/how-to-use-combofix" target="_blank">www . bleepingcomputer . com

Hopefully it'll remove the nasties left .

No, Combofix did its check and deleted a few files . But Norton still won't update . Even when I download the updates from Symantec's site using a different machine, it still says the file is corrupt .



Post the log here, Pancake may be able to have a quick look at it . Blam

Here we are (personally identifying folder names edited out):

Thanks for your help .

ComboFix 09-06-13 . 05 - [name] 14/06/2009 16:41 . 1 - NTFSx86
Microsoft Windows XP Professional 5 . 1 . 2600 . 3 . 1252 . 1 . 1033 . 18 . 511 . 171 [GMT 12:00]
Running from: c:\documents and settings\username\Desktop\ComboFix . exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun . inf

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-14 04:35 . 2009-03-12 23:24 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl . dll
2009-06-14 01:21 . 2009-06-14 01:22 -------- d-----w- c:\documents and settings\username\ . housecall6 . 6
2009-06-13 17:37 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610 . 006\Scxpx86 . dll
2009-06-13 17:37 . 2009-03-12 23:24 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610 . 006\IDSviA64 . sys
2009-06-13 17:37 . 2009-03-12 23:24 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610 . 006\IDSvix86 . sys
2009-06-13 17:37 . 2009-03-12 23:24 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610 . 006\IDSXpx86 . sys
2009-06-13 17:37 . 2009-03-12 23:24 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610 . 006\IDSxpx86 . dll
2009-06-13 17:34 . 2009-03-12 23:24 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn . dll
2009-06-13 17:34 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM . sys
2009-06-13 17:34 . 2009-06-13 17:34 -------- d-----w- c:\program files\Symantec
2009-06-13 17:33 . 2009-03-12 23:24 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\NAVENG . SYS
2009-06-13 17:33 . 2009-03-12 23:24 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\NAVEX15 . SYS
2009-06-13 17:33 . 2009-03-12 23:24 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svia64 . sys
2009-06-13 17:33 . 2009-03-12 23:24 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Svix86 . sys
2009-06-13 17:33 . 2009-03-12 23:24 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\ID Sxpx86 . sys
2009-06-13 17:33 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\ERASER . SYS
2009-06-13 17:33 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\EECTRL . SYS
2009-06-13 17:33 . 2009-03-12 23:24 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS . dll
2009-06-13 17:33 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\NAVENG32 . DLL
2009-06-13 17:33 . 2009-03-12 23:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25 . dll
2009-06-13 17:33 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\NAVEX32A . DLL
2009-06-13 17:33 . 2009-03-12 23:24 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\id sxpx86 . dll
2009-06-13 17:32 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\ECMSVR32 . DLL
2009-06-13 17:32 . 2009-03-12 23:24 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx . dll
2009-06-13 17:32 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009022 6 . 034\CCERASER . DLL
2009-06-13 17:32 . 2009-06-13 17:34 -------- d-----w- c:\windows\system32\drivers\N360
2009-06-13 17:31 . 2009-06-13 17:32 -------- d-----w- c:\program files\Norton 360
2009-06-13 17:31 . 2009-06-13 17:32 -------- d-----w- c:\program files\Windows Sidebar
2009-06-13 17:24 . 2009-06-14 01:07 -------- d-----w- c:\program files\NortonInstaller
2009-06-12 22:38 . 2009-06-13 17:34 60808 ----a-w- c:\windows\system32\S32EVNT1 . DLL
2009-06-12 22:38 . 2009-06-13 17:34 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT . SYS
2009-06-12 22:36 . 2009-06-13 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-12 16:43 . 2009-06-12 16:43 -------- d-----w- c:\windows\ie8updates
2009-06-11 19:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims . dll
2009-06-11 19:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy . dll
2009-06-11 16:11 . 2009-03-20 06:46 2933624 ----a-w- c:\documents and settings\username\Application Data\Simply Super Software\Trojan Remover\aklF . exe
2009-06-05 02:46 . 2009-06-05 02:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-01 18:24 . 2009-06-01 18:24 -------- d-sh--w- c:\documents and settings\username\IECompatCache
2009-06-01 18:18 . 2009-06-01 18:18 -------- d-sh--w- c:\documents and settings\username\PrivacIE
2009-06-01 18:07 . 2009-06-01 18:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-01 18:01 . 2009-06-01 18:01 -------- d-sh--w- c:\documents and settings\username\IETldCache
2009-06-01 17:13 . 2009-06-01 17:18 -------- dc-h--w- c:\windows\ie8
2009-06-01 01:05 . 2009-06-01 01:05 -------- d-----w- c:\program files\Avast
2009-05-31 18:02 . 2009-06-13 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-31 16:45 . 2008-06-01 19:05 262144 ----a-w- c:\program files\Uninstall Spy Blocker . dll
2009-05-31 16:41 . 2009-05-31 16:41 -------- d-----w- c:\program files\Revo Uninstaller
2009-05-28 17:16 . 2009-05-28 17:16 15739760 ----a-w- c:\documents and settings\username\Application Data\Macromedia\Flash Player\www . macromedia . com\bin\airinstaller1x0\airi nstaller1x0 . exe
2009-05-22 01:07 . 2009-05-22 01:07 152576 ----a-w- c:\documents and settings\username\Application Data\Sun\Java\jre1 . 6 . 0_13\lzma . dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-14 04:43 . 2007-02-14 14:54 -------- d-----w- c:\documents and settings\username\Application Data\Tor
2009-06-14 04:33 . 2007-02-14 14:54 -------- d-----w- c:\documents and settings\username\Application Data\Vidalia
2009-06-14 01:10 . 2009-01-18 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-13 21:01 . 2007-02-22 01:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-13 17:34 . 2009-06-13 17:34 805 ----a-w- c:\windows\system32\drivers\SYMEVENT . INF
2009-06-13 17:34 . 2009-06-13 17:34 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT . CAT
2009-06-13 17:31 . 2008-10-21 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-13 17:26 . 2008-10-21 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-12 22:30 . 2007-02-22 01:25 -------- d-----w- c:\documents and settings\username\Application Data\Symantec
2009-06-12 17:16 . 2007-02-12 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 16:12 . 2007-07-06 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 21:45 . 2008-03-13 23:59 141136 ----a-w- c:\windows\hpoins14 . dat
2009-05-27 20:07 . 2008-03-14 00:09 -------- d-----w- c:\documents and settings\username\Application Data\HPAppData
2009-05-22 01:11 . 2007-09-07 20:14 -------- d-----w- c:\program files\Java
2009-05-13 05:15 . 2003-03-31 12:00 915456 ----a-w- c:\windows\system32\wininet . dll
2009-05-08 00:37 . 2007-02-14 18:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl . dll
2009-04-30 16:19 . 2009-04-30 16:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-18 18:32 . 2009-04-11 16:57 215872 ----a-w- c:\windows\system32\drivers\truecrypt . sys
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k . sys
2009-04-15 14:51 . 2003-03-31 12:00 585216 ----a-w- c:\windows\system32\rpcrt4 . dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86 . dll
2008-01-31 08:18 . 2008-09-04 03:36 6604546 ----a-w- c:\program files\DRWSetup . exe
2007-02-13 05:22 . 2007-02-13 05:22 5727280 ----a-w- c:\program files\Firefox Setup 2 . 0 . 0 . 1 . exe
2007-02-05 02:55 . 2007-02-14 14:54 4934214 ----a-w- c:\program files\vidalia-bundle-0 . 1 . 1 . 26-0 . 0 . 7 . exe
2007-02-01 06:02 . 2008-06-11 16:32 313344 ----a-w- c:\program files\hjsplit . exe
2006-07-03 01:42 . 2007-03-09 04:48 356864 ----a-w- c:\program files\TrueCrypt Setup . exe
2005-06-19 21:09 . 2007-02-15 15:16 8312851 ----a-w- c:\program files\PGP-PF-W . zip
2004-06-08 23:57 . 2007-02-15 15:16 66 ----a-w- c:\program files\PGP8 . exe . sig
2004-06-08 23:52 . 2007-02-15 15:16 8466464 ----a-w- c:\program files\PGP8 . exe
2003-05-22 06:56 . 2007-03-09 04:48 1938 ----a-w- c:\program files\readme . txt
2003-05-22 05:38 . 2008-01-02 19:17 576512 ----a-w- c:\program files\avifixed . exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ic onOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-02-02 04:04 380472 ----a-w- c:\windows\system32\PGPfsshl . dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON . EXE"="c:\windows\system32\ctfmon . exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia . exe" [2007-11-22 12889088]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp . exe" [2007-08-09 1261384]
"c:\program files\NetMeter\NetMeter . exe"="c:\program files\NetMeter\NetMeter . exe" [2007-08-11 331264]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor . exe" [2007-05-28 95800]
"Google Update"="c:\documents and settings\username\Local Settings\Application Data\Google\Update\GoogleUpdate . exe" [2008-09-05 133104]
"MP4 Player"="c:\program files\MP4 Player\mp4Player . exe" [2007-09-19 639488]

[HKEY_USERS\ . DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON . EXE"="c:\windows\System32\CTFMON . EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor . lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08 . exe [2007-3-11 210520]
Privoxy . lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy . exe [2006-11-21 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\PGPmapih . dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA . sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle Streaming Server . lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pinnacle Streaming Server . lnk
backup=c:\windows\pss\Pinnacle Streaming Server . lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor . lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor . lnk
backup=c:\windows\pss\TotalMedia Backup Monitor . lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr . exe"=
"%windir%\\Network Diagnostic\\xpnetdiag . exe"=
"c:\\Program Files\\burst\\core-new1 . 1 . 3\\btdownloadheadless . exe"=

R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc . sys [2007-10-19 13824]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd . sys [2008-02-02 115768]
S0 PGPwded;PGPwded Storage Filter Service; [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\030000 0 . 087\SYMEFA . SYS [2009-03-12 23:24 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000 . 08 7\BHDrvx86 . sys [2009-03-12 23:24 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000 . 087\ccHPx86 . sys [2009-03-12 23:24 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090610 . 006\IDSxpx86 . sys [2009-03-12 276344]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3 . 0 . 0 . 135\ccSvcHst . exe [2009-03-12 115560]
S2 PGPdisk;PGPdisk; [x]
S2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Driv ers\PGPsdk . sys [2008-02-02 40504]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc . exe [2007-08-09 388936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv . sys [2009-03-12 101936]
S3 wlags48b;Wireless LAN PCCard Driver;c:\windows\system32\DRIVERS\wlags48b . sys [2002-06-27 156672]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32 . exe" "c:\windows\system32\iedkcs32 . dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-14 c:\windows\Tasks\Google Software Updater . job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService . exe [2009-01-18 16:32]

2009-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-1060284298-1004 . job
- c:\documents and settings\username\Local Settings\Application Data\Google\Update\GoogleUpdate . exe [2008-09-05 03:57]

2009-06-13 c:\windows\Tasks\OGADaily . job
- c:\windows\system32\OGAVerify . exe [2008-12-31 04:04]

2009-06-14 c:\windows\Tasks\OGALogon . job
- c:\windows\system32\OGAVerify . exe [2008-12-31 04:04]

2009-06-14 c:\windows\Tasks\User_Feed_Synchronization-{3631A8FE-2EAA-47AA-8988-D9FABB31CDDF} . job
- c:\windows\system32\msfeedssync . exe [2006-10-16 16:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PMCRemote - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google . finderg . com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL . EXE/3000
LSP: c:\windows\system32\PGPlsp . dll
FF - ProfilePath -
.

************************************************** ************************

catchme 0 . 3 . 1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net
Rootkit scan 2009-06-14 16:45
Windows 5 . 1 . 2600 Service Pack 3 NTFS

scanning hidden processes . . .

scanning hidden autostart entries . . .

scanning hidden files . . .

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3 . 0 . 0 . 135\ccSvcHst . exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3 . 0 . 0 . 135\diMaster . dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\ . *%k%g%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-343818398-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\ . *%k%g%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,03,7a,b6,8d,1e,
01,1c,c9,c8,28,51,af,b0,29,a3,98,1e,a4,15,a0,29,9f ,18,c0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,af,eb,13,22,81,
49,ad,72,71,3b,04,66,8b,46,0d,96,0b,51,12,1f,ea,fb ,03,27,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ba,54,c5,a2,70,
eb,81,af,25,da,ec,7e,55,20,c9,26,e1,50,99,90,44,52 ,0e,f9,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,0d,4e,bf,28,16,
5a,12,e4,3e,1e,9e,e0,57,5a,93,61,20,5c,e0,db,1e,63 ,cb,61,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,52,ec,6e,cd,74,
a8,6a,d2,cd,44,cd,b9,a6,33,6c,cd,81,67,63,1d,63,3c ,f3,b6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f1,0d,54,08,b2,
df,96,dd,b0,18,ed,a7,3f,8d,37,a4,90,3f,0e,e4,0f,0b ,cb,88,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ef,32,35,0f,80,
df,d2,e5,31,77,e1,ba,b1,f8,68,02,1e,7b,e1,b4,de,2c ,46,d8,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,42,f7,c8,23,d3,
cc,73,68,83,6c,56,8b,a0,85,96,ab,51,08,09,b3,be,5f ,0c,68,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ff,b6,d3,f2,e8,
bc,ad,4e,51,fa,6e,91,28,9e,14,cc,0c,c9,d4,6b,33,a9 ,83,b0,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,31,0f,cc,11,00,
7b,d4,c5,b1,cd,45,5a,a8,c4,f8,b9,b6,b4,ae,57,b2,27 ,84,51,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,6b,aa,07,75,53,
ee,e0,48,e3,0e,66,d5,eb,bc,2f,6b,c0,d6,3c,e1,9b,f1 ,a8,c2,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32 . DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,82,94,40,74,8c,
7b,d0,96,fa,ea,66,7f,d4,3b,6b,70,b0,6f,34,ee,1e,a4 ,cf,4e,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon . exe'(992)
c:\windows\system32\PGPpwflt . dll
c:\windows\system32\PGPwd . dll
c:\windows\system32\PGPsdk . dll
.
Completion time: 2009-06-14 16:49
ComboFix-quarantined-files . txt 2009-06-14 04:49

Pre-Run: 62,433,742,848 bytes free
Post-Run: 62,416,863,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU . exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT . DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

279 --- E O F --- 2009-06-12 16:44 		argus (366)
778199 2009-06-14 07:01:00 Format, reinstall. See the first reply to your original post.:badpc:

Do THIS 		gary67 (56)
1 2 3 4